Items 0

Auto Archive DNS Debug Logs

The Problem we are solving:

When enabling the Microsoft Windows DNS Debug logging feature, the log file will have a size limit of 1GB maximum. Whenever this file is filled, the Windows DNS server will stop writing new logs to the existing log file until the Administrator manually restart the DNS service, in order to backup the log file and create a new empty log file for the new DNS Debug log messages.

Overview:

The Microsoft Windows DNS Debug log file has a limited size of 500 MB or 1GB maximum (depending on the Operating System version). Whenever this file is full and it reaches the maximum size, the Windows DNS server will stop writing new logs to the file, hence a manually intervention is required to continuo the logging process.

This DNS Centric tool solves this problem by creating an automatic backups based on user specified parameters such as recurring intervals, time, and/or file size threshold, which will archive the existing log file and create a new empty log file automatically for the new DNS Debug log messages.

How to use this tool:

Once you download and start the EXE file, the user would need to specify when, how, and where to backup the log file and start with a new fresh log file.

 The free trial is available till 15/Sep/2017.

Input Modes:

There are 3 different Input modes available, which you can select from:

1-     User Defined: The user will specify the input parameters directly from the GUI. The only mandatory parameter is the “Source File Path”. If the user tries to “Run” the tool with only the source file path & name as an input parameter, then the tool will be executed immediately without requiring other input parameters, and the archive folder (where the backup file needs to be saved at) will be the current directory from where the tool is being executed.  

2-     Configuration File: When selected, the user will select an XML file via “Load From File” that contains all the input parameters. The tool will then execute according to the input parameters predefined inside the XML file. This option is very helpful for repetitive tasks, instead of specifying the parameters from the GUI everytime – i.e User Defined mode.  

 Example of the XML configuration file:

<settings>

                                    <schedule>

                                    <time>23:59</time>

                                    <RepeatInterval>360</RepeatInterval>

                                    <AuditInterval>180</AuditInterval>

                                    </schedule>

                                    <file>

                                    <SourcePath>c:windowssystem32dnsdns.log</SourcePath>

                                    <ArchiveFolder>c:windowssystem32dnsdns_log</ArchiveFolder>

                                    <Threshold>500000KB</Threshold>

                                    </file>

</settings>

3-     MySQL Database: When selected, the user will specify a MySQL database server, which will contain the input parameters saved in a MySQL table. The MySQL database can be running either locally or remotely.  This option is very helpful for both repetitive usage and incase the user has multiple Windows DNS Servers where he/she would like to use this tool with, instead of specifying the tool parameters from the GUI or XML files on every Windows DNS Server, which will be the case with User Defined or Configuration File modes respectively.  

Input parameters types:

Execution Parameters

1-     Source File Path: This will be the location and name of the ‘dns.log’ file. This is a Mandatory parameter. 

2-     Archive Folder: is where the backup log file(s) will be saved. If the folder does not exist, then the tool will create it.

3-     Start Time: This will be a repeated time that will trigger the backup regardless of the file size. For example if “Start Time = 23:59:59”, then every day at 23:59:59 the log file will be archived.

4-     Repeat Interval: is the frequency of the archive period. This will be a recurring interval that will trigger the backup regardless of the “Start Time” or the file size “Threshold”. For example if “Repeat Interval = 360 minutes”, then every 6 hours the tool will be executed to archive the dns.log file.

5-     Threshold: is the file size that triggers the backup and rotation process for ‘dns.log’. This will trigger an immediate backup if the current file size is equal or greater than the file size “Threshold” value specified, regardless of the “Start Time” or “Repeat Interval” parameters.

6-     Audit Interval: is the period of checking the file size, to determine if the file size reached the “Threshold” or not. In other words, this is to specify how often the size of the file will be checked.  

 

There are no mutually exclusive input parameters. The user could specify different combinations of the input parameters.  

Settings Parameters

1-     Event History File Name: This is an internal log file for the tool itself. This file contains the tasks and actions executed by the tool. Mainly you might need to look into this file to verify that everything is working as expected, or even in case of troubleshooting. You can leave this parameter as default unless required otherwise.

