Untitled

avatar
unknown
plain_text
a year ago
620 B
5
Indexable
$logFile = "C:\Windows\System32\dns\debug\dnsdebug.log"
$startDate = (Get-Date).AddDays(-7)

$clientQueries = Get-Content -Path $logFile | 
    Where-Object { $_ -match "Query received" -and [datetime]::ParseExact(($_ -split "\|")[0], "yyyy-MM-dd HH:mm:ss.fff", $null) -ge $startDate } |
    ForEach-Object {
        $parts = $_ -split "\|"
        [PSCustomObject]@{
            Timestamp = [datetime]::ParseExact($parts[0], "yyyy-MM-dd HH:mm:ss.fff", $null)
            ClientIP = $parts[1]
            QueryName = $parts[2]
        }
    }

$clientQueries | Group-Object -Property ClientIP | Select-Object Count, Name
Editor is loading...
Leave a Comment