Networks·41,388 discussions

Logging daily DNS/Network Traffic – Windows Server 2008 R2

Locked

Greetings,

my question is how I can achieve on Windows Server 2008 R2 that the DNS traffic on our network is monitored and logged on a daily basis.

I already did quite some research on the internet and found using the command-line tool “nmcap” with Windows Network Monitor to be a great solution.
Here’s the batch I wrote which runs fine if I run it manually.

@ECHO OFF
set filename=%date:~6,4%_%date:~3,2%_%date:~0,2%_nwlog
nmcap /network * /capture “(IPv4.SourceAddress != 192.168.x.x AND Protocolname==’DNS’)” /DisableConversations /StopWhen /Time 23:00:00 /file S:\NetworkLogs\%filename%.cap

First line after @ECHO OFF simply creates a date variable which is used later to name the file correctly, to have proper named logfiles on a daily basis.

I’ve set up a schedules task on the server, running the bat at 07:00am every day as SYSTEM, but I can’t get it to work properly.

The main use is, as already stated, to have this batch running every day on the server in the background, running from 07:00-23:00 and saving the logfiles in my desired location.

I’d really appreciate some help regarding this 🙂

Thanks in advance!
-Boris

Topic

Clarifications

In reply to Logging daily DNS/Network Traffic – Windows Server 2008 R2

Clarifications

Environment variables can be tricky to set sometimes

In reply to Logging daily DNS/Network Traffic – Windows Server 2008 R2

Try naming the filenames explicitly to see if that’s where the fault is.

Also don’t forget that spaces are not allowed in DOS filenames, so if the first part tries to create a cap file with a space in it, that wont work. So perhaps what’s needed is “%filename%”.cap

[Author]

Replies