Mit Sammlungen den Überblick behalten
Sie können Inhalte basierend auf Ihren Einstellungen speichern und kategorisieren.
JSON:
{
"EventTime": 1640073312000,
"Hostname": "WIN-TEST",
"Keywords": "4611686018427912192",
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"EventID": 514,
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"Version": 0,
"TaskValue": 5,
"OpcodeValue": 0,
"RecordNumber": 1,
"ExecutionProcessID": 2244,
"ExecutionThreadID": 1448,
"Channel": "Microsoft-Windows-DNSServer/Audit",
"Domain": "DNSTEST",
"AccountName": "Administrator",
"UserID": "S-1-2-3",
"AccountType": "User",
"Message": "The zone dnstest.local was updated. The SecondaryServers setting has been set to deny zone transfers. [virtualization instance: .].",
"Category": "ZONE_OP",
"Opcode": "Info",
"Zone": "dnstest.local",
"PropertyKey": "SecondaryServers",
"NewValue": "deny zone transfers",
"VirtualizationID": ".",
"EventReceivedTime": 1640073312001,
"SourceModuleName": "auditeventlog",
"SourceModuleType": "im_msvistalog"
}
XML:
<Event>
<SourceName>Microsoft-Windows-DNSServer</SourceName>
<ProviderGuid>{EB79061A-A566-4698-9119-3ED2807060E7}
</ProviderGuid>
<EventID>256</EventID>
<Version>0</Version>
<ChannelID>16</ChannelID>
<OpcodeValue>0</OpcodeValue>
<TaskValue>1</TaskValue>
<Keywords>9223372036854775809</Keywords>
<EventTime>1640073312000</EventTime>
<ExecutionProcessID>2476</ExecutionProcessID>
<ExecutionThreadID>3972</ExecutionThreadID>
<EventType>INFO</EventType>
<SeverityValue>2</SeverityValue>
<Severity>INFO</Severity>
<Hostname>WIN-TEST</Hostname>
<Domain>NT AUTHORITY</Domain>
<AccountName>SYSTEM</AccountName>
<UserID>S-1-2-3</UserID>
<AccountType>User</AccountType>
<Flags>256</Flags>
<TCP>0</TCP>
<InterfaceIP>198.51.100.5</InterfaceIP>
<Source>198.51.100.0</Source>
<RD>1</RD>
<QNAME>www.google.com.</QNAME>
<QTYPE>1</QTYPE>
<XID>55835</XID>
<Port>50843</Port>
<BufferSize>43</BufferSize>
<PacketData>0xDA1B0100000100000000000006766F727465780464617461096D6963726F736F667403636F6D0000010001</PacketData>
<AdditionalInfo>.</AdditionalInfo>
<EventReceivedTime>1640073312001</EventReceivedTime>
<SourceModuleName>eventlog</SourceModuleName>
<SourceModuleType>im_etw</SourceModuleType>
</Event>
SYSLOG + KV:
UDP question info at 00000027580C8220 Socket = 556 Remote addr 198.51.100.1, port 60766 Time Query=559415, Queued=0, Expire=0 Buf length = 0x0fa0 (4000) Msg length = 0x0044 (68) Message: XID 0x49d7 Flags 0x0100 QR 0 (QUESTION) OPCODE 0 (QUERY) AA 0 TC 0 RD 1 RA 0 Z 0 CD 0 AD 0 RCODE 0 (NOERROR) QCOUNT 1 ACOUNT 0 NSCOUNT 0 ARCOUNT 0 QUESTION SECTION: Offset = 0x000c, RR count = 0 Name \"(5)_ldap(4)_tcp(4)INMS(6)_sites(14)ForestDnsZones(8)genmills(3)com(0)\" QTYPE SRV (33) QCLASS 1 ANSWER SECTION: empty AUTHORITY SECTION: empty ADDITIONAL SECTION: empty
SYSLOG
29.11.2023 14:13:11 1B14 PACKET 00000274481BF1B0 UDP Snd 198.51.100.0 14fc Q [0001 D NOERROR] A (23)win-dns(10)westeurope(8)test(5)azure(3)com(0)
Sofern nicht anders angegeben, sind die Inhalte dieser Seite unter der Creative Commons Attribution 4.0 License und Codebeispiele unter der Apache 2.0 License lizenziert. Weitere Informationen finden Sie in den Websiterichtlinien von Google Developers. Java ist eine eingetragene Marke von Oracle und/oder seinen Partnern.
Zuletzt aktualisiert: 2025-07-29 (UTC).
