extensive dns client logging #4
Description
https://blogs.technet.microsoft.com/secadv/2018/01/22/parsing-dns-server-log-to-track-active-clients/
https://gist.github.com/randomvariable/be90107fd57a4f9502af2eba62978fb6
function Start-DNSClientLog {
$DnsOpLog = Get-WinEvent -ListLog Microsoft-Windows-DNS-Client/Operational
$DnsOpLog.IsEnabled = $true
$DnsOpLog.SaveChanges()
}
function Get-DNSClientQueries {
foreach($event in (get-winevent Microsoft-Windows-DNS-Client/Operational | % { [xml]$_.ToXml() })) {
$Query = ($event.Event.EventData.Data | Where-Object { $_.Name -eq "QueryName" }).'#text'
if($null -eq $Query) { return }
New-Object PSObject -Property @{
"Date" = [DateTime]$event.Event.System.TimeCreated.SystemTime;
"Query" = $Query
}
}
}