diff --git a/deployment-apps/Splunk_TA_windows/default/inputs.conf b/deployment-apps/Splunk_TA_windows/default/inputs.conf index bdbf0dce..a39786cc 100644 --- a/deployment-apps/Splunk_TA_windows/default/inputs.conf +++ b/deployment-apps/Splunk_TA_windows/default/inputs.conf @@ -52,69 +52,72 @@ host=WinEventLogForwardHost ###### WinEventLog Inputs for Active Directory ###### ## Application and Services Logs - DFS Replication -[WinEventLog://DFS Replication] -disabled = 1 -renderXml=true +# [WinEventLog://DFS Replication] +# disabled = 1 +# renderXml=true ## Application and Services Logs - Directory Service -[WinEventLog://Directory Service] -disabled = 1 -renderXml=true +# [WinEventLog://Directory Service] +# disabled = 1 +# renderXml=true -## Application and Services Logs - File Replication Service -[WinEventLog://File Replication Service] -disabled = 1 -renderXml=true +# ## Application and Services Logs - File Replication Service +# [WinEventLog://File Replication Service] +# disabled = 1 +# renderXml=true -## Application and Services Logs - Key Management Service -[WinEventLog://Key Management Service] -disabled = 1 -renderXml=true +# ## Application and Services Logs - Key Management Service +# [WinEventLog://Key Management Service] +# disabled = 1 +# renderXml=true -###### WinEventLog Inputs for DNS ###### -[WinEventLog://DNS Server] -disabled=1 -renderXml=true +# ###### WinEventLog Inputs for DNS ###### +# [WinEventLog://DNS Server] +# disabled=1 +# renderXml=true -###### DHCP ###### -[monitor://$WINDIR\System32\DHCP] -disabled = 1 -whitelist = DhcpSrvLog* -crcSalt = -sourcetype = DhcpSrvLog +# ###### DHCP ###### +# [monitor://$WINDIR\System32\DHCP] +# disabled = 1 +# whitelist = DhcpSrvLog* +# crcSalt = +# sourcetype = DhcpSrvLog ###### Windows Update Log ###### ## Enable below stanza to get WindowsUpdate.log for Windows 8, Windows 8.1, Server 2008R2, Server 2012 and Server 2012R2 [monitor://$WINDIR\WindowsUpdate.log] -disabled = 1 +disabled = 0 sourcetype = WindowsUpdateLog +index=wineventlog ## Enable below powershell and monitor stanzas to get WindowsUpdate.log for Windows 10 and Server 2016 ## Below stanza will automatically generate WindowsUpdate.log daily [powershell://generate_windows_update_logs] script = ."$SplunkHome\etc\apps\Splunk_TA_windows\bin\powershell\generate_windows_update_logs.ps1" schedule = 0 */24 * * * -disabled = 1 +disabled = 0 +index=wineventlog ## Below stanza will monitor the generated WindowsUpdate.log in Windows 10 and Server 2016 [monitor://$SPLUNK_HOME\var\log\Splunk_TA_windows\WindowsUpdate.log] -disabled = 1 +disabled = 0 sourcetype = WindowsUpdateLog +index=wineventlog ###### Monitor Inputs for Active Directory ###### -[monitor://$WINDIR\debug\netlogon.log] -sourcetype=MSAD:NT6:Netlogon -disabled=1 +# [monitor://$WINDIR\debug\netlogon.log] +# sourcetype=MSAD:NT6:Netlogon +# disabled=1 ###### Monitor Inputs for DNS ###### -[MonitorNoHandle://$WINDIR\System32\Dns\dns.log] -sourcetype=MSAD:NT6:DNS -disabled=1 +# [MonitorNoHandle://$WINDIR\System32\Dns\dns.log] +# sourcetype=MSAD:NT6:DNS +# disabled=1 ###### Scripted Input (See also wmi.conf) @@ -151,67 +154,67 @@ sourcetype = Script:NetworkConfiguration ###### Scripted/Powershell Mod inputs Active Directory ###### ## Replication Information NT6 -[script://.