Intrust Add-in for DNS debug logs

Hi Nicole,

Yes, this solution is quite old but still is able to collect and report on DNS debug log. You have to have .Net 3.5 (including 2.0 and 3.0) feature on your machine as a prerequisite. Please specify the SSRS ReportServer URL to upload reports, e.g. http://SSRShost/ReportServer

Due to the site limitations I've changed the extension .exe to .123, please rename back and then run it.

DnsDebugLogs.part1.123DnsDebugLogs.part2.rar

I was able to successfully install the add-in. My log files are not at the normal system root, they are on another drive file location. How would the logfilename need to be set to grab from a different drive? My file path is Driveletter\logs\DNS\DNSwithdateandletters.log
 
Thank you for your help!

Nicole

Hi Nicole,

To make it work you need the following

1. InTrust Manager | Configuration | Data Sources | Microsoft DNS Debug Log | properties | Parameters tab | LogFileName | Edit, and set it to your path with all back slashes doubled, like this: D:\\logs\\DNS\\DNSwithdateandletters.log
2. Add your DNS server host to InTrust Manager | Configuration | Sites | Microsoft Windows Network | All Microsoft DNS Servers
3. In InTrust Manager | Workflow | Tasks | Predefined tasks | Microsoft DNS Debug Log daily collection | Gathering tab choose the Repository and/or Database to collect to
4. Commit all changes and run the task.

Your DNS log name has date and letters? Does this mean that you have some sort of automatic retention in place? Our solution does not consider any retention policy, it collects only one file you specify in the data source.

If your issue is resolved, please click "This helped me" under the most valuable answer. If you have other questions please feel free to ask.

Hi Nicole,

There are two parts here

1. You have a lot of old files with date-time suffix and want to have them in the Repository. I cannot recommend here anything but specifying them one by one in the data source and collect one by one, unfortunately this data source does not support file masks like dns*.log.
2. How to collect the current file. This is more interesting question. As far as I know the default retention of this log implies only one file. In the DNS server properties you specify the file name and maximum size. When the size is reached, the log is backed-up and cleared. Collecting the current file is not a good idea because it is changing constantly and we cannot foresee a moment when it is cleaned, and we may loose some records between our last gathering and file clean-up. The backup file does not change and my proposal is to collect this file.
   • Specify %WinDir%\\Sysnative\\dns\\backup\\dns.log in the data source.
   • Schedule the task with the period significantly less than the average dns log retention period. I mean that if dns log is overwritten for example once a day, schedule the task to collect twice a day.
3. A side question is how your retention organized.

If your issue is resolved, please click "This helped me" under the most valuable answer. If you have other questions please feel free to ask.

Igor:

So our retention is set up based on security requirements that we must meet. The max size of the log file is 500MB and once it reaches that size, a new file is created so it is continuous and all the files need to be captured. The files are old files, they are just recreated once the size has hit 500 MB. The backup log doesn't have all the data in it that is needed. Do you have any suggestions on how to capture these? I have a screen shot attached so that you can get a better understanding of the logs that we have that are needing to be captures via Intrust.

I look forward to your feedback.

Thanks,

Nicole