- play_arrow What's New in WinCollect
- play_arrow WinCollect Overview
- play_arrow Installation Prerequisites for WinCollect
- play_arrow WinCollect installations
- WinCollect installations
- Installing and Upgrading the WinCollect Application on JSA Appliances
- Creating an Authentication Token for WinCollect Agents
- Adding Multiple Destinations to WinCollect Agents
- Migrating WinCollect Agents After a JSA Hardware Upgrade
- Stand-alone WinCollect Installations
- WinCollect Configuration Console Overview
- Installing the Configuration Console
- Silently Installing, Upgrading, and Uninstalling WinCollect Software
- Setting an XPath Parameter During Automated Installation
- Migrating from Adaptive Log Exporter to WinCollect
- Installing the WinCollect Agent on a Windows Host
- Installing a WinCollect Agent from the Command Prompt
- Uninstalling a WinCollect Agent from the Command Prompt
- Uninstalling a WinCollect Agent from the Control Panel
- play_arrow Configuring WinCollect Agents After Installation
- Configuring WinCollect Agents After Installation
- Manually Adding a WinCollect Agent
- Deleting a WinCollect Agent
- WinCollect Destinations
- Adding Custom Entries to WinCollect Status Messages
- Forwarding Events Identifier
- Configuring Stand-alone WinCollect Agents with the Configuration Console
- Creating a WinCollect Credential
- Adding a Destination to the WinCollect Configuration Console
- Configuring a Destination with TLS in the WinCollect Configuration Console
- Adding a Device to the WinCollect Configuration Console
- Sending Encrypted Events to JSA
- Increasing UDP Payload Size
- Include Milliseconds in Event Log Timestamp
- Collecting Local Windows Logs
- Collecting Remote Windows Logs
- Changing configuration with Templates in a Stand-alone Deployment
- Configuration Options for Systems with Restricted Policies for Domain Controller Credentials
- play_arrow Troubleshooting WinCollect Deployment Issues
- Troubleshooting WinCollect Deployment Issues
- Common Problems
- Replacing the Default Certificate in JSA Generates Invalid PEM Errors
- The Statistics Subsystem
- Event ID 1003 Splits the Message in JSA
- WinCollect Files are Not Restored During a Configuration Restore
- Windows 10 (1803) Cannot Read the Security Bookmark File
- Resolving Log Source Error After WinCollect Update
- WinCollect Log File
Collecting DNS Analytic Logs by Using XPath
To collect DNS Analytic logs by using WinCollect, you must first configure Windows to collect analytic logs and then add an XPath to the WinCollect Agent log source to collect the logs and send them to JSA.
DNS debug logging is supported on the following Windows versions:
Use Event Viewer to configure Windows to collect DNS Server analytic logs.
To open the Event Viewer, type
eventvwr.mscat an elevated command prompt, and press Enter.Go to Applications and Services Logs\Microsoft\Windows\DNS-Server.
Right-click DNS-Server, and then click View > Show Analytic and Debug Logs.
Right-click the Analytical log, and then click Properties.
In the When maximum event log size is reached section, choose Do not overwrite events (Clear logs manually), select Enable logging, and then click OK on the resulting dialog box.
Note:you do not select this option, the WinCollect Agent can't collect the Analytical log, because the logs are stored in etl format.
Click OK to enable the DNS Server Analytic event log.
Note:You must manually clear the logs and restart the agent when the event log is full
In the log source, add the following XPath to the WinCollect Agent:
content_copy zoom_out_map<QueryList> <Query Id="0" Path="Microsoft-Windows-DNSServer/Analytical”> <Select Path="Microsoft-Windows-DNSServer/Analytical”>*</Select> </Query> </QueryList>
