1
response

Hello
I’m testing your NXlog EE in order to collect DNS Analytics from windows servers 2012.

I got error message below :

2020-08-24 18:32:51 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.
2020-08-24 18:34:53 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.
2020-08-24 18:36:54 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.
2020-08-24 18:38:55 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.
2020-08-24 18:40:55 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.
2020-08-24 18:42:56 ERROR [im_msvistalog|ms_vistalog_filtered_dns] failed to seek to saved position in file 'C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl' (error:50): Cette demande n’est pas prise en charge.

This is the configuration applied :

<Input ms_vistalog_filtered_dns>
Module im_msvistalog
File C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl
PollInterval 60
Exec if ($QNAME == 'americas1.notify.windows.com.akadns.net.') OR \
($QNAME == 'cy2.vortex.data.microsoft.com.akadns.net.') OR \
($QNAME == 'dm3p.wns.notify.windows.com.akadns.net.') OR \
($QNAME == 'geo.vortex.data.microsoft.com.akadns.net.') OR \
($QNAME == 'v10-win.vortex.data.microsoft.com.akadns.net.') OR \
($QNAME == 'v10-win.vortex.data.microsoft.com.akadns.NET.') OR \
($QNAME == 'v10.vortex-win.data.microsoft.com.') OR \
($QNAME == 'wns.notify.windows.com.akadns.net.') OR \
($QNAME == 'wns.notify.windows.com.akadns.NET.') OR \
($QNAME == 'client.wns.windows.com.') OR \
($QTYPE == '15') \
drop();
</Input>

AskedAugust 25, 2020 - 4:34pm

Answer (1)