Questions

Logging daily DNS/Network Traffic - Windows Server 2008 R2

+
0 Votes
Locked

Logging daily DNS/Network Traffic - Windows Server 2008 R2

linkos
Greetings,

my question is how I can achieve on Windows Server 2008 R2 that the DNS traffic on our network is monitored and logged on a daily basis.

I already did quite some research on the internet and found using the command-line tool "nmcap" with Windows Network Monitor to be a great solution.
Here's the batch I wrote which runs fine if I run it manually.

@ECHO OFF
set filename=%date:~6,4%_%date:~3,2%_%date:~0,2%_nwlog
nmcap /network * /capture "(IPv4.SourceAddress != 192.168.x.x AND Protocolname=='DNS')" /DisableConversations /StopWhen /Time 23:00:00 /file S:\NetworkLogs\%filename%.cap

First line after @ECHO OFF simply creates a date variable which is used later to name the file correctly, to have proper named logfiles on a daily basis.

I've set up a schedules task on the server, running the bat at 07:00am every day as SYSTEM, but I can't get it to work properly.

The main use is, as already stated, to have this batch running every day on the server in the background, running from 07:00-23:00 and saving the logfiles in my desired location.

I'd really appreciate some help regarding this :)

Thanks in advance!
-Boris