phyoewaipaing/Parse_DNS_Debug_Log_v1.1.ps1 Secret

## Parse_DNS_Debug_Log_v1.1.ps1
<#
.SYNOPSIS
Script parse the Server 2012/2016/2019 DNS debug log file of into clear Readable format (Datetime, IP Address and FQDN)

.DESCRIPTION
** This script will filter the ' UDP Rcv ' lines and output the DNS Debug file into Datetime, IP Address and queried DNS name. Columns headers explained as follow:
	Datetime => Datetime stamp when query was made
	IP Address => Source IP Address of the client
	FQDN => Fully Qualified Domain Name of the request

** This script will take some some to process large files. The estimated duration is ~1min for 100 MB file.
** User is prompted with estimated duration before processing file. But it all depends on your compute machine resources.
** The output file name be appended by "_Parsed.txt" where you can rename it to My_DNS_Debug_Parsed.csv if needed.
** This script uses Array List, .Net class and avoid Export-Csv for gaining better performance when processing large text files.
** [Warning]: This script uses certain amount of host's CPU and Memory for processing text file. So, I do not recommend to run this script on Domain Controllers/ DNS Servers or hosts where resources are limited.

Example usage:
Parse_DNS_Debug_Log.ps1 -DebugFile "C:\MyFolder\DnsDebug.txt"

Author: Phyoe Wai Paing
Country: Myanmar(Burma)
Last Modified: 19.Sep.2020
Initial Release: v1.0 : 15.Sep.2020
v.1.1: 19.Sep.2020 : Add the timer and output the number of processed records & processing time.

.EXAMPLE
Parse_DNS_Debug_Log.ps1 -DebugFile "C:\MyFolder\DnsDebug.txt"
This will parse the DNS Debug file named "C:\MyFolder\DnsDebug.txt". Output file name will be "C:\MyFolder\DnsDebug_Parsed.txt"

.PARAMETER DebugFile
Location of the debug log file. You can specify the file in the current directory or full file path.

.LINK
You can find this script and more at: https://www.sysadminplus.blogspot.com/
#>


Param([string]$DnsFilePath)
If (Test-Path $DnsFilePath)
	{
		$FileInfo = Get-ChildItem -Path $DnsFilePath
		$Duration = [TimeSpan]::FromMilliseconds([math]::round((250260/272205628 *  $FileInfo.Length),0))	## I just put the average duration for 1 byte of file size, multiply by total file size

		If ($Duration.TotalSeconds -gt 10 -AND $Duration.TotalSeconds -lt 60) {
			Write-Host "File size is $([math]::round($FileInfo.Length/1MB,1)) MB."
			Write-Host "It will take less than 1 minute for operation."
			}
		elseif ($Duration.TotalSeconds -gt 60) {
			Write-Host "File size is $([math]::round($FileInfo.Length/1MB,1)) MB."
			Write-Host "It may take $($Duration.Minutes) minutes for operation."
			}
		else {
			Write-Host "File size is $([math]::round($FileInfo.Length/1KB)) KB."
			$SkipLines = 1;
			}
		$Ans = Read-Host "Do you want to continue(y/n)?"

		If ($Ans -eq 'y')
			{
				If (!($SkipLines)) { Write-Host "Processing..."; }
				$i = 0; ## Set to count the number of records;
				$Timer= [Diagnostics.Stopwatch]::StartNew()	## Start the timer
				$ArrayOfStrings = [System.Collections.ArrayList]@()

				Switch -regex ([System.IO.File]::ReadLines($FileInfo.fullname)) {
				' UDP Rcv '	{
					$Datetime = [regex]::matches($switch.current,'\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{1,2}:\d{1,2} (AM|PM)').Value
					$IP = [regex]::matches($switch.current,'\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b').Value
					$FQDN = [regex]::matches($switch.current,"\)[A-z0-9-_]*\(").Value  -replace "\)|\(","" -join "."
					[void]$ArrayOfStrings.Add("$Datetime,$IP,$FQDN")
					$i++;
							}
				}
						$OutFilePath = "$($FileInfo.DirectoryName)\$($FileInfo.BaseName)_Parsed.txt"
						[System.IO.File]::WriteAllLines($OutFilePath, $ArrayOfStrings)
						$Timer.stop()
						Write-host "Total time elapsed: $($Timer.Elapsed.ToString('hh\:mm\:ss\.ff'))"
						Write-Host "Number of Record Processed: $i"
						Write-Host "Parsed File created successfully at $OutFilePath"
			}
		else
			{ Write-Host "Script exits." }
	}
Else
	{
	Write-Host -fore Red "File does not exist in the following location: $DnsFilePath. Script exits."
	}
	<#
	.SYNOPSIS
	Script parse the Server 2012/2016/2019 DNS debug log file of into clear Readable format (Datetime, IP Address and FQDN)

