MicrosoftHello EJansen,
Awesome. Thank you.
I tried out a snippet of a script you have in the article. Unfortunately, that snippet reports the error "No events were found that match the specified selection criteria."
PS C:\Windows\system32> $eventLogName = 'Microsoft-Windows-DNSServer/Analytical'
PS C:\Windows\system32> $eventLog = Get-WinEvent -ListLog $eventLogName
PS C:\Windows\system32> $eventLogPath = $eventLog.LogFilePath.Replace('%SystemRoot%', "$env:windir")
PS C:\Windows\system32> $eventLogPath
C:\Windows\System32\Winevt\Logs\Microsoft-Windows-DNSServer%4Analytical.etl
PS C:\Windows\system32> Get-WinEvent -Path $eventLogPath -Oldest
Get-WinEvent : No events were found that match the specified selection criteria.
It appears that although I've enabled DNS Analytical logging
$log = Get-WinEvent -ListLog Microsoft-Windows-DNSServer/Analytical ❯ $log.IsEnabled=$true ❯ $log.SaveChanges()
That the ETL file is "empty" -- its currently 4kb large and hasn't grown since enabling the logging.
The DNS server is hosted on Windows Server 2012 R2 Standard (6.3.9600.0), the DNS properties "Event Logging" page currently has "All events" selected and it currently handling a bit more that 60 QPS.
I'll certainly be reading through this blog series to determine whether there is some configuration knob that I need to twist to enable the desired logging. Of course, I'm happy to hear about an obvious solution to my dilemma. 🙂
Thank you for this terrific technical resource.