For more information on supported platforms and how to install an agent, see the NXLog Deployment chapter of the NXLog EE User Guide.Ĭollecting DNS Server logs via Windows Event TracingĮvent Tracing for Windows (ETW) provides not only efficient logging of both kernel and user-mode applications but also access to the Debug and Analytical channels that are not available through Windows Event Log channels (which also contains some DNS Server logs). To evaluate the configurations presented in this post, download the appropriate trial edition for your platform. It offers many additional features not found in the free Community Edition. It can read and write all standard log formats and integrates with over 70 third-party products. If you aren’t familiar with the NXLog Enterprise Edition, it is a full-featured log processing agent with a small footprint.
In comparison, Linux Audit has a much wider scope and could arguably be called the most comprehensive tool for monitoring and reporting security events on Linux distributions. Proactive monitoring of DNS activity can help network administrators quickly detect and respond to attempted security breaches in DNS implementations that might otherwise lead to data theft, denial-of-service, or other service disruptions related to malicious activity. Both of these log sources are of interest from a security perspective. We will present two examples of sending logs to Azure Sentinel: in the first one, we send Windows DNS Server logs and in the second one, Linux kernel audit logs.
In this post, the technology we will be examining is the Azure Monitor HTTP Data Collector API, which enables clients, such as the NXLog Enterprise Edition agent, to send events to a Log Analytics workspace, making them directly accessible using Azure Sentinel queries.
0 kommentar(er)
