Login to DC
Open DNS
Right click DNS server
- Click the Debug Logging tab and check the Log packets for debugging checkbox
- To minimize the amount of data being logged, uncheck the following checkboxes:
- Packet direction - Outgoing
- Transport protocol - TCP
- Packet contents - Updates
- Packet type - Response
- In the Log file section, type a path and file name for the log. Alter the Maximum size (bytes) value if necessary.
- Click OK.
From:
https://superuser.com/questions/1229515/windows-dns-server-how-to-find-out-who-made-a-query
Now you can search the log with something like this in powershell
get-content dns.log -wait | select-string 'domain1','domain2'
tracking DHCP
C\windows\system32\dhcp\DhcpSrvLog-Mon.log
get-content DhcpSrvLog-Mon.log - wait | select-string 'dell'
No comments:
Post a Comment