\bin\runpowershell.cmd nt6-repl-stat.ps1] -source=Powershell -sourcetype=MSAD:NT6:Replication -interval=300 -disabled=1 +# [script://.\bin\runpowershell.cmd nt6-repl-stat.ps1] +# source=Powershell +# sourcetype=MSAD:NT6:Replication +# interval=300 +# disabled=1 ## Replication Information 2012r2 and 2016 -[powershell://Replication-Stats] -script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-repl-stats.ps1" -schedule = 0 */5 * ? * * -source = Powershell -sourcetype=MSAD:NT6:Replication -disabled=1 +# [powershell://Replication-Stats] +# script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-repl-stats.ps1" +# schedule = 0 */5 * ? * * +# source = Powershell +# sourcetype=MSAD:NT6:Replication +# disabled=1 ## Health and Topology Information NT6 -[script://.\bin\runpowershell.cmd nt6-health.ps1] -source=Powershell -sourcetype=MSAD:NT6:Health -interval=300 -disabled=1 +# [script://.\bin\runpowershell.cmd nt6-health.ps1] +# source=Powershell +# sourcetype=MSAD:NT6:Health +# interval=300 +# disabled=1 ## Health and Topology Information 2012r2 and 2016 -[powershell://AD-Health] -script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-health.ps1" -schedule = 0 */5 * ? * * -source=Powershell -sourcetype=MSAD:NT6:Health -disabled=1 +# [powershell://AD-Health] +# script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-health.ps1" +# schedule = 0 */5 * ? * * +# source=Powershell +# sourcetype=MSAD:NT6:Health +# disabled=1 ## Site, Site Link and Subnet Information NT6 -[script://.\bin\runpowershell.cmd nt6-siteinfo.ps1] -source=Powershell -sourcetype=MSAD:NT6:SiteInfo -interval=3600 -disabled=1 +# [script://.\bin\runpowershell.cmd nt6-siteinfo.ps1] +# source=Powershell +# sourcetype=MSAD:NT6:SiteInfo +# interval=3600 +# disabled=1 ## Site, Site Link and Subnet Information 2012r2 and 2016 -[powershell://Siteinfo] -script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-siteinfo.ps1" -schedule = 0 15 * ? * * -source = Powershell -sourcetype=MSAD:NT6:SiteInfo -disabled=1 +# [powershell://Siteinfo] +# script = & "$SplunkHome\etc\apps\Splunk_TA_windows\bin\Invoke-MonitoredScript.ps1" -Command ".\powershell\2012r2-siteinfo.ps1" +# schedule = 0 15 * ? * * +# source = Powershell +# sourcetype=MSAD:NT6:SiteInfo +# disabled=1 ##### Scripted Inputs for DNS ##### ## DNS Zone Information Collection -[script://.\bin\runpowershell.cmd dns-zoneinfo.ps1] -source=Powershell -sourcetype=MSAD:NT6:DNS-Zone-Information -interval=3600 -disabled=1 +# [script://.\bin\runpowershell.cmd dns-zoneinfo.ps1] +# source=Powershell +# sourcetype=MSAD:NT6:DNS-Zone-Information +# interval=3600 +# disabled=1 -## DNS Health Information Collection -[script://.\bin\runpowershell.cmd dns-health.ps1] -source=Powershell -sourcetype=MSAD:NT6:DNS-Health -interval=3600 -disabled=1 +# ## DNS Health Information Collection +# [script://.