2-     Scheduled Task Name: Obviously the tool creates one or more Task(s) at the Windows Task Scheduler. You can leave this parameter as default unless required otherwise.

3-     Service to Stop: This will be the DNS service, which is required to restart every time the tool is executed to backup the ‘dns.log’ file and create a new one. Currently there is no other way to achieve the requirement unless the DNS service is restarted (stopped and then started). On average, the DNS service restart process takes 2 seconds. Do not change this value; otherwise the tool won’t work. 

4-     Convert the Log file to CSV: In order for the user to read the log messages in a readable format, this feature will convert the archived ‘dns.log’ file to a CSV format as an additional copy, making it easy to read, sort, analysis, search, and apply an custom analysis on the DNS Debug log data. Once this option is selected, the user will be provided with two archived files, one as ‘dns.log’ and the other as a CSV file. 

5-     Delete the Log file after converting to CSV: Once selected, the tool will delete the archived ‘dns.log’ after converting it to CSV. This means that the user will be eventually provided with only one file, which is the CSV file containing the DNS Debug log data. This option is useful if the user only needs the CSV file, and would like to reduce the total storage capacity. 

 

Note: The archived DNS Debug Log file name will be appended with a time stamp in order to insure a unique file naming and provide a better DNS log management.  Example: The archived “dns.log” will be saved as “dns_date_hour_minutes.log”.

Execution steps summary when the tool is triggered:

The tool will automatically:

1-     Create a copy of the ‘dns.log’ source file and save it in the archive folder if specified.

2-     Stop the DNS service.

3-     Delete the current ‘dns.log’ source file.

4-     Create a new empty ‘dns.log’ file.

5-     Start the application.

6-     Rename the archived ‘dns.log’ with time stamp appended such as “dns_date_hour_minutes.log

All activities will be log to “Event History.log” for historical recording.

 

Event History file description:

As discussed in a different section, the “Event History.log” is an internal log file for the tool itself. This file contains the tasks and actions executed by the tool, such as at:

1-     Tool execution: “Script started at %date_time%

2-     When a copy of the source file is created and saved in the archive folder (if specified)

3-     Service restart

4-     Deletion of the current/existing log file

5-     Creation of a new empty log file, with the same name as the source file.

6-     Start of the Service.

7-     Process completion: “Script finished at %date_time%”

Pre-requisites and Supported Platforms:

1-     The application supports 32-bit and 64-bit Windows platforms.

2-     Windows Server 2008 R2 and above, or previous version with Powershell installed and enabled.

For Windows Server 2003 SP2, you can install Powershell from the following links:
x86: http://www.microsoft.com/downloads/details.aspx?FamilyId=f002462b-c8f2-417a-92a3-287f5f81407e
x64: http://www.microsoft.com/downloads/details.aspx?FamilyId=909bbcf1-bd78-4e03-8c83-69434717e551

Note: For the MySQL Database input mode, it requires the MySql.Data.dll library to be available, which will be located in the tool folder by default; unless MySQL.NET connector is already installed on the Windows machine. A local or remote MySQL server has to be available.

 

Solution Summary:

This tool will continuously check the size of the ‘dns.log’ file for the Windows Server DNS, and if it reaches a certain size (specified by the user) or it reaches a certain interval (time/date/period) the tool will create a backup copy of the log file, followed by new a ‘dns.log’ file created for new logs. The backup can be done regularly based on the time of the day or based on recusing time (days/hours/minutes). 

Download this tool and find additional DNS tools at http://www.networkstr.com/dnscentric/dns_centric_free_trial

If you have logged in, you can download the User Guide (Solution Note) below to learn more about what you can do with both editions and how to use the tools. If you are not logged in, you won't be able to see the below User Guides.

DNS Related Tools and Articles:                  

DNS Centric Solution

Identify Threats with DNS Logging

DNS Domain Blacklisting and Sinkhole Overview

Configure Unix BIND DNS Server for Domain Blacklisting and Sinkhole

Configure Microsoft DNS Server for Domain Blacklisting and Sinkhole

Convert Microsoft DNS Debug File to CSV Table Format

Please Login to your account or Register for a new account in order to access the Downloads section.

Comments
Comment