Yesterday’s tip discussed some of the new analytics available for Windows Server 2016 and back ported to Windows Server 2012 R2. I couldn’t resist following up with an article on one of the scenarios mentioned in that tip, Network Forensics.
Below is a link to a very informative article written by key members of the DNS Product Group explaining a practical application of analytics to solve a real-world problem. There is some really good stuff here including
- How DNS intel can be used to compromise a network, and how analytics data can be used by network defenders to detect and investigate such an attack
- Example DNS analytic event logs
- Hardcore performance tips –
- To what degree analytics can potentially introduce performance degradation, and
- when to use what method of collection; topics such as tracelog and Windows Event Collection are discussed
- Example of filtering to eliminate less valuable information
Check out the following article for all this and more: Network Forensics with Windows DNS Analytical Logging
And for resources referenced in this and yesterday’s tip.
- DNS Logging and Diagnostics
- Update adds query logging and change auditing to Windows DNS servers
- Windows Event Collector
The article Network Forensics with Windows DNS Analytical Logging represents an excellent example of taking a real world scenario, tools, and data and turning it into a teaching and learning opportunity. I think we can all agree that information is easier to retain, particularly on a topic as nuanced as trace and log analysis, when presented in the context of solving real-world problems.
Do you have scenarios and examples where you used logging and analytics to do something amazing? Get to the bottom of a deep mystery? Eek just a bit more performance out of that app or server?
Doesn’t have to be DNS or even network related. Let us know! There is a good chance that your experiences could be turned into a teaching tools for others while driving a better product and customer experience in the long run.