Windows DNS Log Analyser



If you have enabled DNS logging on a Microsoft Windows system that is functioning as a DNS server, you likely would like to have a program that will allow you to analyze that data rather than just viewing the raw data with Notepad or some other text editor. A useful and free tool for doing so is the Win DNS Log Analyzer from JSharp/ZedLan Tools and Utilities. The current version, as of November 21, 2014, is 2.0.6.0 When installed, the program takes up only about a floppy disk's worth of space, i.e., about 1.44 MB, on a system's hard drive.

The software is free and redistributable and can be downloaded from the developer's website or from this site, though you may want to check the developer's site to ensure you get the latest version. There is a link on the developer's page for the software that will provide you a means to donate money to the developer as thanks for his efforts. The VirusTotal report showing the software is adware/malware free can be viewed here.

Download
MoonPoint
ZedLan

After running the setup program and starting the Win DNS Log Analyzer program, you will be presented with a window where you need to click on "configure settings" to specify the location of your DNS log file.

Win DNS Log Analyzer settings

Once you've specified it and clicked on OK, you will see a window with "Press F5 to analyse" and the location of the DNS log file you specified.

When the analysis is completed, you will see information displayed as below:

Win DNS Log Analyzer info

The display will show you the date and time for DNS packets and the IP address for systems performing DNS queries via the DNS server. E.g., above, I can see that packets were sent by the system with IP address 192.168.0.15 to look up the IP address of idpix.media6degrees.com, etc. The entries will be ordered by time, but you can order them in other ways by clicking on the column headers. E.g., if you wished to order them by IP address, you could click on the RemoteIP column header.

Next, you see the times of heaviest DNS activity, followed by tables that show the most frequent hostnames queried, the top source IPs sending DNS packets to the DNS server, and then a table showing the top rows by source IP and query, and then the top rows by name type. E.g., above, the top rows by name type table shows that the most common DNS packets is for an A record and the next most common is for a PTR record, i.e., a reverse lookup to find a fully qualified domain name (FQDN) from an IP address, which is what I would expect. Note: if you can't see all of the information in a column, you can move the mouse over the vertical line between columns in a table and drag the line to the right.

The bottom section of the display provides pie charts that correspond to the tables above them.

 

TechRabbit ad 300x250 newegg.com

Justdeals Daily Electronics Deals1x1 px

Valid HTML 4.01 Transitional

Created: November 21, 2014