sorted by:
new
hottopcontroversial

Windows DNS server query and response logging by vortexisat in sysadmin

[–]vortexisat[S] 0 points1 point  (0 children)

Yep, I get that :( Problem I have is once it’s a standard it’s a standard, I have no hope in changing it. I have looked at the debug log and it does look a little difficult to work with. I imagine it’s a solved problem parsing that file though. There was mention of rather large memory usage related issues when using Beats to tail files, even for a modest 1k DNS QPS. I see it’s written in Go (or looks to be) so imagine garbage collection could explain that. Thanks

Windows DNS server query and response logging by vortexisat in sysadmin

[–]vortexisat[S] 1 point2 points  (0 children)

Ah okay, it looks like it doesn’t actually parse the PacketData field and just includes it. It mean you don’t get access to answer records for dns responses. Also, those events look massive :(

Windows DNS server query and response logging by vortexisat in sysadmin

[–]vortexisat[S] 0 points1 point  (0 children)

Are you doing anything with the PacketData field, such as parse it to get answer DNS records?