Logmanager documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Logmanager documentation
  2. /
  3. Log source devices configuration
  4. /
  5. Microsoft DNS

Microsoft DNS

You can use the Logmanager Windows agent to collect logs/information from the Microsoft DNS service running on the Windows Server platform. In order to collect logs from Microsoft DNS, you need to meet the following conditions:

  1. Install Orchestrator on the server where DNS service is running
  2. Create a file to store logs
  3. Enable Debug Logging on the DNS service and store logs to a pre-created file
  4. Configure agent to collect logs from created file
If collecting logs from ANY DNS, you need to disable auto-resolving DNS names DNS Config

Microsoft DNS Settings

  1. Log in to Windows Server running DNS service (you need administrator rights)
  2. Install the Logmanager Windows agent, if it is already installed, ignore this step (more about agents here: Logmanager Windows Agent)
  3. Create a dns.log file in any location on disk where you will send and save logs, for example, C:\Logs\dns.log is recommended
dns.log file
  1. Go to DNS Manager settings (Start/DNS or Server Manager/DNS)
  2. Right click on your server and select Properties below
Properties
  1. Go to the Event Logging tab and make sure that All events is selected
Event Logging
  1. Now go to the Debug Logging tab and set options as shown in the figure
Debug Logging
  1. At the bottom of the window, there is a Log file passage, File path and name:. Here, enter the full path of the file you created, i.e. C:\Logs\dns.log
File path
  1. Click Apply and OK - you have now successfully set up collection of logs from MS DNS and saved them to a file of your choice

Logmanager Settings

To successfully collect logs from MS DNS and process them on the Logmanager side, you need to configure them in the GUI.

  1. Log in to Logmanager as an administrator
  2. Go to Sources/Beat agents
  3. Locate server/agent where DNS is running and click on the blue pen on the right to edit it
Agent editing
  1. Locate Log Files, and click the green Add button on the right
  2. Select dns as a template, this will automatically fill in the dns tag which is needed for proper classification, i.e. don’t delete it!
  3. Insert the full path where the log file is stored, i.e. C:\Logs\dns.log, click OK
Agent editing
  1. Now click the Save button at the bottom
If you delete the dns tag, logs will not be processed correctly and will not appear in Logmanager as logs from MS DNS.
Restart services

By doing this, you have set up log collection and processing on the Logmanager side. Since the agent takes a while to download the new configuration, we recommend manually restarting logmanager-orchestrator-service on the server via Task Manager. After restarting service, the configuration will be updated, and the Agent should send DNS logs to Logmanager, which can automatically classify and process them with the correct parser thanks to the dns tag.

You can check the collection of MS DNS logs in Logs/Dashboards on Windows DNS log dashboard.
gdoc_arrow_left_alt Microsoft DHCP Microsoft Exchange gdoc_arrow_right_alt