Sysmon update introduces DNS Query Logging

sysmon dns query logging
Martin Brinkmann
Jun 10, 2019
Updated • Jun 10, 2019
Windows
|
2

A new version of the Sysmon tool will be released on Tuesday 11, 2019 that introduces DNS query logging to the Windows system monitor.

Mark Russinovich, the creator of the tool and Microsoft Azure CTO, teased the new feature in a message on Twitter on June 8, 2019.

The system monitor Sysmon extends the functionality of the Windows Event log by monitoring the system for certain events and writing them to the event log.

Tip: check out our review of Sysmon 5 to get a better understanding of the free application.

Sysmon: dns query logging

sysmon dns query logging

The next Sysmon release introduces support for DNS query logging. Russinovich published a screenshot on Twitter that showcases the new feature. The screenshot shows logged DNS queries and information about one of the logged queries.

Particularly interesting is the linking of the query to a specific executable on the system and that DNS query responses are logged as well. The value of "Image" reveals the program the query initiated from.

The Windows Event Log supports the logging of DNS queries but it needs to be enabled first before Windows starts logging these events, and does not highlight the executable file that initiated the query.

Here is how you enable DNS logging on Windows:

  1. Use Windows-R to open the run box on the system.
  2. Type eventvwr.msc and tap on the Enter-key to load the Event Viewer.
  3. Navigate the following path: Applications and Service Logs > Microsoft > Windows > DNS Client Events > Operational
  4. Right-click on Operational, and select Enable Log.

Closing words

The new Sysmon feature improves DNS query logging on Windows. Especially the logging of executable filenames and paths should be welcome as it makes it easier to identify the programs a DNS query originated from.

Regularly going through the DNS query log could highlight programs that leak information potentially or are dangerous. The feature may also be useful when it comes to the logging of software installations or updates to verify what is happening in the background.

The new version of Sysmon will be published on Microsoft's Sysinternals website.

Now You: do you analyze DNS queries? (via Bleeping Computer)

Summary
Sysmon update introduces DNS Query Logging
Article Name
Sysmon update introduces DNS Query Logging
Description
A new version of the Sysmon tool will be released on Tuesday 11, 2019 that introduces DNS query logging to the Windows system monitor.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Related content

PC

Canalys: every PC sold will be an AI PC by 2030

Windows 10 updates download faster now

How to turn off App Promotions in Windows 11's Start Menu

Windows 11 24H2 won't boot if the PC does not support this CPU feature
Store

Microsoft Store apps install quicker now and with extra Telemetry
Sign up

Windows 10: Sign in to your Microsoft account messages roll out

Tutorials & Tips

How to Capture Screenshots on Windows 10 and 11

Quick Ways to Open Device Manager in Windows 11

Here is How to Permanently Disable Windows Defender

4 Tested Ways to Install Windows 11 on Unsupported CPU


Previous Post: «
Next Post: «

Comments

  1. chesscanoe said on June 11, 2019 at 1:01 am
    Reply

    I hope the newest version continues to use “Event timestamps are in UTC standard time.”

  2. Bill said on June 10, 2019 at 11:38 am
    Reply

    Martin, Please change Mike to Mark.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved