TestimoX

API Reference

Command

Get-ADXDnsLogFile

Namespace ADPlayground.PowerShell
Inputs
System.String[]

Retrieves DNS log entries from a specified file.

Examples

Authored help example

Example 1


Get-ADXDnsLogFile -Path "C:\Logs\dns.log" -Summary

Get a basic summary of a DNS log file:

Example 2


Get-ADXDnsLogFile -Path "C:\Logs\dns.log" -Protocol UDP -QuestionType A

Get DNS entries filtered by protocol and type:

Example 3


Get-ADXDnsLogFile -Path "C:\Logs\dns.log" -SummaryPerZone -LocalZones "contoso.com","internal.net"

Get a summary of queries per zone with local zone definitions:

Example 4


Get-ADXDnsLogFile -Path "C:\Logs\dns.log" -SummaryPerIp -MaxRawQueries 50

Limit stored raw queries when summarizing per IP:

Example 5


Get-ADXDnsLogFile -Path "C:\Logs\dns.log" -ResponseCode NXDOMAIN -ExcludeResponseCode SERVFAIL

Filter entries by response codes:

Example 6


Get-ADXDnsLogFile -Path "C:\Logs\dns.log" -SummaryPerInterval ([TimeSpan]'00:01:00')

Get per-minute query counts:

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Get-ADXDnsLogFile -Path <string[]> [-NoAsync] [-Cache] [-CacheDirectory <string>] [-ComputerName <string[]>] [-Deduplicate] [-Direction <Unknown|Send|Receive>] [-DoNotMerge] [-ExactMatchIP] [-ExactQuestionNameMatch] [-ExactZoneNameMatch] [-ExcludeQuestionType <string[]>] [-ExcludeResponseCode <string[]>] [-ExcludeZoneName <string[]>] [-IncludeAllMatchedZones] [-MatchedZones <string[]>] [-MaxRawQueries <int>] [-NoProgress] [-OutputFormat <HashTable|Array|Combined>] [-Parallel] [-Protocol <Unknown|UDP|TCP>] [-QuestionName <string[]>] [-QuestionType <string[]>] [-RemoteIP <string[]>] [-ResponseCode <string[]>] [-StrictZoneMatching] [-Subnet <int>] [-Summary] [-SummaryPerInterval <TimeSpan>] [-SummaryPerIp] [-SummaryPerZone] [-TestProgressAction <ScriptBlock>] [-ZoneSelection <Both|ExternalZones|MatchedZones>] [<CommonParameters>]
#

Parameters

Path string[] requiredposition: 0pipeline: true (ByValue, ByPropertyName)aliases: FilePath
Path to DNS log files.
NoAsync SwitchParameter optionalposition: 1pipeline: false
Disable asynchronous processing.
Cache SwitchParameter optionalposition: namedpipeline: false
Cache processed log files.
CacheDirectory string optionalposition: namedpipeline: false
Directory used to store cached files.
ComputerName string[] optionalposition: namedpipeline: false
Remote computers to retrieve log files from.
Deduplicate SwitchParameter optionalposition: namedpipeline: false
Deduplicate identical entries across files when merging.
Direction DnsDirection[] optionalposition: namedpipeline: falsevalues: 3
Filter results by query direction. Possible values: Unknown, Send, Receive, None
Possible values: Unknown, Send, Receive
DoNotMerge SwitchParameter optionalposition: namedpipeline: false
Do not merge related DNS records.
ExactMatchIP SwitchParameter optionalposition: namedpipeline: false
Require exact IP address matches.
ExactQuestionNameMatch SwitchParameter optionalposition: namedpipeline: false
Require an exact match for question names.
ExactZoneNameMatch SwitchParameter optionalposition: namedpipeline: false
Require an exact zone name match.
ExcludeQuestionType string[] optionalposition: namedpipeline: false
Exclude specified question types.
ExcludeResponseCode string[] optionalposition: namedpipeline: false
Exclude specified response codes.
ExcludeZoneName string[] optionalposition: namedpipeline: false
Exclude specified zone names.
IncludeAllMatchedZones SwitchParameter optionalposition: namedpipeline: falsealiases: IncludeAllLocalZones
Include all matched zones in summaries.
MatchedZones string[] optionalposition: namedpipeline: falsealiases: LocalZones
Zone names to match in log entries.
MaxRawQueries int optionalposition: namedpipeline: false
Maximum number of raw queries to output.
NoProgress SwitchParameter optionalposition: namedpipeline: false
Suppress progress output.
OutputFormat DnsSummaryOutputFormat optionalposition: namedpipeline: falsevalues: 3
Format of summary output. Possible values: HashTable, Array, Combined
Possible values: HashTable, Array, Combined
Parallel SwitchParameter optionalposition: namedpipeline: false
Enable parallel processing.
Protocol DnsProtocol[] optionalposition: namedpipeline: falsevalues: 3
Filter results by DNS protocol. Possible values: Unknown, UDP, TCP, None
Possible values: Unknown, UDP, TCP
QuestionName string[] optionalposition: namedpipeline: false
Filter by DNS question names.
QuestionType string[] optionalposition: namedpipeline: false
Filter by DNS question types.
RemoteIP string[] optionalposition: namedpipeline: false
Filter results by remote IP addresses.
ResponseCode string[] optionalposition: namedpipeline: false
Filter results by response codes.
StrictZoneMatching SwitchParameter optionalposition: namedpipeline: false
Enforce strict zone matching rules.
Subnet int optionalposition: namedpipeline: false
Subnet size used when grouping IP addresses.
Summary SwitchParameter optionalposition: namedpipeline: false
Output summary statistics.
SummaryPerInterval TimeSpan optionalposition: namedpipeline: false
Interval used for per-interval summary.
SummaryPerIp SwitchParameter optionalposition: namedpipeline: false
Summarize results per IP address.
SummaryPerZone SwitchParameter optionalposition: namedpipeline: false
Summarize results per zone.
TestProgressAction ScriptBlock optionalposition: namedpipeline: false
Script block used to test progress reporting.
ZoneSelection DnsSummaryZoneSelection optionalposition: namedpipeline: falsevalues: 3
Specify which zones to include in results. Possible values: Both, ExternalZones, MatchedZones
Possible values: Both, ExternalZones, MatchedZones