jasonadsit · July 15, 2016 21:31
diff --git a/Enable-DnsClientLogging.ps1 b/Enable-DnsClientLogging.ps1
 function Enable-DnsClientLogging {

 Param (

  [parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
  [Alias('DNSHostName','PSComputerName','CN','Hostname')]
  [array] $ComputerName = $env:COMPUTERNAME

 ) # End of Param section

 Begin {} # End of Begin ScriptBlock

 Process {

  Write-Verbose "Begin building ScriptBlock to enable the Microsoft-Windows-DNS-Client/Operational event log"

  $EnableDnsClientEventLogScriptBlock = {

    $logName = 'Microsoft-Windows-DNS-Client/Operational'
    $log = New-Object System.Diagnostics.Eventing.Reader.EventLogConfiguration $logName
    $log.IsEnabled=$true
    $log.MaximumSizeInBytes=131072000
    $log.SaveChanges()

  }

  Write-Verbose "End building scriptblock to enable the Microsoft-Windows-DNS-Client/Operational event log"

  Write-Verbose "Begin execution of scriptblock on remote machine"

  Invoke-Command -ComputerName $ComputerName -ScriptBlock $EnableDnsClientEventLogScriptBlock

  Write-Verbose "End execution of scriptblock on remote machine"

 } # End of Process ScriptBlock

 End {

  Write-Host ''
  Write-Host ''
  Write-Host "DNS client event loggin has been enable on the following computers:" -ForegroundColor "Green"
  Write-Host ''
  Write-Host "$ComputerName" -ForegroundColor "Cyan"
  Write-Host ''
  Write-Host 'You can now retrieve DNS client events like' -ForegroundColor "Green"
  Write-Host 'in the following example (copy & paste):' -ForegroundColor "Green"
  Write-Host ''
  Write-Host '$DnsClientEventFilter = [xml]@"'
  Write-Host '<QueryList>'
  Write-Host "  <Query Id='0' Path='Microsoft-Windows-DNS-Client/Operational'>"
  Write-Host "    <Select Path='Microsoft-Windows-DNS-Client/Operational'>*</Select>"
  Write-Host '  </Query>'
  Write-Host '</QueryList>'
  Write-Host '"@'
  Write-Host ''
  Write-Host "Get-WinEvent -ComputerName $($ComputerName | Select-Object -First 1) -FilterXml `$DnsClientEventFilter"
  Write-Host ''
  Write-Host 'Happy hunting!' -ForegroundColor "Green"
  Write-Host ''
  Write-Host ''

 } # End of End ScriptBlock

 <#
  .SYNOPSIS
    Enables DNS client loggin on endpoints.

  .DESCRIPTION
    Enables DNS client loggin on endpoints.
    Sets the max log size to 128 MB.
    Gives a cut & paste example of how to retrieve filtered events.

  .PARAMETER ComputerName
    The computer name to act on. Defaults to localhost (actually... $env:COMPUTERNAME)
    Accepts values from the pipeline.

  .EXAMPLE
    Enable-DnsClientLogging -ComputerName host1
    Enables DNS client logging on host1.

  .EXAMPLE
    'host1','host2','host3' | Enable-DnsClientLogging
    Enables DNS client logging on the three host input via the pipeline.
 #>

 } # End of function Enable-DnsClientLogging
	function Enable-DnsClientLogging {

	Param (

	[parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
	[Alias('DNSHostName','PSComputerName','CN','Hostname')]
	[array] $ComputerName = $env:COMPUTERNAME

	) # End of Param section

	Begin {} # End of Begin ScriptBlock

	Process {

	Write-Verbose "Begin building ScriptBlock to enable the Microsoft-Windows-DNS-Client/Operational event log"

	$EnableDnsClientEventLogScriptBlock = {

	$logName = 'Microsoft-Windows-DNS-Client/Operational'
	$log = New-Object System.Diagnostics.Eventing.Reader.EventLogConfiguration $logName
	$log.IsEnabled=$true
	$log.MaximumSizeInBytes=131072000
	$log.SaveChanges()

	}

	Write-Verbose "End building scriptblock to enable the Microsoft-Windows-DNS-Client/Operational event log"

	Write-Verbose "Begin execution of scriptblock on remote machine"

	Invoke-Command -ComputerName $ComputerName -ScriptBlock $EnableDnsClientEventLogScriptBlock

	Write-Verbose "End execution of scriptblock on remote machine"

	} # End of Process ScriptBlock

	End {

	Write-Host ''
	Write-Host ''
	Write-Host "DNS client event loggin has been enable on the following computers:" -ForegroundColor "Green"
	Write-Host ''
	Write-Host "$ComputerName" -ForegroundColor "Cyan"
	Write-Host ''
	Write-Host 'You can now retrieve DNS client events like' -ForegroundColor "Green"
	Write-Host 'in the following example (copy & paste):' -ForegroundColor "Green"
	Write-Host ''
	Write-Host '$DnsClientEventFilter = [xml]@"'
	Write-Host '<QueryList>'
	Write-Host " <Query Id='0' Path='Microsoft-Windows-DNS-Client/Operational'>"
	Write-Host " <Select Path='Microsoft-Windows-DNS-Client/Operational'>*</Select>"
	Write-Host ' </Query>'
	Write-Host '</QueryList>'
	Write-Host '"@'
	Write-Host ''
	Write-Host "Get-WinEvent -ComputerName $($ComputerName \| Select-Object -First 1) -FilterXml `$DnsClientEventFilter"
	Write-Host ''
	Write-Host 'Happy hunting!' -ForegroundColor "Green"
	Write-Host ''
	Write-Host ''

	} # End of End ScriptBlock

	<#
	.SYNOPSIS
	Enables DNS client loggin on endpoints.

	.DESCRIPTION
	Enables DNS client loggin on endpoints.
	Sets the max log size to 128 MB.
	Gives a cut & paste example of how to retrieve filtered events.

	.PARAMETER ComputerName
	The computer name to act on. Defaults to localhost (actually... $env:COMPUTERNAME)
	Accepts values from the pipeline.

	.EXAMPLE
	Enable-DnsClientLogging -ComputerName host1
	Enables DNS client logging on host1.

	.EXAMPLE
	'host1','host2','host3' \| Enable-DnsClientLogging
	Enables DNS client logging on the three host input via the pipeline.
	#>

	} # End of function Enable-DnsClientLogging