Configuration on the Windows side
To configure the reception of DNS server events using the ETW connector on the Windows side:
- Start the Event viewer by running the following command:
eventvwr.msc
- In the window that opens, go to the Applications and Services Logs → Microsoft → Windows → DNS-Server folder.
- Open the context menu of the DNS-Server folder and select View → Show Analytic and Debug Logs.
Windows_1
The Audit debug log and Analytical log are displayed.
- Configure the analytic log:
- Open the context menu of the Analytical log and select Properties.
Windows_2
- In the window that opens, make sure that in the Max Log Size (KB) field, the value is 1048576.
Windows_3
- Select the Enable logging check box and in the confirmation window, click OK.
Windows_4
The analytic log must be configured as follows:
Windows_5
- Click Apply, then click OK.
An error window is displayed.
Windows_6
When analytic log rotation is enabled, events are not displayed. To view events, in the Actions pane, click Stop logging.
Windows_6
- Open the context menu of the Analytical log and select Properties.
- Start Computer management as administrator.
- In the window that opens, go to the System Tools → Performance → Startup Event Trace Sessions folder.
Windows_8
- Create a provider:
- Open the context menu of the Startup Event Trace Sessions folder and select Create → Data Collector Set.
Windows_9
- In the window that opens, enter the name of the provider and click Next.
Windows_10
- Click Add... and in the displayed window, select the Microsoft-Windows-DNSServer provider.
Windows_12
The KUMA agent with the ETW connector works only with System.Provider.Guid: {EB79061A-A566-4698-9119-3ED2807060E7} - Microsoft-Windows-DNSServer.
- Click Next twice, then click Finish.
- Open the context menu of the Startup Event Trace Sessions folder and select Create → Data Collector Set.
- Open the context menu of the created provider and select Start As Event Trace Session.
Windows_13
- Go to the Event Trace Sessions folder.
Event trace sessions are displayed.
- Open the context menu of the created event trace session and select Properties.
- In the window that opens, select the Trace Sessions tab and in the Stream Mode drop-down list, select Real Time.
Windows_15
- Click Apply, then click OK.
DNS server event reception using the ETW connector is configured.