Mantieni tutto organizzato con le raccolte
Salva e classifica i contenuti in base alle tue preferenze.
JSON:
{
"EventTime": 1640073312000,
"Hostname": "WIN-TEST",
"Keywords": "4611686018427912192",
"EventType": "INFO",
"SeverityValue": 2,
"Severity": "INFO",
"EventID": 514,
"SourceName": "Microsoft-Windows-DNSServer",
"ProviderGuid": "{EB79061A-A566-4698-9119-3ED2807060E7}",
"Version": 0,
"TaskValue": 5,
"OpcodeValue": 0,
"RecordNumber": 1,
"ExecutionProcessID": 2244,
"ExecutionThreadID": 1448,
"Channel": "Microsoft-Windows-DNSServer/Audit",
"Domain": "DNSTEST",
"AccountName": "Administrator",
"UserID": "S-1-2-3",
"AccountType": "User",
"Message": "The zone dnstest.local was updated. The SecondaryServers setting has been set to deny zone transfers. [virtualization instance: .].",
"Category": "ZONE_OP",
"Opcode": "Info",
"Zone": "dnstest.local",
"PropertyKey": "SecondaryServers",
"NewValue": "deny zone transfers",
"VirtualizationID": ".",
"EventReceivedTime": 1640073312001,
"SourceModuleName": "auditeventlog",
"SourceModuleType": "im_msvistalog"
}
XML:
<Event>
<SourceName>Microsoft-Windows-DNSServer</SourceName>
<ProviderGuid>{EB79061A-A566-4698-9119-3ED2807060E7}
</ProviderGuid>
<EventID>256</EventID>
<Version>0</Version>
<ChannelID>16</ChannelID>
<OpcodeValue>0</OpcodeValue>
<TaskValue>1</TaskValue>
<Keywords>9223372036854775809</Keywords>
<EventTime>1640073312000</EventTime>
<ExecutionProcessID>2476</ExecutionProcessID>
<ExecutionThreadID>3972</ExecutionThreadID>
<EventType>INFO</EventType>
<SeverityValue>2</SeverityValue>
<Severity>INFO</Severity>
<Hostname>WIN-TEST</Hostname>
<Domain>NT AUTHORITY</Domain>
<AccountName>SYSTEM</AccountName>
<UserID>S-1-2-3</UserID>
<AccountType>User</AccountType>
<Flags>256</Flags>
<TCP>0</TCP>
<InterfaceIP>198.51.100.5</InterfaceIP>
<Source>198.51.100.0</Source>
<RD>1</RD>
<QNAME>www.google.com.</QNAME>
<QTYPE>1</QTYPE>
<XID>55835</XID>
<Port>50843</Port>
<BufferSize>43</BufferSize>
<PacketData>0xDA1B0100000100000000000006766F727465780464617461096D6963726F736F667403636F6D0000010001</PacketData>
<AdditionalInfo>.</AdditionalInfo>
<EventReceivedTime>1640073312001</EventReceivedTime>
<SourceModuleName>eventlog</SourceModuleName>
<SourceModuleType>im_etw</SourceModuleType>
</Event>
SYSLOG + KV:
UDP question info at 00000027580C8220 Socket = 556 Remote addr 198.51.100.1, port 60766 Time Query=559415, Queued=0, Expire=0 Buf length = 0x0fa0 (4000) Msg length = 0x0044 (68) Message: XID 0x49d7 Flags 0x0100 QR 0 (QUESTION) OPCODE 0 (QUERY) AA 0 TC 0 RD 1 RA 0 Z 0 CD 0 AD 0 RCODE 0 (NOERROR) QCOUNT 1 ACOUNT 0 NSCOUNT 0 ARCOUNT 0 QUESTION SECTION: Offset = 0x000c, RR count = 0 Name \"(5)_ldap(4)_tcp(4)INMS(6)_sites(14)ForestDnsZones(8)genmills(3)com(0)\" QTYPE SRV (33) QCLASS 1 ANSWER SECTION: empty AUTHORITY SECTION: empty ADDITIONAL SECTION: empty
SYSLOG
29.11.2023 14:13:11 1B14 PACKET 00000274481BF1B0 UDP Snd 198.51.100.0 14fc Q [0001 D NOERROR] A (23)win-dns(10)westeurope(8)test(5)azure(3)com(0)
Salvo quando diversamente specificato, i contenuti di questa pagina sono concessi in base alla licenza Creative Commons Attribution 4.0, mentre gli esempi di codice sono concessi in base alla licenza Apache 2.0. Per ulteriori dettagli, consulta le norme del sito di Google Developers. Java è un marchio registrato di Oracle e/o delle sue consociate.
Ultimo aggiornamento 2025-07-29 UTC.