\bin\runpowershell.cmd dns-health.ps1] +# source=Powershell +# sourcetype=MSAD:NT6:DNS-Health +# interval=3600 +# disabled=1 ###### Host monitoring ###### @@ -375,48 +378,48 @@ useEnglishOnly=true ###### Perfmon Inputs from TA-AD/TA-DNS ###### -[perfmon://Processor] -object = Processor -counters = % Processor Time; % User Time; % Privileged Time; Interrupts/sec; % DPC Time; % Interrupt Time; DPCs Queued/sec; DPC Rate; % Idle Time; % C1 Time; % C2 Time; % C3 Time; C1 Transitions/sec; C2 Transitions/sec; C3 Transitions/sec -instances = * -interval = 10 -disabled = 1 -mode = multikv -useEnglishOnly=true - -[perfmon://Network_Interface] -object = Network Interface -counters = Bytes Total/sec; Packets/sec; Packets Received/sec; Packets Sent/sec; Current Bandwidth; Bytes Received/sec; Packets Received Unicast/sec; Packets Received Non-Unicast/sec; Packets Received Discarded; Packets Received Errors; Packets Received Unknown; Bytes Sent/sec; Packets Sent Unicast/sec; Packets Sent Non-Unicast/sec; Packets Outbound Discarded; Packets Outbound Errors; Output Queue Length; Offloaded Connections; TCP Active RSC Connections; TCP RSC Coalesced Packets/sec; TCP RSC Exceptions/sec; TCP RSC Average Packet Size -instances = * -interval = 10 -disabled = 1 -mode = multikv -useEnglishOnly=true - -[perfmon://DFS_Replicated_Folders] -object = DFS Replicated Folders -counters = Bandwidth Savings Using DFS Replication; RDC Bytes Received; RDC Compressed Size of Files Received; RDC Size of Files Received; RDC Number of Files Received; Compressed Size of Files Received; Size of Files Received; Total Files Received; Deleted Space In Use; Deleted Bytes Cleaned up; Deleted Files Cleaned up; Deleted Bytes Generated; Deleted Files Generated; Updates Dropped; File Installs Retried; File Installs Succeeded; Conflict Folder Cleanups Completed; Conflict Space In Use; Conflict Bytes Cleaned up; Conflict Files Cleaned up; Conflict Bytes Generated; Conflict Files Generated; Staging Space In Use; Staging Bytes Cleaned up; Staging Files Cleaned up; Staging Bytes Generated; Staging Files Generated -instances = * -interval = 30 -disabled = 1 -mode = multikv -useEnglishOnly=true - -[perfmon://NTDS] -object = NTDS -counters = DRA Inbound Properties Total/sec; AB Browses/sec; DRA Inbound Objects Applied/sec; DS Threads in Use; AB Client Sessions; DRA Pending Replication Synchronizations; DRA Inbound Object Updates Remaining in Packet; DS Security Descriptor sub-operations/sec; DS Security Descriptor Propagations Events; LDAP Client Sessions; LDAP Active Threads; LDAP Writes/sec; LDAP Searches/sec; DRA Outbound Objects/sec; DRA Outbound Properties/sec; DRA Inbound Values Total/sec; DRA Sync Requests Made; DRA Sync Requests Successful; DRA Sync Failures on Schema Mismatch; DRA Inbound Objects/sec; DRA Inbound Properties Applied/sec; DRA Inbound Properties Filtered/sec; DS Monitor List Size; DS Notify Queue Size; LDAP UDP operations/sec; DS Search sub-operations/sec; DS Name Cache hit rate; DRA Highest USN Issued (Low part); DRA Highest USN Issued (High part); DRA Highest USN Committed (Low part); DRA Highest USN Committed (High part); DS % Writes from SAM; DS % Writes from DRA; DS % Writes from LDAP; DS % Writes from LSA; DS % Writes from KCC; DS % Writes from NSPI; DS % Writes Other; DS Directory Writes/sec; DS % Searches from SAM; DS % Searches from DRA; DS % Searches from LDAP; DS % Searches from LSA; DS % Searches from KCC; DS % Searches from NSPI; DS % Searches Other; DS Directory Searches/sec; DS % Reads from SAM; DS % Reads from DRA; DRA Inbound Values (DNs only)/sec; DRA Inbound Objects Filtered/sec; DS % Reads from LSA; DS % Reads from KCC; DS % Reads from NSPI; DS % Reads