Configuration on the Windows side

To configure the reception of DNS server events using the ETW connector on the Windows side:

  1. Start the Event viewer by running the following command:

    eventvwr.msc

  2. This opens a window; in that window, go to the Applications and Services Logs → Microsoft → Windows → DNS-Server folder.
  3. Open the context menu of the DNS-Server folder and select View → Show Analytic and Debug Logs.

    Win_for_etw_1_en.png

    The Audit debug log and Analytical log are displayed.

  4. Configure the analytic log:
    1. Open the context menu of the Analytical log and select Properties.

      Win_for_etw_2_en.png

    2. This opens a window; in that window, make sure that in the Max Log Size (KB) field, the value is 1048576.

      Win_for_etw_3_en.png

    3. Select the Enable logging check box and in the confirmation window, click OK.

      Win_for_etw_4_en.png

      The analytic log must be configured as follows:

      Win_for_etw_5_en.png

    4. Click Apply, then click OK.

    An error window is displayed.

    Win_for_etw_6_en.png

    When analytic log rotation is enabled, events are not displayed. To view events, in the Actions pane, click Stop logging.

    Win_for_etw_7_en.png

  5. Start Computer management as administrator.
  6. This opens a window; in that window, go to the System Tools → Performance → Startup Event Trace Sessions folder.

    Win_for_etw_8_en.png

  7. Create a provider:
    1. Open the context menu of the Startup Event Trace Sessions folder and select Create → Data Collector Set.

      Win_for_etw_9_en.png

    2. This opens a window; in that window, enter the name of the provider and click Next.

      Win_for_etw_10_en.png

    3. Click Add... and in the displayed window, select the Microsoft-Windows-DNSServer provider.

      Win_for_etw_11_en.png

      The KUMA agent with the ETW connector works only with System.Provider.Guid: {EB79061A-A566-4698-9119-3ED2807060E7} - Microsoft-Windows-DNSServer.

    4. Click Next twice, then click Finish.
  8. Open the context menu of the created provider and select Start As Event Trace Session.

    Win_for_etw_13_en.png

  9. Go to the Event Trace Sessions folder.

    Event trace sessions are displayed.

  10. Open the context menu of the created event trace session and select Properties.
  11. This opens a window; in that window, select the Trace Sessions tab and in the Stream Mode drop-down list, select Real Time.

    Win_for_etw_14_en.png

  12. Click Apply, then click OK.

DNS server event reception using the ETW connector is configured.

Page top