Microsoft DNS


The Domain Name System (DNS) is a central part of the Internet, providing a way to match names (a website you’re seeking) to numbers (the address for the website).

This guide has been written for integration with 32 bit and 64 bit Windows machines.

Integration of Microsoft DNS Logs via NXLog with DNIF Adapter

To configure NXLog to send Microsoft DNS logs to DNIF Adapter.

If you want to integrate Microsoft DNS logs as well as Windows event logs, please refer our help guide: Integrating Windows Event Logs.

Download and install nxlog

Download and install the latest version of NXLog (Download Link) on the Windows machine from which the logs need to be collected.

After installation, find the nxlog.conf file in the C:\Program Files (x86)\nxlog\conf folder. In 32 bit Windows machines, look in the C:\Program Files\nxlog\conf folder

nxlog.conf file location

Open the nxlog.conf file using a text editor. Replace the entire configuration by copy-pasting the text given for your Windows version.

Note - Kindly replace the text DNIF-Adapter-IP with your Adapter IP.

Note - UseSysnativefor log location for 32-bit applications to access the SYSTEM32 directory on a 64 Bit System.

  • For Example:- If your DNS log path is C:\WINDOWS\system32\dns\dns.log then replace system32 with Sysnative. C:\WINDOWS\Sysnative\dns\dns.log
Windows 2008 x32 bit OS
#============ Define ROOT here ===================
define ROOT C:\Program Files\nxlog
#define ROOT C:\Program Files (x86)\nxlog
#============ NXLog Machine Log info =============
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

#==========for DNS debug logs===========

<Extension syslog>
Module xm_syslog
</Extension>

<Input IN-DNS>
Module im_file
File 'C:\WINDOWS\system32\dns\dns.log'  ##path of log file.
SavePos True
Recursive TRUE
PollInterval 1
Exec $Message=$raw_event;$SyslogFacilityValue = 24;
</Input>

<Output OUT-DNS>
Module om_udp
Exec to_syslog_bsd();
Host DNIF-Adapter-IP
Port 514
</Output>

<Route 1>
Path IN-DNS => OUT-DNS
</Route>
Windows 2008 x64 bit OS
#============ Define ROOT here ===================
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
#============ NXLog Machine Log info =============
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

#==========for DNS debug logs===========

<Extension syslog>
Module xm_syslog
</Extension>

<Input IN-DNS>
Module im_file
File 'C:\WINDOWS\system32\dns\dns.log'  ##path of log file.
SavePos True
Recursive TRUE
PollInterval 1
Exec $Message=$raw_event;$SyslogFacilityValue = 24;
</Input>

<Output OUT-DNS>
Module om_udp
Exec to_syslog_bsd();
Host DNIF-Adapter-IP
Port 514
</Output>

<Route 1>
Path IN-DNS => OUT-DNS
</Route>

Restart NXLog Service

To apply changes made on nxlog.conf, you have to restart the service again. Go to Control Panel > Services and locate the nxlog service.

Right click on nxlog and restart

nxlog service restart

Microsoft DNS logs are now being streamed to the DNIF-ADAPTER.