Other; DS Directory Reads/sec; LDAP Successful Binds/sec; LDAP Bind Time; SAM Successful Computer Creations/sec: Includes all requests; SAM Machine Creation Attempts/sec; SAM Successful User Creations/sec; SAM User Creation Attempts/sec; SAM Password Changes/sec; SAM Membership Changes/sec; SAM Display Information Queries/sec; SAM Enumerations/sec; SAM Transitive Membership Evaluations/sec; SAM Non-Transitive Membership Evaluations/sec; SAM Domain Local Group Membership Evaluations/sec; SAM Universal Group Membership Evaluations/sec; SAM Global Group Membership Evaluations/sec; SAM GC Evaluations/sec; DRA Inbound Full Sync Objects Remaining; DRA Inbound Bytes Total/sec; DRA Inbound Bytes Not Compressed (Within Site)/sec; DRA Inbound Bytes Compressed (Between Sites, Before Compression)/sec; DRA Inbound Bytes Compressed (Between Sites, After Compression)/sec; DRA Outbound Bytes Total/sec; DRA Outbound Bytes Not Compressed (Within Site)/sec; DRA Outbound Bytes Compressed (Between Sites, Before Compression)/sec; DRA Outbound Bytes Compressed (Between Sites, After Compression)/sec; DS Client Binds/sec; DS Server Binds/sec; DS Client Name Translations/sec; DS Server Name Translations/sec; DS Security Descriptor Propagator Runtime Queue; DS Security Descriptor Propagator Average Exclusion Time; DRA Outbound Objects Filtered/sec; DRA Outbound Values Total/sec; DRA Outbound Values (DNs only)/sec; AB ANR/sec; AB Property Reads/sec; AB Searches/sec; AB Matches/sec; AB Proxy Lookups/sec; ATQ Threads Total; ATQ Threads LDAP; ATQ Threads Other; DRA Inbound Bytes Total Since Boot; DRA Inbound Bytes Not Compressed (Within Site) Since Boot; DRA Inbound Bytes Compressed (Between Sites, Before Compression) Since Boot; DRA Inbound Bytes Compressed (Between Sites, After Compression) Since Boot; DRA Outbound Bytes Total Since Boot; DRA Outbound Bytes Not Compressed (Within Site) Since Boot; DRA Outbound Bytes Compressed (Between Sites, Before Compression) Since Boot; DRA Outbound Bytes Compressed (Between Sites, After Compression) Since Boot; LDAP New Connections/sec; LDAP Closed Connections/sec; LDAP New SSL Connections/sec; DRA Pending Replication Operations; DRA Threads Getting NC Changes; DRA Threads Getting NC Changes Holding Semaphore; DRA Inbound Link Value Updates Remaining in Packet; DRA Inbound Total Updates Remaining in Packet; DS % Writes from NTDSAPI; DS % Searches from NTDSAPI; DS % Reads from NTDSAPI; SAM Account Group Evaluation Latency; SAM Resource Group Evaluation Latency; ATQ Outstanding Queued Requests; ATQ Request Latency; ATQ Estimated Queue Delay; Tombstones Garbage Collected/sec; Phantoms Cleaned/sec; Link Values Cleaned/sec; Tombstones Visited/sec; Phantoms Visited/sec; NTLM Binds/sec; Negotiated Binds/sec; Digest Binds/sec; Simple Binds/sec; External Binds/sec; Fast Binds/sec; Base searches/sec; Subtree searches/sec; Onelevel searches/sec; Database adds/sec; Database modifys/sec; Database deletes/sec; Database recycles/sec; Approximate highest DNT; Transitive operations/sec; Transitive suboperations/sec; Transitive operations milliseconds run -interval = 10 -disabled = 1 -mode = multikv -useEnglishOnly=true - -[perfmon://DNS] -object = DNS -counters = Total Query Received; Total Query Received/sec; UDP Query Received; UDP