Collecting DNS Analytic Logs by Using XPath
To collect DNS Analytic logs by using WinCollect, you must first configure Windows to collect analytic logs and then add an XPath to the WinCollect Agent log source to collect the logs and send them to JSA.
DNS debug logging is supported on the following Windows versions:
Use Event Viewer to configure Windows to collect DNS Server analytic logs.
- To open the Event Viewer, type
eventvwr.mscat an elevated command prompt, and press Enter.
- Go to Applications and Services
- Right-click DNS-Server, and then click View > Show Analytic and Debug Logs.
- Right-click the Analytical log, and then click Properties.
- In the When maximum event log size is reached section, choose Do not overwrite events (Clear logs manually), select Enable logging, and then click OK on
the resulting dialog box.
you do not select this option, the WinCollect Agent can't collect the Analytical log, because the logs are stored in etl format.
- Click OK to enable the DNS Server Analytic
You must manually clear the logs and restart the agent when the event log is full
- In the log source, add the following XPath to the WinCollect
<Query Id="0" Path="Microsoft-Windows-DNSServer/Analytical”>