|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[ More Info ]
DNS.log and I'd like to close the current log at
midnight renaming it to DNS_YYYYMMDD.log where YYYY is the 4-digit
year, MM, the month (1-12) and DD the day (1-31). The system date can be put in
the format YYYYMMDD using substring extraction as explained at
Appending a date to a filename in
batch files.
Renaming the log file requires stopping the DNS server service, which
can be done with the command net stop "DNS Server". If
you try to move the file without stopping the service, you will receive
the message below:
D:\Logs\DNS>move dns.log dns_old.log
The process cannot access the file because it is being used by another process.
0 file(s) moved.After the file is moved/renamed, the DNS server service can be restarted
with net start "DNS Server".
The location of the DNS log file is stored in the Windows Registry. A
REG QUERY command can be used to obtain the current location for
the file as explained at
Determing the location of a Microsoft Windows DNS log file from a command prompt. After the location and name of the file is determined, the DNS server
service can be stopped, then the current log file can be renamed, and the
DNS server service can be restarted, creating a new log file with the name
and at the location indicated by the registry entry.
The batch file is shown below and is available here.
@echo off
REM Name: rotatednslog.bat
REM Version: 1.0
REM Created: December 6, 2014
REM Last Modified: December 6, 2014
REM
REM: Location of latest version:
REM: http://support.moonpoint.com/downloads/computer_languages/mswin_batch/rotatednslog.bat
REM
REM Description: When scheduled to run at the end of each day, this batch
REM file will roate the DNS server log. The DNS server service will be
REM stopped temporarily, so the current DNS log can be renamed to a log file
REM with the name DNS_YYYYMMDD.log, where YYYY is the year, MM the month, and
REM DD the day. The DNS server service will then be restarted creating a
REM new DNS log file. The current location of the DNS log file is obtained
REM from the Windows Registry.
REM Required for substituting the contents of a variable in string subsitution
REM employed to insert the contents of the date variable YYYYMMDD in the log
REM file name.
SETLOCAL ENABLEDELAYEDEXPANSION
REM Windows Registry key holding the location of the DNS log file
SET regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"
REM Registry value needed from the above key
SET regvalue="LogFilePath"
REM Extract only the file location from the output of the reg query command
FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO set logfile=%%G
REM Set the variable YYYYMMDD to today's date in YYYYMMDD format where
REM YYYY = 4-digit year, MM is month (1-12), and DD is day (1-31)
SET YYYYMMDD=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%
REM Set the name for the rotated log file to have "_YYYYMMDD.log" at the
REM end of the file name. Need to use delayed expansion.
SET renamedlog=!logfile:.log=_%YYYYMMDD%.log!
REM Stop the DNS server service
NET STOP "DNS Server"
REM Move the log file to its new location with its new name.
REM Since you cannot specify a new drive or path for your destination file with
REM the RENAME command, I'm using the MOVE command, instead, in case I may
REM wish to update this batch script to move the file to another drive and/or
REM directory.
MOVE %logfile% %renamedlog%
REM Restart the DNS server service
NET START "DNS Server"
If it is run from a command prompt, you will see the following output:
C:\Program Files\Utility\Scripts>rotatednslog
The DNS Server service is stopping.
The DNS Server service was stopped successfully.
1 file(s) moved.
The DNS Server service is starting.
The DNS Server service was started successfully.Since I would like the batch file to execute at the end of each day, I
scheduled it to run at 23:59 (11:59 PM) Monday through Sunday with the command
at 23:59 /every:m,t,w,th,f,s,su
"C:\program files\utility\scripts\rotatednslog.bat (specify the location
for the batch file).
C:\Program Files\Utility\Scripts>at 23:59 /every:m,t,w,th,f,s,su "C:\program files\utility\scripts\rotatednslog.bat" Added a new job with job ID = 5
I could have used 00:00 to run the batch job at midnight, but
I set it to run 1 minute before midnight to be sure that the date inserted
in the name of the file is the one for the day that has just ended rather than
the date of the new day.