Query Received/sec; TCP Query Received; TCP Query Received/sec; Total Response Sent; Total Response Sent/sec; UDP Response Sent; UDP Response Sent/sec; TCP Response Sent; TCP Response Sent/sec; Recursive Queries; Recursive Queries/sec; Recursive Send TimeOuts; Recursive TimeOut/sec; Recursive Query Failure; Recursive Query Failure/sec; Notify Sent; Zone Transfer Request Received; Zone Transfer Success; Zone Transfer Failure; AXFR Request Received; AXFR Success Sent; IXFR Request Received; IXFR Success Sent; Notify Received; Zone Transfer SOA Request Sent; AXFR Request Sent; AXFR Response Received; AXFR Success Received; IXFR Request Sent; IXFR Response Received; IXFR Success Received; IXFR UDP Success Received; IXFR TCP Success Received; WINS Lookup Received; WINS Lookup Received/sec; WINS Response Sent; WINS Response Sent/sec; WINS Reverse Lookup Received; WINS Reverse Lookup Received/sec; WINS Reverse Response Sent; WINS Reverse Response Sent/sec; Dynamic Update Received; Dynamic Update Received/sec; Dynamic Update NoOperation; Dynamic Update NoOperation/sec; Dynamic Update Written to Database; Dynamic Update Written to Database/sec; Dynamic Update Rejected; Dynamic Update TimeOuts; Dynamic Update Queued; Secure Update Received; Secure Update Received/sec; Secure Update Failure; Database Node Memory; Record Flow Memory; Caching Memory; UDP Message Memory; TCP Message Memory; Nbstat Memory; Unmatched Responses Received -interval = 10 -disabled = 1 -mode = multikv -useEnglishOnly=true +# [perfmon://Processor] +# object = Processor +# counters = % Processor Time; % User Time; % Privileged Time; Interrupts/sec; % DPC Time; % Interrupt Time; DPCs Queued/sec; DPC Rate; % Idle Time; % C1 Time; % C2 Time; % C3 Time; C1 Transitions/sec; C2 Transitions/sec; C3 Transitions/sec +# instances = * +# interval = 10 +# disabled = 1 +# mode = multikv +# useEnglishOnly=true + +# [perfmon://Network_Interface] +# object = Network Interface +# counters = Bytes Total/sec; Packets/sec; Packets Received/sec; Packets Sent/sec; Current Bandwidth; Bytes Received/sec; Packets Received Unicast/sec; Packets Received Non-Unicast/sec; Packets Received Discarded; Packets Received Errors; Packets Received Unknown; Bytes Sent/sec; Packets Sent Unicast/sec; Packets Sent Non-Unicast/sec; Packets Outbound Discarded; Packets Outbound Errors; Output Queue Length; Offloaded Connections; TCP Active RSC Connections; TCP RSC Coalesced Packets/sec; TCP RSC Exceptions/sec; TCP RSC Average Packet Size +# instances = * +# interval = 10 +# disabled = 1 +# mode = multikv +# useEnglishOnly=true + +# [perfmon://DFS_Replicated_Folders] +# object = DFS Replicated Folders +# counters = Bandwidth Savings Using DFS Replication; RDC Bytes Received; RDC Compressed Size of Files Received; RDC Size of Files Received; RDC Number of Files Received; Compressed Size of Files Received; Size of Files Received; Total Files Received; Deleted Space In Use; Deleted Bytes Cleaned up; Deleted Files Cleaned up; Deleted Bytes Generated; Deleted Files Generated; Updates Dropped; File Installs Retried; File Installs Succeeded; Conflict Folder Cleanups Completed; Conflict Space In Use; Conflict Bytes Cleaned up; Conflict Files Cleaned up; Conflict Bytes Generated; Conflict Files Generated; Staging Space