Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What is the best way to collect DNS logs and queries with *nix?

Roberto-P
Explorer
‎08-17-2023 10:10 AM

Hi all,

I'm looking for the best method to collect DNS logs and specifically the DNS queries and answers logs.

I see there is a preliminary set up in named.conf to enable the logs of the queries an where to write them as:

options {
querylog yes;
}

and

logging {
channel querylog {
file "/var/log/dns.log";
severity debug 3;
};
};

Does this  the logs will be in dns.log file , and now what is the best method to ingest them into SPLUNK with the right format mapping? 

What is your experiences with Linux DNS service?

I'm collect events with Splunk Deployment server + Heavy Forwarder  -->Splunk  ES CLOUD .

Thank you.

R

 

Labels (2)
0 Karma
Reply

Roberto-P
Explorer
‎08-18-2023 07:13 AM

I find the "Splunk Add-on for ISC BIND" but is not clear to me if this add-on have to be installed un the Heavy Forwarder only and the server linux with bind have to run the Universal Forwarder for *NIX

thanks

 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...