	.DESCRIPTION
	** This script will filter the ' UDP Rcv ' lines and output the DNS Debug file into Datetime, IP Address and queried DNS name. Columns headers explained as follow:
	Datetime => Datetime stamp when query was made
	IP Address => Source IP Address of the client
	FQDN => Fully Qualified Domain Name of the request

	** This script will take some some to process large files. The estimated duration is ~1min for 100 MB file.
	** User is prompted with estimated duration before processing file. But it all depends on your compute machine resources.
	** The output file name be appended by "_Parsed.txt" where you can rename it to My_DNS_Debug_Parsed.csv if needed.
	** This script uses Array List, .Net class and avoid Export-Csv for gaining better performance when processing large text files.
	** [Warning]: This script uses certain amount of host's CPU and Memory for processing text file. So, I do not recommend to run this script on Domain Controllers/ DNS Servers or hosts where resources are limited.

	Example usage:
	Parse_DNS_Debug_Log.ps1 -DebugFile "C:\MyFolder\DnsDebug.txt"

	Author: Phyoe Wai Paing
	Country: Myanmar(Burma)
	Last Modified: 19.Sep.2020
	Initial Release: v1.0 : 15.Sep.2020
	v.1.1: 19.Sep.2020 : Add the timer and output the number of processed records & processing time.

	.EXAMPLE
	Parse_DNS_Debug_Log.ps1 -DebugFile "C:\MyFolder\DnsDebug.txt"
	This will parse the DNS Debug file named "C:\MyFolder\DnsDebug.txt". Output file name will be "C:\MyFolder\DnsDebug_Parsed.txt"

	.PARAMETER DebugFile
	Location of the debug log file. You can specify the file in the current directory or full file path.

	.LINK
	You can find this script and more at: https://www.sysadminplus.blogspot.com/
	#>


	Param([string]$DnsFilePath)
	If (Test-Path $DnsFilePath)
	{
	$FileInfo = Get-ChildItem -Path $DnsFilePath
	$Duration = [TimeSpan]::FromMilliseconds([math]::round((250260/272205628 * $FileInfo.Length),0)) ## I just put the average duration for 1 byte of file size, multiply by total file size

	If ($Duration.TotalSeconds -gt 10 -AND $Duration.TotalSeconds -lt 60) {
	Write-Host "File size is $([math]::round($FileInfo.Length/1MB,1)) MB."
	Write-Host "It will take less than 1 minute for operation."
	}
	elseif ($Duration.TotalSeconds -gt 60) {
	Write-Host "File size is $([math]::round($FileInfo.Length/1MB,1)) MB."
	Write-Host "It may take $($Duration.Minutes) minutes for operation."
	}
	else {
	Write-Host "File size is $([math]::round($FileInfo.Length/1KB)) KB."
	$SkipLines = 1;
	}
	$Ans = Read-Host "Do you want to continue(y/n)?"

	If ($Ans -eq 'y')
	{
	If (!($SkipLines)) { Write-Host "Processing..."; }
	$i = 0; ## Set to count the number of records;
	$Timer= [Diagnostics.Stopwatch]::StartNew() ## Start the timer
	$ArrayOfStrings = [System.Collections.ArrayList]@()

	Switch -regex ([System.IO.File]::ReadLines($FileInfo.fullname)) {
	' UDP Rcv ' {
	$Datetime = [regex]::matches($switch.current,'\d{1,2}/\d{1,2}/\d{4} \d{1,2}:\d{1,2}:\d{1,2} (AM\|PM)').Value
	$IP = [regex]::matches($switch.current,'\b(?:(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\b').Value
	$FQDN = [regex]::matches($switch.current,"\)[A-z0-9-_]*\(").Value -replace "\)\|\(","" -join "."
	[void]$ArrayOfStrings.Add("$Datetime,$IP,$FQDN")
	$i++;
	}
	}
	$OutFilePath = "$($FileInfo.DirectoryName)\$($FileInfo.BaseName)_Parsed.txt"
	[System.IO.File]::WriteAllLines($OutFilePath, $ArrayOfStrings)
	$Timer.stop()
	Write-host "Total time elapsed: $($Timer.Elapsed.ToString('hh\:mm\:ss\.ff'))"
	Write-Host "Number of Record Processed: $i"
	Write-Host "Parsed File created successfully at $OutFilePath"
	}
	else
	{ Write-Host "Script exits." }
	}
	Else
	{
	Write-Host -fore Red "File does not exist in the following location: $DnsFilePath. Script exits."
	}