In Use; Staging Bytes Cleaned up; Staging Files Cleaned up; Staging Bytes Generated; Staging Files Generated +# instances = * +# interval = 30 +# disabled = 1 +# mode = multikv +# useEnglishOnly=true + +# [perfmon://NTDS] +# object = NTDS +# counters = DRA Inbound Properties Total/sec; AB Browses/sec; DRA Inbound Objects Applied/sec; DS Threads in Use; AB Client Sessions; DRA Pending Replication Synchronizations; DRA Inbound Object Updates Remaining in Packet; DS Security Descriptor sub-operations/sec; DS Security Descriptor Propagations Events; LDAP Client Sessions; LDAP Active Threads; LDAP Writes/sec; LDAP Searches/sec; DRA Outbound Objects/sec; DRA Outbound Properties/sec; DRA Inbound Values Total/sec; DRA Sync Requests Made; DRA Sync Requests Successful; DRA Sync Failures on Schema Mismatch; DRA Inbound Objects/sec; DRA Inbound Properties Applied/sec; DRA Inbound Properties Filtered/sec; DS Monitor List Size; DS Notify Queue Size; LDAP UDP operations/sec; DS Search sub-operations/sec; DS Name Cache hit rate; DRA Highest USN Issued (Low part); DRA Highest USN Issued (High part); DRA Highest USN Committed (Low part); DRA Highest USN Committed (High part); DS % Writes from SAM; DS % Writes from DRA; DS % Writes from LDAP; DS % Writes from LSA; DS % Writes from KCC; DS % Writes from NSPI; DS % Writes Other; DS Directory Writes/sec; DS % Searches from SAM; DS % Searches from DRA; DS % Searches from LDAP; DS % Searches from LSA; DS % Searches from KCC; DS % Searches from NSPI; DS % Searches Other; DS Directory Searches/sec; DS % Reads from SAM; DS % Reads from DRA; DRA Inbound Values (DNs only)/sec; DRA Inbound Objects Filtered/sec; DS % Reads from LSA; DS % Reads from KCC; DS % Reads from NSPI; DS % Reads Other; DS Directory Reads/sec; LDAP Successful Binds/sec; LDAP Bind Time; SAM Successful Computer Creations/sec: Includes all requests; SAM Machine Creation Attempts/sec; SAM Successful User Creations/sec; SAM User Creation Attempts/sec; SAM Password Changes/sec; SAM Membership Changes/sec; SAM Display Information Queries/sec; SAM Enumerations/sec; SAM Transitive Membership Evaluations/sec; SAM Non-Transitive Membership Evaluations/sec; SAM Domain Local Group Membership Evaluations/sec; SAM Universal Group Membership Evaluations/sec; SAM Global Group Membership Evaluations/sec; SAM GC Evaluations/sec; DRA Inbound Full Sync Objects Remaining; DRA Inbound Bytes Total/sec; DRA Inbound Bytes Not Compressed (Within Site)/sec; DRA Inbound Bytes Compressed (Between Sites, Before Compression)/sec; DRA Inbound Bytes Compressed (Between Sites, After Compression)/sec; DRA Outbound Bytes Total/sec; DRA Outbound Bytes Not Compressed (Within Site)/sec; DRA Outbound Bytes Compressed (Between Sites, Before Compression)/sec; DRA Outbound Bytes Compressed (Between Sites, After Compression)/sec; DS Client Binds/sec; DS Server Binds/sec; DS Client Name Translations/sec; DS Server Name Translations/sec; DS Security Descriptor Propagator Runtime Queue; DS Security Descriptor Propagator Average Exclusion Time; DRA Outbound Objects Filtered/sec; DRA Outbound Values Total/sec; DRA Outbound Values (DNs only)/sec; AB ANR/sec; AB Property Reads/sec; AB Searches/sec; AB Matches/sec; AB Proxy Lookups/sec; ATQ Threads Total; ATQ Threads LDAP; ATQ Threads