HTTP Log Forwarding DNS Logs

HTTP Log Forwarding DNS Logs

DigitalStakeout PDNS supports real-time log HTTP forwarding. Log forwarding is a real-time fork of your DNS log data to a target HTTP webhook endpoint.

We do the hard work by enriching and annotating your logs with contextual information. DNS logs are known to very extremely verbose. DigitalStakeout PDNS logging automatically de-duplicates your DNS logs on 5 minute intervals. This makes DNS logs easier to consume and analyze without excessive noise and cost.

The detailed activity logs that are visible in the DigitalStakeout PDNS logs will be forwarded to your target. HTTP Logs will be forwarding in a simple, friendly JSON format via a HTTPS POST. This enables you to build charts, analyze data and setup alerting in your favorite tool with ease.
 
Steps to Enable HTTP Log Forwarding

  1. Generate your HTTP endpoint and authorization in your destination tool.
  2. Add HTTP Endpoint & destination tool credentials to DigitalStakeout PDNS settings
  3. Enable log forwarding for the policies of your choice.
  4. View real-time DNS log data from DigitalStakeout PDNS in your XDR, SIEM or Log Analysis tool!
 
Enable Log Forwarding in Company Settings

1. Browse to your Company global settings.

2. Click on the Logging tab.

3. Select the HTTP logging to enabled.

4. If your endpoint requires an Authorization Bearer token, generate it in your destination tool and paste to the Authentication Token field.

5. Paste the full URL of your logging endpoint.

6. Click Save.

Once you save your setting, logging will immediately start forwarding to the endpoint. The only logs that will be forwarded are new logs from the time the setting is saved.

If your endpoint repeatedly fails over 15 mins due to an authorization or configuration issue, DigitalStakeout PDNS will automatically disable log forwarding in your Company setting.
 
Below is an example of a policy forwarding DigitalStakeout PDNS logs to Loggly. In the example below with Loggly,this integration can be fully configured on both applications in 5 mins.

If you use ELK, you can use the Logstash HTTP Input Plugin to achieve the same result.


    • Related Articles

    • Syslog Fowarding DNS Logs

      DigitalStakeout PDNS supports real-time log syslog forwarding. Log forwarding is a real-time fork of your DNS log data to a target syslog server. We do the hard work by enriching and annotating your logs with contextual information. DNS logs are ...

    • Search, Filter and Export DNS Logs

      Each DigitalStakeout PDNS company (tenant) has a private log data store where detailed DNS and web activity logs are recorded in real-time. Users can search and analyze logs to investigate incidents and to hunt threats. Search and Filter DNS Logs ...

    • DNS Forwarding Amazon Route 53 with Resolver Rules

      Amazon Route 53 is a highly available and scalable DNS service offered by Amazon Web Services (AWS). One of the key features of Amazon Route 53 is the ability to forward DNS queries to specific IP addresses using Resolver Rules. In this article, we ...

    • Search and Filter DigitalStakeout PDNS Logs

      Each DigitalStakeout PDNS company has a private log data store where detailed DNS and web activity logs are recorded in real-time.  Users can search and analyze logs to investigate incidents and to hunt threats. Search and Filter DNS Logs Under the ...

    • Understanding your Protective DNS usage metrics.

      In the Account -> Plan Usage section, you can see a real-time view of your Protective DNS usage metrics.   Viewing Aggregated Query Metrics This analytic shows the volume of DNS queries from all your companies based on your selected time frame. In ...