[[["Leicht verständlich","easyToUnderstand","thumb-up"],["Mein Problem wurde gelöst","solvedMyProblem","thumb-up"],["Sonstiges","otherUp","thumb-up"]],[["Schwer verständlich","hardToUnderstand","thumb-down"],["Informationen oder Beispielcode falsch","incorrectInformationOrSampleCode","thumb-down"],["Benötigte Informationen/Beispiele nicht gefunden","missingTheInformationSamplesINeed","thumb-down"],["Problem mit der Übersetzung","translationIssue","thumb-down"],["Sonstiges","otherDown","thumb-down"]],["Zuletzt aktualisiert: 2025-07-29 (UTC)."],[],[],null,["- JSON:\n\n {\n \"EventTime\": 1640073312000,\n \"Hostname\": \"WIN-TEST\",\n \"Keywords\": \"4611686018427912192\",\n \"EventType\": \"INFO\",\n \"SeverityValue\": 2,\n \"Severity\": \"INFO\",\n \"EventID\": 514,\n \"SourceName\": \"Microsoft-Windows-DNSServer\",\n \"ProviderGuid\": \"{EB79061A-A566-4698-9119-3ED2807060E7}\",\n \"Version\": 0,\n \"TaskValue\": 5,\n \"OpcodeValue\": 0,\n \"RecordNumber\": 1,\n \"ExecutionProcessID\": 2244,\n \"ExecutionThreadID\": 1448,\n \"Channel\": \"Microsoft-Windows-DNSServer/Audit\",\n \"Domain\": \"DNSTEST\",\n \"AccountName\": \"Administrator\",\n \"UserID\": \"S-1-2-3\",\n \"AccountType\": \"User\",\n \"Message\": \"The zone dnstest.local was updated. The SecondaryServers setting has been set to deny zone transfers. [virtualization instance: .].\",\n \"Category\": \"ZONE_OP\",\n \"Opcode\": \"Info\",\n \"Zone\": \"dnstest.local\",\n \"PropertyKey\": \"SecondaryServers\",\n \"NewValue\": \"deny zone transfers\",\n \"VirtualizationID\": \".\",\n \"EventReceivedTime\": 1640073312001,\n \"SourceModuleName\": \"auditeventlog\",\n \"SourceModuleType\": \"im_msvistalog\"\n }\n\n- XML:\n\n \u003cEvent\u003e\n \u003cSourceName\u003eMicrosoft-Windows-DNSServer\u003c/SourceName\u003e\n \u003cProviderGuid\u003e{EB79061A-A566-4698-9119-3ED2807060E7}\n \u003c/ProviderGuid\u003e\n \u003cEventID\u003e256\u003c/EventID\u003e\n \u003cVersion\u003e0\u003c/Version\u003e\n \u003cChannelID\u003e16\u003c/ChannelID\u003e\n \u003cOpcodeValue\u003e0\u003c/OpcodeValue\u003e\n \u003cTaskValue\u003e1\u003c/TaskValue\u003e\n \u003cKeywords\u003e9223372036854775809\u003c/Keywords\u003e\n \u003cEventTime\u003e1640073312000\u003c/EventTime\u003e\n \u003cExecutionProcessID\u003e2476\u003c/ExecutionProcessID\u003e\n \u003cExecutionThreadID\u003e3972\u003c/ExecutionThreadID\u003e\n \u003cEventType\u003eINFO\u003c/EventType\u003e\n \u003cSeverityValue\u003e2\u003c/SeverityValue\u003e\n \u003cSeverity\u003eINFO\u003c/Severity\u003e\n \u003cHostname\u003eWIN-TEST\u003c/Hostname\u003e\n \u003cDomain\u003eNT AUTHORITY\u003c/Domain\u003e\n \u003cAccountName\u003eSYSTEM\u003c/AccountName\u003e\n \u003cUserID\u003eS-1-2-3\u003c/UserID\u003e\n \u003cAccountType\u003eUser\u003c/AccountType\u003e\n \u003cFlags\u003e256\u003c/Flags\u003e\n \u003cTCP\u003e0\u003c/TCP\u003e\n \u003cInterfaceIP\u003e198.51.100.5\u003c/InterfaceIP\u003e\n \u003cSource\u003e198.51.100.0\u003c/Source\u003e\n \u003cRD\u003e1\u003c/RD\u003e\n \u003cQNAME\u003ewww.google.com.\u003c/QNAME\u003e\n \u003cQTYPE\u003e1\u003c/QTYPE\u003e\n \u003cXID\u003e55835\u003c/XID\u003e\n \u003cPort\u003e50843\u003c/Port\u003e\n \u003cBufferSize\u003e43\u003c/BufferSize\u003e\n \u003cPacketData\u003e0xDA1B0100000100000000000006766F727465780464617461096D6963726F736F667403636F6D0000010001\u003c/PacketData\u003e\n \u003cAdditionalInfo\u003e.\u003c/AdditionalInfo\u003e\n \u003cEventReceivedTime\u003e1640073312001\u003c/EventReceivedTime\u003e\n \u003cSourceModuleName\u003eeventlog\u003c/SourceModuleName\u003e\n \u003cSourceModuleType\u003eim_etw\u003c/SourceModuleType\u003e\n \u003c/Event\u003e\n\n- SYSLOG + KV:\n\n UDP question info at 00000027580C8220 Socket = 556 Remote addr 198.51.100.1, port 60766 Time Query=559415, Queued=0, Expire=0 Buf length = 0x0fa0 (4000) Msg length = 0x0044 (68) Message: XID 0x49d7 Flags 0x0100 QR 0 (QUESTION) OPCODE 0 (QUERY) AA 0 TC 0 RD 1 RA 0 Z 0 CD 0 AD 0 RCODE 0 (NOERROR) QCOUNT 1 ACOUNT 0 NSCOUNT 0 ARCOUNT 0 QUESTION SECTION: Offset = 0x000c, RR count = 0 Name \\\"(5)_ldap(4)_tcp(4)INMS(6)_sites(14)ForestDnsZones(8)genmills(3)com(0)\\\" QTYPE SRV (33) QCLASS 1 ANSWER SECTION: empty AUTHORITY SECTION: empty ADDITIONAL SECTION: empty\n\n- SYSLOG\n\n 29.11.2023 14:13:11 1B14 PACKET 00000274481BF1B0 UDP Snd 198.51.100.0 14fc Q [0001 D NOERROR] A (23)win-dns(10)westeurope(8)test(5)azure(3)com(0)"]]