Other; DRA Inbound Bytes Total Since Boot; DRA Inbound Bytes Not Compressed (Within Site) Since Boot; DRA Inbound Bytes Compressed (Between Sites, Before Compression) Since Boot; DRA Inbound Bytes Compressed (Between Sites, After Compression) Since Boot; DRA Outbound Bytes Total Since Boot; DRA Outbound Bytes Not Compressed (Within Site) Since Boot; DRA Outbound Bytes Compressed (Between Sites, Before Compression) Since Boot; DRA Outbound Bytes Compressed (Between Sites, After Compression) Since Boot; LDAP New Connections/sec; LDAP Closed Connections/sec; LDAP New SSL Connections/sec; DRA Pending Replication Operations; DRA Threads Getting NC Changes; DRA Threads Getting NC Changes Holding Semaphore; DRA Inbound Link Value Updates Remaining in Packet; DRA Inbound Total Updates Remaining in Packet; DS % Writes from NTDSAPI; DS % Searches from NTDSAPI; DS % Reads from NTDSAPI; SAM Account Group Evaluation Latency; SAM Resource Group Evaluation Latency; ATQ Outstanding Queued Requests; ATQ Request Latency; ATQ Estimated Queue Delay; Tombstones Garbage Collected/sec; Phantoms Cleaned/sec; Link Values Cleaned/sec; Tombstones Visited/sec; Phantoms Visited/sec; NTLM Binds/sec; Negotiated Binds/sec; Digest Binds/sec; Simple Binds/sec; External Binds/sec; Fast Binds/sec; Base searches/sec; Subtree searches/sec; Onelevel searches/sec; Database adds/sec; Database modifys/sec; Database deletes/sec; Database recycles/sec; Approximate highest DNT; Transitive operations/sec; Transitive suboperations/sec; Transitive operations milliseconds run +# interval = 10 +# disabled = 1 +# mode = multikv +# useEnglishOnly=true + +# [perfmon://DNS] +# object = DNS +# counters = Total Query Received; Total Query Received/sec; UDP Query Received; UDP Query Received/sec; TCP Query Received; TCP Query Received/sec; Total Response Sent; Total Response Sent/sec; UDP Response Sent; UDP Response Sent/sec; TCP Response Sent; TCP Response Sent/sec; Recursive Queries; Recursive Queries/sec; Recursive Send TimeOuts; Recursive TimeOut/sec; Recursive Query Failure; Recursive Query Failure/sec; Notify Sent; Zone Transfer Request Received; Zone Transfer Success; Zone Transfer Failure; AXFR Request Received; AXFR Success Sent; IXFR Request Received; IXFR Success Sent; Notify Received; Zone Transfer SOA Request Sent; AXFR Request Sent; AXFR Response Received; AXFR Success Received; IXFR Request Sent; IXFR Response Received; IXFR Success Received; IXFR UDP Success Received; IXFR TCP Success Received; WINS Lookup Received; WINS Lookup Received/sec; WINS Response Sent; WINS Response Sent/sec; WINS Reverse Lookup Received; WINS Reverse Lookup Received/sec; WINS Reverse Response Sent; WINS Reverse Response Sent/sec; Dynamic Update Received; Dynamic Update Received/sec; Dynamic Update NoOperation; Dynamic Update NoOperation/sec; Dynamic Update Written to Database; Dynamic Update Written to Database/sec; Dynamic Update Rejected; Dynamic Update TimeOuts; Dynamic Update Queued; Secure Update Received; Secure Update Received/sec; Secure Update Failure; Database Node Memory; Record Flow Memory; Caching Memory; UDP Message Memory; TCP Message Memory; Nbstat Memory; Unmatched Responses Received +# interval = 10 +# disabled = 1 +# mode = multikv +# useEnglishOnly=true [admon://default]