Augmenter le niveau de log du service NetLogon

Augmenter le niveau de log du service NetLogon

nltest /<servername> /dbflag:0x2080ffff

Le log netlogon est accessible sur %windir%\Debug\NetLogon.log

Peut être visualisé avec l’utilitaire tail.exe dispo sur le ressource kit de Microsoft Windows Server 2003

tail -f \\<server>\c$\windows\debug\netlogon.log

clé de registre associée:

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag

Puis arrêt/redémarrage du service NetLogon (net stop netlogon && net start netlogon)

Pour réinitialiser la clé:

nltest /<servername> /dbflag:0x0

Article disponible via KB Microsoft: http://support.microsoft.com/kb/109626/en-us

Debug flags:

//////////////////////////////////////////////////////////////////////// 
// Windows Server 2008, Windows Vista, Windows Server 2003, Windows 2000 Debug flags and their values
//////////////////////////////////////////////////////////////////////// 

#define NL_INIT          0x00000001 // Initialization
#define NL_MISC          0x00000002 // Misc debug
#define NL_LOGON         0x00000004 // Logon processing
#define NL_SYNC          0x00000008 // Synchronization and replication
#define NL_MAILSLOT      0x00000010 // Mailslot messages
#define NL_SITE          0x00000020 // Sites
#define NL_CRITICAL      0x00000100 // Only real important errors
#define NL_SESSION_SETUP 0x00000200 // Trusted Domain maintenance
#define NL_DOMAIN        0x00000400 // Hosted Domain maintenance
#define NL_2             0x00000800
#define NL_SERVER_SESS   0x00001000 // Server session maintenance
#define NL_CHANGELOG     0x00002000 // Change Log references
#define NL_DNS           0x00004000 // DNS name registration

// 
// Very verbose bits
// 

#define NL_WORKER        0x00010000 // Debug worker thread
#define NL_DNS_MORE      0x00020000 // Verbose DNS name registration
#define NL_PULSE_MORE    0x00040000 // Verbose pulse processing
#define NL_SESSION_MORE  0x00080000 // Verbose session management
#define NL_REPL_TIME     0x00100000 // replication timing output
#define NL_REPL_OBJ_TIME 0x00200000 // replication objects get/set timing output
#define NL_ENCRYPT       0x00400000 // debug encrypt and decrypt across net
#define NL_SYNC_MORE     0x00800000 // additional replication dbgprint
#define NL_PACK_VERBOSE  0x01000000 // Verbose Pack/Unpack
#define NL_MAILSLOT_TEXT 0x02000000 // Verbose Mailslot messages
#define NL_CHALLENGE_RES 0x04000000 // challenge response debug
#define NL_SITE_MORE     0x08000000 // Verbose sites

// 
// Control bits.
// 

#define NL_INHIBIT_CANCEL 0x10000000 // Don't cancel API calls
#define NL_TIMESTAMP      0x20000000 // TimeStamp each output line
#define NL_ONECHANGE_REPL 0x40000000 // Only replicate one change per call
#define NL_BREAKPOINT     0x80000000 // Enter debugger on startup

 

 

 

ISA Server 2006 Log IP address convertion

Voici une fonction qui permet de convertir un type BigINT contenu dans le champ ‘ClientIP’ de la table ‘WebProxyLog’ en adresse IP de type A.B.C.D

USE [master]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE FUNCTION [dbo].[IntegerToIPAddress] (@IP AS bigint)
RETURNS varchar(15)
AS
BEGIN
DECLARE @Octet1 bigint
DECLARE @Octet2 bigint
DECLARE @Octet3 bigint
DECLARE @Octet4 bigint
DECLARE @RestOfIP bigint
SET @Octet1 = @IP / 16777216
SET @RestOfIP = @IP - (@Octet1 * 16777216)
SET @Octet2 = @RestOfIP / 65536
SET @RestOfIP = @RestOfIP - (@Octet2 * 65536)
SET @Octet3 = @RestOfIP / 256
SET @Octet4 = @RestOfIP - (@Octet3 * 256)
RETURN(CONVERT(varchar, @Octet1) + '.' +
CONVERT(varchar, @Octet2) + '.' +
CONVERT(varchar, @Octet3) + '.' +
CONVERT(varchar, @Octet4))
END

Une fois la fonction créée, on peut l’exécuter comme cela:

use master
go
SELECT  dbo.IntegerToIPAddress(167772161)
go

Résultat:

 

Pour la conversion inverse adresseIP vers BigINT utiliser la requête fournit par Microsoft dans son KB891223

SELECT
CAST(SourceIP / 256 / 256 / 256 % 256 AS VARCHAR) + '.' +
CAST(SourceIP / 256 / 256 % 256 AS VARCHAR) + '.' +
CAST(SourceIP / 256 % 256 AS VARCHAR) + '.' +
CAST(SourceIP % 256 AS VARCHAR) 

AS [Nice Source Ip], FirewallLog.*
From FirewallLog