In my server I want to onboard DNS Audit logs in addition to DNS Events. DNS Audit logs are getting created in
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Audit.evtx
Could you please help me how can i onbard it
I found the solution.
for getting logs on-boarded from the path: C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Audit.evtx. We need below stanza in inputs.conf on universal forwarder:
[WinEventLog://Microsoft-Windows-DNSServer/Audit]
checkpointInterval = 5
current_only = 0
disabled = 0
index =
start_from = oldest
Add your comment...
I think you can monitor the above path, to onboard the logs to splunk
I found the solution.
for getting logs on-boarded from the path: C:\Windows\System32\winevt\Logs\Microsoft-Windows-DNSServer%4Audit.evtx. We need below stanza in inputs.conf on universal forwarder:
[WinEventLog://Microsoft-Windows-DNSServer/Audit]
checkpointInterval = 5
current_only = 0
disabled = 0
index =
start_from = oldest