DNS Analytics
The DNS Analytics normalizes DNS events. You can further customize the searches to perform in-depth analysis.
Package Details
The application consists of the following components:
-
Normalization Packages
- LP_CSIS Secure DNS
- LP_Secure DNS
- LP_ISC Dhcpd
- LP_DNS BIND
-
Label Package
- LP_ISC DHCPD
Enhancement
The application has been updated to comply with LogPoint v6.7.0.
Installation
Follow these steps to install the DNS Analytics v5.0.0 plugin:
- Download the DNS Analytics package from the Download section above.
- Add the required DNS server as a device in LogPoint.
-
Create a collection policy with the Syslog collector and appropriate processing policy.
- Assign the policy to the device.
Supported Devices
The supported devices of the DNS Server with LogPoint in this configuration are:
- DNS BIND
- Secure DNS
Log Format
Expected Log Format
- DNS Bind
Log Sample
<13>Jan 17 22:11:10 fedora BIND-DNS: 21:11:09.648 queries: info: client 2.2.2.289#55175 (xxx.xxx.xx.net): query: scontent-arn2-1.xx.xxxx.net IN A + (1.1.1.1)secdns 2016 Feb 24 10:27:18 PF: client 1.1.1.1#80: query: A? abc.com. answer: 1/0/0 CNAME abc.com.np., A 1.1.1.4 (185)
To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.
Package Details
The application contains:
-
Normalization Packages
- LP_CSIS Secure DNS (v76)
- LP_Secure DNS (v1)
- LP_ISC Dhcpd (v2)
- LP_DNS BIND (v2)
-
Label Package
- LP_ISC DHCPD (v9)
Enhancement
From now on, the normalized field names are conveniently mapped to the LogPoint taxonomy. Please find the mapping in the table below.
| Packages |
Previously Used Field Name
|
Modified Field Name |
|---|---|---|
|
LP_CSIS Secure DNS |
source_addresss |
source_addresss |
| caller_computer | host | |
| dns_destination_address | destination_address | |
|
LP_Secure DNS |
dns_destination_address | destination_address |
|
LP_ISC Dhcpd |
source_host | host |
| source_hardware_address | hardware_address | |
| description | message | |
| dhcp_id | id | |
| dhcp_pool | pool | |
| lease_details | description | |
|
LP_DNS BIND |
record_class | class |
| response_code | status | |
| destination_hardware_address | hardware_address | |
| error_type | status | |
| interface |
source_interface |
|
| details | description |
Installation
Follow these steps to install the DNS Analytics v3.2.0 plugin:
- Download the DNS Analytics package from the Download section above.
- Add the required DNS server as a device in LogPoint.
- Create a collection policy with Syslog, the normalization, and a relevant repository.
- Assign the policy to the device.
Supported Devices
The supported devices of the DNS Server with LogPoint in this configuration are:
- DNS BIND
- Secure DNS
Configuration Of Sources
Expected Log Format
- DNS Bind
Log Samples
<13>Jan 17 22:11:10 fedora BIND-DNS: 21:11:09.648 queries: info: client 2.2.2.289#55175 (xxx.xxx.xx.net): query: scontent-arn2-1.xx.xxxx.net IN A + (1.1.1.1)
secdns 2016 Feb 24 10:27:18 PF: client 1.1.1.1#80: query: A? abc.com. answer: 1/0/0 CNAME abc.com.np., A 1.1.1.4 (185)
To export data to LogPoint use Syslog collector on port 514 on the LogPoint server.
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
Comments
Please sign in to leave a comment.