Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Microsoft DNS Debug

The JSA DSM for Microsoft DNS Debug collects events from a Microsoft Windows system.

The following table describes the specifications for the Microsoft DNS Debug DSM:

Table 1: Microsoft DNS Debug DSM specifications





DSM name

Microsoft DNS Debug

RPM file name


Supported versions

Windows Server 2008 R2

Windows Server 2012 R2

Windows Server 2016


WinCollect Microsoft DNS Debug

Event format


Recorded event types

All operational and configuration network events.

Automatically discovered?


Includes identity?


Includes custom properties?


More information

To integrate Microsoft DNS Debug with JSA, complete the following steps:

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs in the order that they are listed on your JSA console:

    • .sfs file for WinCollect

    • DSMCommon RPM

    • Microsoft DNS Debug RPM

  2. Configure WinCollect to forward Microsoft DNS Server to send events to JSA.

  3. If JSA does not automatically detect the log source, add a Microsoft DNS Debug log source on the JSA console. The following table describes the parameters that require specific values for Microsoft DNS Debug event collection:

    Table 2: Microsoft DNS Debug log source parameters



    Log Source type

    Microsoft DNS Debug

    Protocol Configuration

    WinCollect Microsoft DNS Debug

    Log Source Identifier

    The IP address or host name of the device from where JSA collects Microsoft Windows DNS Server events.

    File Reader Type

    Reads file contents. Both options have basic unicode encoding support for byte-order marks.

    If you choose the Text (file held open) option, then WinCollect maintains a shared read and write lock on the monitored log file.

    If you choose the Text (file open when reading) option, then WinCollect maintains a shared read and write lock on the log file only when it reads the file.

    File Monitor Type

    Detects file and directory changes.

    The Notification-based (local) option uses the Windows file system notifications to detect changes to your DNS log.

    The Polling-based (remote) option monitors changes to remote files and directories. The agent polls the remote DNS log and compares the file to the last polling interval. If the log contains new entries, the entries are retrieved.

    File Pattern

    The regular expression (regex) required to match the DNS debug log file set in the DNS manager.

    Root Directory

    The directory in which WinCollect monitors files. The directory must be Local File System for local collection, or a valid MS Windows universal naming convention (UNC) path for remote collection.

    This value must match the file path that is configured in your DNS manager.


    Due to restrictions in distributed systems, the path can't be verified in the user interface.

Enabling DNS debugging on Windows Server

Enable DNS debugging on Windows Server to collect information that the DNS server sends and receives.

The DNS role must be installed on the Windows Server.


DNS debug logging can affect system performance and disk space because it provides detailed data about information that the DNS server sends and receives. Enable DNS debug logging only when you require this information.

  1. Open the DNS Manager with the following command:


  2. Right-click the DNS server and click Properties.

  3. Click the Debug Logging tab.

  4. Select Log packets for debugging.

  5. Enter the File path and name, and Maximum size.


    The File path and name, need to align with the Root Directory and File Pattern you provided when the Microsoft DNS debug log source was created in JSA.

  6. Click Apply and OK.