my question is how I can achieve on Windows Server 2008 R2 that the DNS traffic on our network is monitored and logged on a daily basis.
I already did quite some research on the internet and found using the command-line tool "nmcap" with Windows Network Monitor to be a great solution.
Here's the batch I wrote which runs fine if I run it manually.
@ECHO OFF
set filename=%date:~6,4%_%date:~3,2%_%date:~0,2%_nwlog
nmcap /network * /capture "(IPv4.SourceAddress != 192.168.x.x AND Protocolname=='DNS')" /DisableConversations /StopWhen /Time 23:00:00 /file S:\NetworkLogs\%filename%.cap
First line after @ECHO OFF simply creates a date variable which is used later to name the file correctly, to have proper named logfiles on a daily basis.
I've set up a schedules task on the server, running the bat at 07:00am every day as SYSTEM, but I can't get it to work properly.
The main use is, as already stated, to have this batch running every day on the server in the background, running from 07:00-23:00 and saving the logfiles in my desired location.
I'd really appreciate some help regarding this
Thanks in advance!
-Boris
