Restez organisé à l'aide des collections
Enregistrez et classez les contenus selon vos préférences.
JSON :
{
"EventTime": 1640073312000,
"Hostname": "WIN-TEST",
"Keywords": "4611686018427912192",
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"EventID": 514,
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"Version": 0,
"TaskValue": 5,
"OpcodeValue": 0,
"RecordNumber": 1,
"ExecutionProcessID": 2244,
"ExecutionThreadID": 1448,
"Channel": "Microsoft-Windows-DNSServer/Audit",
"Domain": "DNSTEST",
"AccountName": "Administrator",
"UserID": "S-1-2-3",
"AccountType": "User",
"Message": "The zone dnstest.local was updated. The SecondaryServers setting has been set to deny zone transfers. [virtualization instance: .].",
"Category": "ZONE_OP",
"Opcode": "Info",
"Zone": "dnstest.local",
"PropertyKey": "SecondaryServers",
"NewValue": "deny zone transfers",
"VirtualizationID": ".",
"EventReceivedTime": 1640073312001,
"SourceModuleName": "auditeventlog",
"SourceModuleType": "im_msvistalog"
}
XML :
<Event>
<SourceName>Microsoft-Windows-DNSServer</SourceName>
<ProviderGuid>{EB79061A-A566-4698-9119-3ED2807060E7}
</ProviderGuid>
<EventID>256</EventID>
<Version>0</Version>
<ChannelID>16</ChannelID>
<OpcodeValue>0</OpcodeValue>
<TaskValue>1</TaskValue>
<Keywords>9223372036854775809</Keywords>
<EventTime>1640073312000</EventTime>
<ExecutionProcessID>2476</ExecutionProcessID>
<ExecutionThreadID>3972</ExecutionThreadID>
<EventType>INFO</EventType>
<SeverityValue>2</SeverityValue>
<Severity>INFO</Severity>
<Hostname>WIN-TEST</Hostname>
<Domain>NT AUTHORITY</Domain>
<AccountName>SYSTEM</AccountName>
<UserID>S-1-2-3</UserID>
<AccountType>User</AccountType>
<Flags>256</Flags>
<TCP>0</TCP>
<InterfaceIP>198.51.100.5</InterfaceIP>
<Source>198.51.100.0</Source>
<RD>1</RD>
<QNAME>www.google.com.</QNAME>
<QTYPE>1</QTYPE>
<XID>55835</XID>
<Port>50843</Port>
<BufferSize>43</BufferSize>
<PacketData>0xDA1B0100000100000000000006766F727465780464617461096D6963726F736F667403636F6D0000010001</PacketData>
<AdditionalInfo>.</AdditionalInfo>
<EventReceivedTime>1640073312001</EventReceivedTime>
<SourceModuleName>eventlog</SourceModuleName>
<SourceModuleType>im_etw</SourceModuleType>
</Event>
SYSLOG + KV:
UDP question info at 00000027580C8220 Socket = 556 Remote addr 198.51.100.1, port 60766 Time Query=559415, Queued=0, Expire=0 Buf length = 0x0fa0 (4000) Msg length = 0x0044 (68) Message: XID 0x49d7 Flags 0x0100 QR 0 (QUESTION) OPCODE 0 (QUERY) AA 0 TC 0 RD 1 RA 0 Z 0 CD 0 AD 0 RCODE 0 (NOERROR) QCOUNT 1 ACOUNT 0 NSCOUNT 0 ARCOUNT 0 QUESTION SECTION: Offset = 0x000c, RR count = 0 Name \"(5)_ldap(4)_tcp(4)INMS(6)_sites(14)ForestDnsZones(8)genmills(3)com(0)\" QTYPE SRV (33) QCLASS 1 ANSWER SECTION: empty AUTHORITY SECTION: empty ADDITIONAL SECTION: empty
SYSLOG
29.11.2023 14:13:11 1B14 PACKET 00000274481BF1B0 UDP Snd 198.51.100.0 14fc Q [0001 D NOERROR] A (23)win-dns(10)westeurope(8)test(5)azure(3)com(0)
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/07/29 (UTC).
