Logmanager documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Logmanager documentation
  2. /
  3. Log source devices configuration
  4. /
  5. Microsoft DNS

Microsoft DNS

You can use Logmanager Windows agent to collect logs/information from Microsoft DNS service running on Windows Server platform. In order to collect logs from Microsoft DNS you need to meet following conditions:

  1. Install Orchestrator on the server where DNS service is running.
  2. Create a file to store logs.
  3. Enable Debug Logging on DNS service and store logs to pre-created file
  4. Configure agent to collect logs from created file
If collecting logs from ANY dns, you need to disable auto resolv dns names DNS Config

Microsoft DNS Settings

  1. Log in to Windows Server running DNS service (you need administrator rights)
  2. Install Logmanager Windows agent, if it is already installed, ignore this step (more about agents here: Logmanager Windows Agent)
  3. Create a dns.log file in any location on disk where you will send and save logs, for example C:\Logs\dns.log is recommended
dns.log file
  1. Go to DNS Manager settings (Start/DNS or Server Manager/DNS)
  2. Right click on your server and select Properties below
Properties
  1. Go to Event Logging tab and make sure that All events are selected.
Event Logging
  1. Now go to Debug Logging tab and set options as shown in figure
Debug Logging
  1. At bottom of window there is a Log file passage, File path and name, enter here full path of file you created, i.e. C:\Logs\dns.log
File path
  1. Click Apply and OK - you have now successfully set up collection of logs from MS DNS and saved them to file of your choice

Logmanager Settings

To successfully collect logs from MS DNS and process them on Logmanager side, you need to configure them in GUI.

  1. Log in to Logmanager as an administrator
  2. Go to Sources/Beat agents
  3. Locate server/agent where DNS is running and click on blue pen on right to edit it
Agent editing
  1. Locate Log Files, click green Add button on right
  2. Select dns as template, this will automatically fill in dns tag which is needed for proper classification, i.e. don’t delete it!
  3. Insert full path where log file is stored, i.e. C:\Logs\dns.log, click OK
Agent editing
  1. Now click Save button at bottom.
If you delete dns tag, logs will not be processed correctly and will not appear in Logmanager as logs from MS DNS.
Restart services

By doing this, you have set up log collection and processing on Logmanager side, since agent takes a while to download new configuration, we recommend manually restarting logmanager-orchestrator-service on server via Task Manager. After restarting service, configuration will be updated and Agent should send DNS logs to Logmanager, which can automatically classify and process them with correct parser thanks to dns tag.

You can check collection of MS DNS logs in Logs/Dashboards on Windows DNS log dashboard.