cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DNS Query logging from Windows Server 2012 DNS Server

Has anyone had success collecting DNS query log data from a Windows 2012 Server DNS Server?  I've installed the Nitro collector on the machine, but am having trouble getting the data to my Receiver and then viewing them in ESM.

4 Replies
Highlighted

Re: DNS Query logging from Windows Server 2012 DNS Server

What does your collector ePO policy look like?

It should be as follows:

SIEM Collector DNS config.PNG

When you add your data source in the SIEM, the datasource host ID must be the same as the Host Id in the collector management utility.

In my case, the Host id of my datasource was <servername>-DNS.

Highlighted

Re: DNS Query logging from Windows Server 2012 DNS Server

Thanks - I ended up getting this configured and am now receiving DNS queries into my SIEM.  Oddly enough, the default "Selected Network Adapter" was the wrong selection.  Once I fixed that, events started pouring in.  The debug log was incredibly helpful with troubleshooting.

Highlighted

Re: DNS Query logging from Windows Server 2012 DNS Server

please share the steps u followed to add DNS data source. I have collector running on DNS server.

Highlighted

Re: DNS Query logging from Windows Server 2012 DNS Server

DNS query logging needs to be enabled on the server.  In my case, I'm using Windows Server for DNS.  Here's my config.

Data Source Vendor : Microsoft

Data Source Model : Windows DNS (ASP)

Data Format : Default

Data Retreival : MEF

I've enabled Parsing and Logging

Specify your DNS server IP Address.

Host ID is blank.

Use Encryption is checked.

Support Generic Syslogs : Do Nothing

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community