[[["Facile à comprendre","easyToUnderstand","thumb-up"],["J'ai pu résoudre mon problème","solvedMyProblem","thumb-up"],["Autre","otherUp","thumb-up"]],[["Difficile à comprendre","hardToUnderstand","thumb-down"],["Informations ou exemple de code incorrects","incorrectInformationOrSampleCode","thumb-down"],["Il n'y a pas l'information/les exemples dont j'ai besoin","missingTheInformationSamplesINeed","thumb-down"],["Problème de traduction","translationIssue","thumb-down"],["Autre","otherDown","thumb-down"]],["Dernière mise à jour le 2025/07/29 (UTC)."],[],[],null,["- JSON:\n\n {\n \"EventTime\": 1640073312000,\n \"Hostname\": \"WIN-TEST\",\n \"Keywords\": \"4611686018427912192\",\n \"EventType\": \"INFO\",\n \"SeverityValue\": 2,\n \"Severity\": \"INFO\",\n \"EventID\": 514,\n \"SourceName\": \"Microsoft-Windows-DNSServer\",\n \"ProviderGuid\": \"{EB79061A-A566-4698-9119-3ED2807060E7}\",\n \"Version\": 0,\n \"TaskValue\": 5,\n \"OpcodeValue\": 0,\n \"RecordNumber\": 1,\n \"ExecutionProcessID\": 2244,\n \"ExecutionThreadID\": 1448,\n \"Channel\": \"Microsoft-Windows-DNSServer/Audit\",\n \"Domain\": \"DNSTEST\",\n \"AccountName\": \"Administrator\",\n \"UserID\": \"S-1-2-3\",\n \"AccountType\": \"User\",\n \"Message\": \"The zone dnstest.local was updated. The SecondaryServers setting has been set to deny zone transfers. [virtualization instance: .].\",\n \"Category\": \"ZONE_OP\",\n \"Opcode\": \"Info\",\n \"Zone\": \"dnstest.local\",\n \"PropertyKey\": \"SecondaryServers\",\n \"NewValue\": \"deny zone transfers\",\n \"VirtualizationID\": \".\",\n \"EventReceivedTime\": 1640073312001,\n \"SourceModuleName\": \"auditeventlog\",\n \"SourceModuleType\": \"im_msvistalog\"\n }\n\n- XML:\n\n \u003cEvent\u003e\n \u003cSourceName\u003eMicrosoft-Windows-DNSServer\u003c/SourceName\u003e\n \u003cProviderGuid\u003e{EB79061A-A566-4698-9119-3ED2807060E7}\n \u003c/ProviderGuid\u003e\n \u003cEventID\u003e256\u003c/EventID\u003e\n \u003cVersion\u003e0\u003c/Version\u003e\n \u003cChannelID\u003e16\u003c/ChannelID\u003e\n \u003cOpcodeValue\u003e0\u003c/OpcodeValue\u003e\n \u003cTaskValue\u003e1\u003c/TaskValue\u003e\n \u003cKeywords\u003e9223372036854775809\u003c/Keywords\u003e\n \u003cEventTime\u003e1640073312000\u003c/EventTime\u003e\n \u003cExecutionProcessID\u003e2476\u003c/ExecutionProcessID\u003e\n \u003cExecutionThreadID\u003e3972\u003c/ExecutionThreadID\u003e\n \u003cEventType\u003eINFO\u003c/EventType\u003e\n \u003cSeverityValue\u003e2\u003c/SeverityValue\u003e\n \u003cSeverity\u003eINFO\u003c/Severity\u003e\n \u003cHostname\u003eWIN-TEST\u003c/Hostname\u003e\n \u003cDomain\u003eNT AUTHORITY\u003c/Domain\u003e\n \u003cAccountName\u003eSYSTEM\u003c/AccountName\u003e\n \u003cUserID\u003eS-1-2-3\u003c/UserID\u003e\n \u003cAccountType\u003eUser\u003c/AccountType\u003e\n \u003cFlags\u003e256\u003c/Flags\u003e\n \u003cTCP\u003e0\u003c/TCP\u003e\n \u003cInterfaceIP\u003e198.51.100.5\u003c/InterfaceIP\u003e\n \u003cSource\u003e198.51.100.0\u003c/Source\u003e\n \u003cRD\u003e1\u003c/RD\u003e\n \u003cQNAME\u003ewww.google.com.\u003c/QNAME\u003e\n \u003cQTYPE\u003e1\u003c/QTYPE\u003e\n \u003cXID\u003e55835\u003c/XID\u003e\n \u003cPort\u003e50843\u003c/Port\u003e\n \u003cBufferSize\u003e43\u003c/BufferSize\u003e\n \u003cPacketData\u003e0xDA1B0100000100000000000006766F727465780464617461096D6963726F736F667403636F6D0000010001\u003c/PacketData\u003e\n \u003cAdditionalInfo\u003e.\u003c/AdditionalInfo\u003e\n \u003cEventReceivedTime\u003e1640073312001\u003c/EventReceivedTime\u003e\n \u003cSourceModuleName\u003eeventlog\u003c/SourceModuleName\u003e\n \u003cSourceModuleType\u003eim_etw\u003c/SourceModuleType\u003e\n \u003c/Event\u003e\n\n- SYSLOG + KV:\n\n UDP question info at 00000027580C8220 Socket = 556 Remote addr 198.51.100.1, port 60766 Time Query=559415, Queued=0, Expire=0 Buf length = 0x0fa0 (4000) Msg length = 0x0044 (68) Message: XID 0x49d7 Flags 0x0100 QR 0 (QUESTION) OPCODE 0 (QUERY) AA 0 TC 0 RD 1 RA 0 Z 0 CD 0 AD 0 RCODE 0 (NOERROR) QCOUNT 1 ACOUNT 0 NSCOUNT 0 ARCOUNT 0 QUESTION SECTION: Offset = 0x000c, RR count = 0 Name \\\"(5)_ldap(4)_tcp(4)INMS(6)_sites(14)ForestDnsZones(8)genmills(3)com(0)\\\" QTYPE SRV (33) QCLASS 1 ANSWER SECTION: empty AUTHORITY SECTION: empty ADDITIONAL SECTION: empty\n\n- SYSLOG\n\n 29.11.2023 14:13:11 1B14 PACKET 00000274481BF1B0 UDP Snd 198.51.100.0 14fc Q [0001 D NOERROR] A (23)win-dns(10)westeurope(8)test(5)azure(3)com(0)"]]
