Hi all,
I have configured my windows 2022 dns server to log dns queries. We need those logs for security and possible forensic reasons.
The configuration is done in Windows Event Manager as described in DNS Logging and Diagnostics | Microsoft Learn. We are using LPAgent to collect other logs from this server.
The result is an etl file, which cannot be read from the eventlog with im_msvistalog configuration from LPAgent. etl cannot be read with the im_msvistalog plugin of LPAgent.
I have read that there is an NXLOG EE plugin im_etw out there which should be able to handle this file type, but we do not have the NXLog Enterprise Subscription.
Is there any other option to collect the dns query logs from the server and import them into LogPoint?
Is ther e any the best practice to handle windows dns server query logs (without using NXLOG EE)?
Kind regards
Uwe