Read DNS debug log and generate output in readble CSV format
Attached script will help to read dns debug logs and identify dependencies on the DNs server.
Run below code in powershell n then use Get-DNSDebugLog to generate report..
Ex -
Get-DNSDebugLog -DNSLog ".\DnsDebug.log" | Export-Csv .\ProperlyFormatedLog.csv
# Check log time format and set properties
if ($_ -match ":\d\d AM|:\d\d PM") {
$Time=($_ -split " ")[1,2] -join " "
$Protocol=($_ -split " ")[7]
$Client=($_ -split " ")[9]
$SendReceive=($_ -split " ")[8]
$RecordType=(($_ -split "]")[1] -split " ")[1]
$Query=($_.ToString().Substring(110)) -replace "\s" -replace "\(\d?\d\)","." -replace "^\." -replace "\.$"
$Result=(((($_ -split "\[")[1]).ToString().Substring(9)) -split "]")[0] -replace " "
}
elseif ($_ -match "^\d\d\d\d\d\d\d\d \d\d:") {
$Date=$Date.Substring(0,4) + "-" + $Date.Substring(4,2) + "-" + $Date.Substring(6,2)
$Time=($_ -split " ")[1] -join " "
$Protocol=($_ -split " ")[6]
$Client=($_ -split " ")[8]
$SendReceive=($_ -split " ")[7]
$RecordType=(($_ -split "]")[1] -split " ")[1]
$Query=($_.ToString().Substring(110)) -replace "\s" -replace "\(\d?\d\)","." -replace "^\." -replace "\.$"
$Result=(((($_ -split "\[")[1]).ToString().Substring(9)) -split "]")[0] -replace " "
}
else {
$Time=($_ -split " ")[1]
$Protocol=($_ -split " ")[6]
$Client=($_ -split " ")[8]
$SendReceive=($_ -split " ")[7]
$RecordType=(($_ -split "]")[1] -split " ")[1]
$Query=($_.ToString().Substring(110)) -replace "\s" -replace "\(\d?\d\)","." -replace "^\." -replace "\.$"
$Result=(((($_ -split "\[")[1]).ToString().Substring(9)) -split "]")[0] -replace " "
}
# Check log time format and set properties if ($_ -match ":\d\d AM|:\d\d PM") { $Time=($_ -split " ")[1,2] -join " " $Protocol=($_ -split " ")[7] $Client=($_ -split " ")[9] $SendReceive=($_ -split " ")[8] $RecordType=(($_ -split "]")[1] -split " ")[1] $Query=($_.ToString().Substring(110)) -replace "\s" -replace "\(\d?\d\)","." -replace "^\." -replace "\.$" $Result=(((($_ -split "\[")[1]).ToString().Substring(9)) -split "]")[0] -replace " " } elseif ($_ -match "^\d\d\d\d\d\d\d\d \d\d:") { $Date=$Date.Substring(0,4) + "-" + $Date.Substring(4,2) + "-" + $Date.Substring(6,2) $Time=($_ -split " ")[1] -join " " $Protocol=($_ -split " ")[6] $Client=($_ -split " ")[8] $SendReceive=($_ -split " ")[7] $RecordType=(($_ -split "]")[1] -split " ")[1] $Query=($_.ToString().Substring(110)) -replace "\s" -replace "\(\d?\d\)","." -replace "^\." -replace "\.$" $Result=(((($_ -split "\[")[1]).ToString().Substring(9)) -split "]")[0] -replace " " } else { $Time=($_ -split " ")[1] $Protocol=($_ -split " ")[6] $Client=($_ -split " ")[8] $SendReceive=($_ -split " ")[7] $RecordType=(($_ -split "]")[1] -split " ")[1] $Query=($_.ToString().Substring(110)) -replace "\s" -replace "\(\d?\d\)","." -replace "^\." -replace "\.$" $Result=(((($_ -split "\[")[1]).ToString().Substring(9)) -split "]")[0] -replace " " }