Enabling DNS Logging for Windows Server 2012
I wanted to log DNS queries and responses from all systems using a Windows
Server 2012 DNS server, so that I would have DNS logs available for reference
in the event of issues related to malware, etc. I also wanted to rotate the
log files every night, so that the file size wouldn't grow continually until
it reached the maximum 500 MB size I specified for the log file. Instructions
for doing so for a Windows Server 2012 system are
here. Instructions
for doing so on a Microsoft Windows Small Business Server (SBS) are
at
Enabling DNS Logging on a Windows
SBS 2003 Server.
[/network/dns/windows/logging]
permanent link
Determing the location of a Microsoft Windows DNS log file from a command prompt
If you need to determine the location of the log file for a Microsoft Windows
server functioning as a DNS server from the command line, you can do so through
a
reg query command.
C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
LogFilePath REG_SZ d:\logs\dns\dns.logYou can reduce the output displayed to just the line containing the
log file location by piping the output of the reg query command
into the find command.
C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath | find "LogFilePath"
LogFilePath REG_SZ d:\logs\dns\dns.logIf you wish to see just the log file location and not the other information
returned by the reg query command, you can use
a FOR /F loop command such
as the following:
C:\>for /f "tokens=3" %g in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') do @echo %g
d:\logs\dns\dns.log
C:\>The FOR /F loop breaks up a line of output from the command
that is being processed into items, called "tokens" that are separated by
space on the lines of output from the command. In this case, I'm only
interested in the third token on the line of output, which is the location
of the DNS log file. The output that is being processed is the result of
piping the output of the reg query command into the find
command. Since the pipe symbol, i.e., the vertical bar character
|, has a special meaning for the Windows operating system,
you need to place an
"escape character",
which for Windows is the caret symbol, ^, immediately before
it. You also need to put the at symbol, @, before the echo
command to avoid seeing the echo command itself as output.
If you wish to use a batch file to execute the commands to find the log
file location, you need to replace the %g with %%g
as shown below.
@echo off
FOR /F "tokens=3" %%G IN ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') DO echo %%G
The registry key and the value to be queried can also be placed in
environment
variables that can be modified, if you wish to query other
registry keys, instead of the one for the DNS log file location, so that it
is easier to see what needs to be changed for such other queries.
@echo off
REM Name: queryreg.bat
REM Version: 1.0
REM Created: November 22, 2014
REM Last Modified: November 22, 2014
REM
REM Description: Displays just the value of a registry key from a
REM "reg query regkey /v regvalue" command omitting the additional
REM information that is output by the command
set regkey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters"
set regvalue="LogFilePath"
FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO echo %%G
Download:
queryreg.bat
[/network/dns/windows/logging]
permanent link
