Sysmon update introduces DNS Query Logging

sysmon dns query logging
Martin Brinkmann
Jun 10, 2019
Updated • Jun 10, 2019
Windows
|
2

A new version of the Sysmon tool will be released on Tuesday 11, 2019 that introduces DNS query logging to the Windows system monitor.

Mark Russinovich, the creator of the tool and Microsoft Azure CTO, teased the new feature in a message on Twitter on June 8, 2019.

The system monitor Sysmon extends the functionality of the Windows Event log by monitoring the system for certain events and writing them to the event log.

Tip: check out our review of Sysmon 5 to get a better understanding of the free application.

ADVERTISEMENT

Sysmon: dns query logging

sysmon dns query logging

The next Sysmon release introduces support for DNS query logging. Russinovich published a screenshot on Twitter that showcases the new feature. The screenshot shows logged DNS queries and information about one of the logged queries.

Particularly interesting is the linking of the query to a specific executable on the system and that DNS query responses are logged as well. The value of "Image" reveals the program the query initiated from.

The Windows Event Log supports the logging of DNS queries but it needs to be enabled first before Windows starts logging these events, and does not highlight the executable file that initiated the query.

Here is how you enable DNS logging on Windows:

  1. Use Windows-R to open the run box on the system.
  2. Type eventvwr.msc and tap on the Enter-key to load the Event Viewer.
  3. Navigate the following path: Applications and Service Logs > Microsoft > Windows > DNS Client Events > Operational
  4. Right-click on Operational, and select Enable Log.

Closing words

The new Sysmon feature improves DNS query logging on Windows. Especially the logging of executable filenames and paths should be welcome as it makes it easier to identify the programs a DNS query originated from.

Regularly going through the DNS query log could highlight programs that leak information potentially or are dangerous. The feature may also be useful when it comes to the logging of software installations or updates to verify what is happening in the background.

The new version of Sysmon will be published on Microsoft's Sysinternals website.

Now You: do you analyze DNS queries? (via Bleeping Computer)

Summary
Sysmon update introduces DNS Query Logging
Article Name
Sysmon update introduces DNS Query Logging
Description
A new version of the Sysmon tool will be released on Tuesday 11, 2019 that introduces DNS query logging to the Windows system monitor.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Related content

Microsoft is testing these Windows 11 Widgets Board changes

Microsoft has a fix for the Windows screenshot tool leak issue

How to set default apps in Windows 11

Microsoft confirms "Local Security protection is off" Microsoft Defender issue

Windows users, your cropped images may not be private

How to install Windows 11 in VMware Workstation

Previous Post: «
Next Post: «

Comments

  1. Bill said on June 10, 2019 at 11:38 am
    Reply

    Martin, Please change Mike to Mark.

  2. chesscanoe said on June 11, 2019 at 1:01 am
    Reply

    I hope the newest version continues to use “Event timestamps are in UTC standard time.”

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Ghacks Newsletter Sign Up

Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up

Advertisement

Hot Discussions

Advertisement

Recently Updated

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2023 - All rights reserved