If you want to see the details of scheduled batch jobs, you can just
enter at without any parameters at the command line and hit
return. You will then see all the scheduled batch jobs. There may be gaps
in the ID numbers if some batch jobs have been deleted.
C:\Documents and Settings\Administrator>at
Status ID Day Time Command Line
-------------------------------------------------------------------------------
1 Each M T W Th F S 7:30 PM d:\backups\daily.bat
2 Each Su 7:30 PM d:\backups\weekly.bat
5 Each M T W Th F S Su 11:59 PM "C:\program files\utility\scripts\rotatednslog.bat"If you wish to delete a scheduled batch job you can use
at id /delete, where id is the numeric
ID assigned to a batch job. E.g., the rotatednslog batch job above could
be deleted with at 5 /delete.
reg query command.
C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
LogFilePath REG_SZ d:\logs\dns\dns.logYou can reduce the output displayed to just the line containing the
log file location by piping the output of the reg query command
into the find command.
C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath | find "LogFilePath"
LogFilePath REG_SZ d:\logs\dns\dns.logIf you wish to see just the log file location and not the other information
returned by the reg query command, you can use
a FOR /F loop command such
as the following:
C:\>for /f "tokens=3" %g in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') do @echo %g
d:\logs\dns\dns.log
C:\>The FOR /F loop breaks up a line of output from the command
that is being processed into items, called "tokens" that are separated by
space on the lines of output from the command. In this case, I'm only
interested in the third token on the line of output, which is the location
of the DNS log file. The output that is being processed is the result of
piping the output of the reg query command into the find
command. Since the pipe symbol, i.e., the vertical bar character
|, has a special meaning for the Windows operating system,
you need to place an
"escape character",
which for Windows is the caret symbol, ^, immediately before
it. You also need to put the at symbol, @, before the echo
command to avoid seeing the echo command itself as output.
If you wish to use a batch file to execute the commands to find the log
file location, you need to replace the %g with %%g
as shown below.
@echo off
FOR /F "tokens=3" %%G IN ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') DO echo %%G
The registry key and the value to be queried can also be placed in environment variables that can be modified, if you wish to query other registry keys, instead of the one for the DNS log file location, so that it is easier to see what needs to be changed for such other queries.
@echo off
REM Name: queryreg.bat
REM Version: 1.0
REM Created: November 22, 2014
REM Last Modified: November 22, 2014
REM
REM Description: Displays just the value of a registry key from a
REM "reg query regkey /v regvalue" command omitting the additional
REM information that is output by the command
set regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"
set regvalue="LogFilePath"
FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO echo %%G
Download: queryreg.bat
[ More Info ]
[ More Info ]
When I tried pinging the internal email server, mail.example.com, from
her system, instead of its internal address, 192.168.0.25, being used, I saw
the external address for the firewall was being used. I checked her
/windows/system32/drivers/etc/hosts file first. I didn't see
any entry for mail.example.com there. Nor did I see the address cached
on her system when I entered the command ipconfig /displaydns |
find /i "mail.example.com" at a command prompt. So I used a
sniffer to observe
the network traffic from/to her system. I saw that her system was
querying the DNS server configured as the secondary name server for her
system, which was an external DNS server provided by her Internet Service
Provider (ISP) rather than the internal name server on her
LAN.
I tried ipconfig /flushdns, but that made no difference.
Her system continued to query the secondary name server and didn't seem
to ever cache the address for mail.example.com. When I tried
ipconfig /registerdns, the system then queried the primary
DNS server again.
The /registerdns argument to the ipconfig command
"refreshes all DHCP leases and re-registers DNS names." The system had
a static IP address, so the "re-registers DNS names" function of the
command must have fixed the problem.
When she tried sending her email message again, though,
it was rejected by the internal mail server. I had her restart her email
client, Microsoft Outlook, and that resolved the problem. Apparently, Outlook
also maintains its own cached information for the mail server it uses. I
still didn't see the internal mail server's address cached when I issued
an ipconfig /displaydns command, though.
The long term solution, though, to prevent the problem recurring would be to set up another internal DNS server to use as the secondary DNS server.
References:
