extensive dns client logging

[bodik]

https://blogs.technet.microsoft.com/secadv/2018/01/22/parsing-dns-server-log-to-track-active-clients/ https://gist.github.com/randomvariable/be90107fd57a4f9502af2eba62978fb6

function Start-DNSClientLog {
    $DnsOpLog = Get-WinEvent -ListLog Microsoft-Windows-DNS-Client/Operational
    $DnsOpLog.IsEnabled = $true
    $DnsOpLog.SaveChanges()
}

function Get-DNSClientQueries {
    foreach($event in (get-winevent Microsoft-Windows-DNS-Client/Operational | % { [xml]$_.ToXml() })) {
        $Query = ($event.Event.EventData.Data | Where-Object { $_.Name -eq "QueryName" }).'#text'
        if($null -eq $Query) { return }
        New-Object PSObject -Property @{
            "Date" = [DateTime]$event.Event.System.TimeCreated.SystemTime;
            "Query" = $Query
        }   
    }
}