Sysmon DNS Query Support

Question

I have been trying to generate Sysmon Event ID 22 DNS Query logs using the below xml format 

<Sysmon schemaversion="4.90"> 

<EventFiltering> 

<DnsQuery onmatch="exclude" /> 

</EventFiltering> 

</Sysmon>

But I am only able to see logs with QueryResults: type:  5 and not any other number in place of 5. Example values like type:  1, type:  2, type:  3 etc.. How do I generate logs with different numbers for type field in QueryResults? Can you let me know the xml format that can be used to generate them?

Answer 1

During this period of the year, the number of active users on the forum decreases, making the wait time for answers a little longer. Because of the holidays, you might need to wait a little longer, but you should get an answer soon.

Answer 2

Hi,

It's been a week since I posted a question but there is no reply

https://learn.microsoft.com/en-us/answers/questions/1462975/sysmon-dns-query-support

Answer 3

The only support option for Sysinternals is to post your question on the Q&A forum. You can see this information at this link.

https://learn.microsoft.com/en-us/sysinternals/

If you already posted your question on the Q&A forum, you should get an answer soon.

Answer 4

Hi,

Is there any other way that I can contact Sysmon support? Any Email or other mode of contact other than the Q&A forum?

Answer 5

Hi, I'm Robinson, and I’m happy to help you today.

I want to apologize that this is just a forum for common consumers with domestic issues, because the scope of your question is more focused on an advanced environment, I believe that your question will be better resolved if it is posted in a more suitable location, you may get better help at our sister forums for advanced users and IT Professionals, Q&A forums, the Community is for common consumers with domestic issues. Go here: https://docs.microsoft.com/en-us/answers/index....