你在解决类似问题时应该做的第一件事之一是启用DNS调试日志。但是当你被迫查看调试日志创建的日志时,你会有一个不愉快的经历。通过使用PowerShell创建一个DNS调试日志解析脚本,使这一切变得更容易!
如何使用PowerShell构建DNS调试日志解析器
你有很多不同的调试选项,但在我的情况下,我需要有关动态更新的更多信息。这是我一个DNS服务器上的配置样例。
启用此功能后,它将开始在您指定的文件路径创建一个日志文件,看起来像这样:
标记出的行的第一行是IP地址,最后一行是它尝试更新的DNS记录。由于明显的原因,这些已经被标记出来了。根据您选择的选项,此日志文件可能变得非常庞大,并且不是最容易阅读的格式。
如果我想要过滤掉一个单独的IP或通过某个特定时间范围缩小范围,该怎么办?您不能使用默认的日志文件完成这项工作。这就是为什么我使用PowerShell创建了一个DNS调试日志解析脚本的原因。
下面的脚本将此日志文件解析成一个漂亮的CSV文件,如下所示:
那看起来好多了,对吧?脚本会在日志文件中查找任何错误,并解析出日期、IP和错误信息,然后将其放入格式良好的CSV文件中。它还会排除所有DNS服务器的IP地址。
但不知何故,无论选择哪个选项,DNS服务器的IP地址仍然会出现。我只需要知道正在更新DNS记录的客户端IP地址有什么问题。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -Module ActiveDirectory | |
| $dnsServer = ‘‘ ## This is the server name as a NETBIOS or FQDN | |
| $OutputFilePath = ‘C:\DNSDebugLogSummary.csv‘ ## The CSV file that will be created | |
| ## The log file you specified in the debug logging dialog box | |
| $DnsDebugLogFilePath = “\$dnsServer\c$\DnsDebugLog.log“ | |
| ## Find all of the DNS server IPs in the current domain | |
| $DnsServerIPs = ((Get-ADDomain).ReplicaDirectoryServers | Resolve-DnsName).IPAddress | |
| Write-Verbose –Message “Found DNS servers $($DnsServerIPs -join ‘,‘)“ | |
| ## Find all lines in the log file that don’t contain the strings ‘NOERROR’ or are blank. This | |
| ## retrieves only the lines with errors in them. | |
| Select-String –Pattern ‘NOERROR|^\s*‘ –Path $DnsDebugLogFilePath -NotMatch | foreach { | |
| try { | |
| ## Find lines containing an IP address | |
| if ($_.Line -match ‘\b(?:\d{1,3}\.){3}\d{1,3}\b‘) { | |
| Write-Verbose –Message ‘Found line with IP address.‘ | |
| $IP = $Matches[0] | |
| ## If the IP isn’t a DNS server it must be a client IP | |
| if ($DnsServerIPs -notcontains $IP) { | |
| Write-Verbose “Processing IP ‘$IP‘“ | |
| $Split = $_.Line.Split(‘ ‘) | |
| $Date = $Split[0] | |
| $Time = $Split[1] + $Split[2] | |
| $Err = [regex]::Match($_.Line, ‘\[(.*)\]‘).Groups[1].Value | |
| [pscustomobject]@{ ‘Date‘ = “$Date $Time“; ‘IP‘ = $IP; ‘Error‘ = $Err } | |
| } | |
| } | |
| } catch { | |
| Write-Warning $_.Exception.Message | |
| } | |
| } | Export-Csv –Path $OutputFilePath –Append –NoTypeInformation |