Solved: collect DNS logs

hazem

Hello,

How to collect DNS logs from Active Directory where the domain controllers have a DNS role

gcusello

Splunk Stream is a packet capture app, for my knowledge isn't the best solution for DNS logs, I usually use Splunk_TA_Windows add-on.

Ciao.

Giuseppe

View solution in original post

hazem

Hi @gcusello ,

did you mean that should need to enable the below stanza:

###### Monitor Inputs for DNS ######
[MonitorNoHandle://$WINDIR\System32\Dns\dns.log]
sourcetype=MSAD:NT6:DNS
disabled=1

"While monitoring DNS logs directly with Splunk Universal Forwarder is effective, some articles suggest using Splunk Stream Forwarder apps to enhance log efficiency and analysis capabilities.

what is the best practice?

gcusello

Hi @hazem ,

Splunk Stream is a packet capture app, for my knowledge isn't the best solution for DNS logs, I usually use Splunk_TA_Windows add-on.

Ciao.

Giuseppe

gcusello

Hi @hazem ,

good for you, see next time!

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

gcusello

Hi @hazem ,

use the Splunk_TA_Windows (https://splunkbase.splunk.com/app/742) enabling the relatiove stanzas.

Ciao.

Giuseppe

collect DNS logs

LDAP

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)