We use BlueCat for DNS/DHCP and we are forwarding the DNS/DHCP logs via CEF format to HDFS. I am trying to reverse engineer the Splunk Add-on forISCBINDfor Hunk, specifically the assigning of m...
...rying to get the Splunk Add-on forISCBind working using this architecture. The instructions say to do the following:
From http://docs.splunk.com/Documentation/AddOns/latest/ISCBIND/C...
Has anyone else ran into issues with a different logging format? When I look at my DNS logs, they don't match up with the regex expressions in transforms.conf
We're running BlueCat which has Bind...
The error is:
[HTTP 500] [HTTP 409] App "Splunk_TA_isc-bind" already exists; use the "-update true" argument to install anyway
I tried tar a tgz file into etc/apps/ and reload Splunk (version 6...
Hi All,
As per Splunk Add-on forISCBIND dns query and dns errors logs should be in different file however we have single file which has query and error logs together .
Issue is what sourcetyp...
I am looking for anyone who might know the appropriate BIND logging configuration to capture DNS replies so that we can map these into the Network Resolution model in Enterprise Security. Logging t...
Hi all,
I'm looking for the best method to collect DNS logs and specifically the DNS queries and answers logs.
I see there is a preliminary set up in named.conf to enable the logs of the q...
When looking at the search time extractions being done by the Infoblox TA, it seems like the src and dest fields are a little bit mixed up. What I would expect to see as the src (in the example event...
...earch both types of DNS logs for any lookups for www.splunk.com we do a search this way:
index=dnslogs win_query="www.splunk.com" bind_query="www.splunk.com"
It works but is very inefficient b...
Hello please I will ask several questions and thank you for taking step by step because I am a student and this is my first time using splunk enterprise: I want to monitor my active directory I f...