Readers help support MSpoweruser. We may get a commission if you buy through our links.
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Microsoft has finally introduced a new version of its Windows system service, System Monitor(Sysmon). The company released a version 10 of the service with a new feature called DNS query logging feature that will enable provide Sysmon users several benefits.
Don’t have any idea about System Monitor? Here is how Microsoft describes its Windows system service:
System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log. It provides detailed information about process creations, network connections, and changes to file creation time.
And now that you got an advanced version of it with DNS query logging feature, you will be able to log DNS queries performed on a monitored computer. However, it isn’t enabled by default and therefore to make use of the feature you’ll have to go through the process of enabling it. And this is what Bleeping computer has to say about this.
An example of a very basic configuration file that enables DNS query logging is shown below. This configuration file can be installed using the sysmon.exe -i config.xml, if sysmon is not installed yet, or sysmon.exe -c config.xml, if running already.
Enabling DNSQuery Logging
Once Sysmon is started with the above configuration file, it will begin logging DNS Query events to Applications and Services Logs/Microsoft/Windows/Sysmon/Operational in the Event Viewer.
Below you can see an example of Chrome performing a DNS query for www.bleepingcomputer.com when I visited the site.
2 min. read 
Published on