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-07-29 UTC."],[],[],null,["- JSON:\n\n {\n \"EventTime\": 1640073312000,\n \"Hostname\": \"WIN-TEST\",\n \"Keywords\": \"4611686018427912192\",\n \"EventType\": \"INFO\",\n \"SeverityValue\": 2,\n \"Severity\": \"INFO\",\n \"EventID\": 514,\n \"SourceName\": \"Microsoft-Windows-DNSServer\",\n \"ProviderGuid\": \"{EB79061A-A566-4698-9119-3ED2807060E7}\",\n \"Version\": 0,\n \"TaskValue\": 5,\n \"OpcodeValue\": 0,\n \"RecordNumber\": 1,\n \"ExecutionProcessID\": 2244,\n \"ExecutionThreadID\": 1448,\n \"Channel\": \"Microsoft-Windows-DNSServer/Audit\",\n \"Domain\": \"DNSTEST\",\n \"AccountName\": \"Administrator\",\n \"UserID\": \"S-1-2-3\",\n \"AccountType\": \"User\",\n \"Message\": \"The zone dnstest.local was updated. The SecondaryServers setting has been set to deny zone transfers. [virtualization instance: .].\",\n \"Category\": \"ZONE_OP\",\n \"Opcode\": \"Info\",\n \"Zone\": \"dnstest.local\",\n \"PropertyKey\": \"SecondaryServers\",\n \"NewValue\": \"deny zone transfers\",\n \"VirtualizationID\": \".\",\n \"EventReceivedTime\": 1640073312001,\n \"SourceModuleName\": \"auditeventlog\",\n \"SourceModuleType\": \"im_msvistalog\"\n }\n\n- XML:\n\n \u003cEvent\u003e\n \u003cSourceName\u003eMicrosoft-Windows-DNSServer\u003c/SourceName\u003e\n \u003cProviderGuid\u003e{EB79061A-A566-4698-9119-3ED2807060E7}\n \u003c/ProviderGuid\u003e\n \u003cEventID\u003e256\u003c/EventID\u003e\n \u003cVersion\u003e0\u003c/Version\u003e\n \u003cChannelID\u003e16\u003c/ChannelID\u003e\n \u003cOpcodeValue\u003e0\u003c/OpcodeValue\u003e\n \u003cTaskValue\u003e1\u003c/TaskValue\u003e\n \u003cKeywords\u003e9223372036854775809\u003c/Keywords\u003e\n \u003cEventTime\u003e1640073312000\u003c/EventTime\u003e\n \u003cExecutionProcessID\u003e2476\u003c/ExecutionProcessID\u003e\n \u003cExecutionThreadID\u003e3972\u003c/ExecutionThreadID\u003e\n \u003cEventType\u003eINFO\u003c/EventType\u003e\n \u003cSeverityValue\u003e2\u003c/SeverityValue\u003e\n \u003cSeverity\u003eINFO\u003c/Severity\u003e\n \u003cHostname\u003eWIN-TEST\u003c/Hostname\u003e\n \u003cDomain\u003eNT AUTHORITY\u003c/Domain\u003e\n \u003cAccountName\u003eSYSTEM\u003c/AccountName\u003e\n \u003cUserID\u003eS-1-2-3\u003c/UserID\u003e\n \u003cAccountType\u003eUser\u003c/AccountType\u003e\n \u003cFlags\u003e256\u003c/Flags\u003e\n \u003cTCP\u003e0\u003c/TCP\u003e\n \u003cInterfaceIP\u003e198.51.100.5\u003c/InterfaceIP\u003e\n \u003cSource\u003e198.51.100.0\u003c/Source\u003e\n \u003cRD\u003e1\u003c/RD\u003e\n \u003cQNAME\u003ewww.google.com.\u003c/QNAME\u003e\n \u003cQTYPE\u003e1\u003c/QTYPE\u003e\n \u003cXID\u003e55835\u003c/XID\u003e\n \u003cPort\u003e50843\u003c/Port\u003e\n \u003cBufferSize\u003e43\u003c/BufferSize\u003e\n \u003cPacketData\u003e0xDA1B0100000100000000000006766F727465780464617461096D6963726F736F667403636F6D0000010001\u003c/PacketData\u003e\n \u003cAdditionalInfo\u003e.\u003c/AdditionalInfo\u003e\n \u003cEventReceivedTime\u003e1640073312001\u003c/EventReceivedTime\u003e\n \u003cSourceModuleName\u003eeventlog\u003c/SourceModuleName\u003e\n \u003cSourceModuleType\u003eim_etw\u003c/SourceModuleType\u003e\n \u003c/Event\u003e\n\n- SYSLOG + KV:\n\n UDP question info at 00000027580C8220 Socket = 556 Remote addr 198.51.100.1, port 60766 Time Query=559415, Queued=0, Expire=0 Buf length = 0x0fa0 (4000) Msg length = 0x0044 (68) Message: XID 0x49d7 Flags 0x0100 QR 0 (QUESTION) OPCODE 0 (QUERY) AA 0 TC 0 RD 1 RA 0 Z 0 CD 0 AD 0 RCODE 0 (NOERROR) QCOUNT 1 ACOUNT 0 NSCOUNT 0 ARCOUNT 0 QUESTION SECTION: Offset = 0x000c, RR count = 0 Name \\\"(5)_ldap(4)_tcp(4)INMS(6)_sites(14)ForestDnsZones(8)genmills(3)com(0)\\\" QTYPE SRV (33) QCLASS 1 ANSWER SECTION: empty AUTHORITY SECTION: empty ADDITIONAL SECTION: empty\n\n- SYSLOG\n\n 29.11.2023 14:13:11 1B14 PACKET 00000274481BF1B0 UDP Snd 198.51.100.0 14fc Q [0001 D NOERROR] A (23)win-dns(10)westeurope(8)test(5)azure(3)com(0)"]]
