Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
default.png

DNS Analytics

The DNS Analytics normalizes DNS events. You can further customize the searches to perform in-depth analysis.

For Logpoint version:

6.7.0 or later 6.0.0 to 6.6.6
Release Details
Version:5.0.0
Release date:2020-02-27
Document date:2020-02-27
SHA 256: 16821acfaa9898655440e4ab0c8f30bbf13ef94da99e13e3f50a151f2cf201b2
Download

Package Details

The application consists of the following components:

  1. Normalization Packages
    • LP_CSIS Secure DNS 
    • LP_Secure DNS 
    • LP_ISC Dhcpd 
    • LP_DNS BIND 
  2. Label Package
    • LP_ISC DHCPD 

Enhancement

The application has been updated to comply with LogPoint v6.7.0.

Installation 

Follow these steps to install the DNS Analytics v5.0.0 plugin:

  1. Download the DNS Analytics package from the Download section above.
  2. Add the required DNS server as a device in LogPoint.

  3. Create a collection policy with the Syslog collector and appropriate processing policy.

  4. Assign the policy to the device.

Supported Devices

The supported devices of the DNS Server with LogPoint in this configuration are:

  • DNS BIND
  • Secure DNS

Log Format

Expected Log Format

  • DNS Bind

Log Sample

<13>Jan 17 22:11:10 fedora BIND-DNS: 21:11:09.648 queries: info: client 2.2.2.289#55175 (xxx.xxx.xx.net): query: scontent-arn2-1.xx.xxxx.net IN A + (1.1.1.1)secdns 2016 Feb 24 10:27:18 PF: client 1.1.1.1#80: query: A? abc.com. answer: 1/0/0 CNAME abc.com.np., A 1.1.1.4 (185)

To export data to LogPoint, use Syslog collector on port 514 on the LogPoint server.

Release Details
Version:3.2.0
Release date:2018-05-17
Document date:2018-02-26
SHA 256: 75670b4e1fa215cdb4f7c65bf8e0cb92a76664e809c44ca3d8b44171adcb6923
Download

Package Details

The application contains:

  1. Normalization Packages
    • LP_CSIS Secure DNS (v76) 
    • LP_Secure DNS (v1) 
    • LP_ISC Dhcpd (v2) 
    • LP_DNS BIND (v2)
  2. Label Package
    • LP_ISC DHCPD (v9)

Enhancement

From now on, the normalized field names are conveniently mapped to the LogPoint taxonomy. Please find the mapping in the table below.

Packages
Previously Used Field Name
 Modified Field Name

 

LP_CSIS Secure DNS

 source_addresss

source_addresss
caller_computer host
dns_destination_address destination_address

LP_Secure DNS

 dns_destination_address destination_address

LP_ISC Dhcpd

 source_host host
source_hardware_address hardware_address
description message
dhcp_id id
dhcp_pool pool
lease_details description

LP_DNS BIND

 record_class class
response_code status
destination_hardware_address hardware_address
error_type status
interface

source_interface
details description

 

Installation 

Follow these steps to install the DNS Analytics v3.2.0 plugin:

  1. Download the DNS Analytics package from the Download section above.
  2. Add the required DNS server as a device in LogPoint.
  3. Create a collection policy with Syslog, the normalization, and a relevant repository.
  4. Assign the policy to the device.

Supported Devices

The supported devices of the DNS Server with LogPoint in this configuration are:

  • DNS BIND
  • Secure DNS

Configuration Of Sources

Expected Log Format

  • DNS Bind

Log Samples

<13>Jan 17 22:11:10 fedora BIND-DNS: 21:11:09.648 queries: info: client 2.2.2.289#55175 (xxx.xxx.xx.net): query: scontent-arn2-1.xx.xxxx.net IN A + (1.1.1.1)

secdns 2016 Feb 24 10:27:18 PF: client 1.1.1.1#80: query: A? abc.com. answer: 1/0/0 CNAME abc.com.np., A 1.1.1.4 (185)

To export data to LogPoint use Syslog collector on port 514 on the LogPoint server.

Support

If you have any queries or require assistance, please feel free to contact our support team: 

Email: servicedesk@logpoint.com
Phone: +45 7060 6100

Best regards,
untitled.svg

Comments

Please sign in to leave a comment.

Follow

Related articles

  • DNS Process Plugin
  • Windows
  • DNS Cleanup Process Plugin
  • Azure Log Analytics
  • Universal Normalizer
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.