Every now and then I need to be able to parse a DNS debug log, it’s useful in many different scenarios. I wrote an advanced function to help me with this, specify a file name or pipe log lines (or file names) to it and it will return a properly formatted object.
Be aware that I only added some of the different date formats I could find, so verify that it works for your server.
Some dumps (with IP and hostnames masked):
Code is available here. (updated 2016-01-11)
Get-DNSDebugLog -DNSLog “\\server\c$\dns.log” | Format-Table
Returns nothing
Get-DNSDebugLog -DNSLog “\\server\c$\dns.log” | Export-Csv c:\dns.csv
Outputs a blank CSV file.
Any suggestions? Thanks.
hmm, odd… Does it work if you try to read the file locally?
If you use something like this instead:
Get-Content โ\\server\c$\dns.logโ | Get-DNSDebugLog | Format-Table
Does that work? If not, I might need to add a different format for the function to handle.
I’ll drop you an e-mail and we’ll take it from there ๐
So, after some debugging, I found the problem in the code for this function.
Big thanks to Fender for reporting that!
I’ve updated the link in the post to the correct version of the code.
Hi Anders,
Thanks for the script.
I ran the script and I got some data out to the CSV. Yet I have received the following error/warning message multiple times when the script was running:
You cannot call a method on a null-valued expression.
At C:\Users\Administrator\Desktop\dns_log_exp\Reading DNS Debug logs.ps1:61 char:25
+ $Result=(((($_ -split “\[“)[1]).ToString().Substring(9))
…
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
This error was displayed to the console, yet not included in the CSV.
I ran the script using the following commands:
PS C:\Users\Administrator\Desktop\dns_log_exp> . ‘.\Reading DNS Debug logs.ps1’
PS C:\Users\Administrator\Desktop\dns_log_exp> Get-DNSDebugLog -DNSLog .\dns.log | Export-csv .\dns_csv.csv
Any thoughts how to solve the issue?
Note: I still had some data out to the CSV file and I am using Windows 2012 R2.
Besides, the 1st row in the CSV file was “#TYPE System.Object”. How to remove this row and make the first row to be the header of the CSV table ?
Thanks in advance !
Hi Yasmeen, thanks for reading and commenting!
It kind of looks like a parsing error that causes the string to become empty. Is the logfile huge? If I could take a look at the logs format it would be simpler to troubleshoot. I’ll drop you an e-mail and we’ll take it from there ๐
To remove that first row in the csv file you can use the -NoTypeInformation switch on Export-Csv.
This was another bug in the code (unhandled event type in the log). Iโve updated the link in the post to the updated version of the code.
Thank you Yasmeen for reporting that!
Thanks a lot Anders !!!
Appreciated …
If the date format is a pain for you, try this SpectX script – easy to modify the timestamp. The best part is: results are typified so you can calculate geolocations, ASnames etc out of IP-addresses, do aggregations, etc. https://www.spectx.com/articles/analysing-legacy-windows-server-dns-debug-logs
With the posted code I get either no output for a ft and an empty csv as per another commenter above.
2022 and still working like a charm ๐
Thanks a lot!