There is a very extensive filtering engine within the product. The filtering within Message analyzer is actually where the power is. When they do, we are going to need to apply a filter to reduce the displayed events down to a manageable result. Depending on the speed of the system you are working on, it may take some time for events to start populating.Click the Start button to begin the capture.Select the Add Providers button and select the Microsoft-Windows-DNSServer Provider from the list and click the Add To button and then click OK.Note: The easiest way to find the DNS Provider is to use the search box at the top of the Providers list.From the New Session window, select Live Trace.Message Analyzer can be downloaded from the following location: Let's fire up Message Analyzer and check out the logs.
LogMan and Tracelog are options as well but I prefer Message Analyzer since it can view the events as it collects them and it has an amazing filtering capability to help limit the results to just what you need to see. It is also an Event Tracing for Windows (ETW) consumer, which is the functionality that we're going to use here. I am going to use Microsoft Message Analyzer, which is the successor to NetMon but contains much more functionality than just doing network captures. In this post, I'll give you an alternative to viewing the logs that will not require disabling them.
In this case, I am looking at the DNS Server logs, where there may be no option to stop collection just to scan through them.
So I have to stop the Analytical Log collection so that I can view it? That is a frustrating proposition, especially when you consider the importance of some of the logs.
0 kommentar(er)
