Table of Contents | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The dns.windows
tag identifies log events generated by the Windows Server Domain Name System (DNS).
...
This technology uses a single tag to support all events generated by the Windows Server Domain Name System (DNS). The tag is simply dns.windows
and the associated events are saved in Devo in a table of the same name.
Product / Service | Tags | Data tables |
---|---|---|
Windows DNS |
|
|
For more information, read more about Devo tags.
...
Create a simple rule on your Devo Relay that applies the dns.windows
tag to all events arriving on a specified port. In the example below, we use port 13003 but you should use any port that you can dedicate to these events.
Source
Port → 13003port →
13003
Target
Tag →tag →
dns.windows
Check the Stop processing and Sent without syslog tag checkboxes.
Table structure
These are the fields displayed in this table:
dns.
...
windows
Field | Type | Field transformation | Source field name | Extra fields | ||
---|---|---|---|---|---|---|
eventdate |
|
|
| |||
hostname |
|
| dnsserverfilebeat vhost | |||
myserverday |
|
|
| |||
myservertime |
|
|
| |||
myserverampm |
|
|
| |||
serverdate |
|
| myserverdate | |||
thread_id |
|
|
| |||
context |
|
| mycontext | |||
int_packed_id |
|
| myintpacketid | |||
protocol |
|
| myprotocol | |||
send_receive |
|
| mysendreceive | |||
remote_ip |
|
|
| |||
x_id |
|
| myxid | |||
query_response |
|
| myqueryresponse | |||
query_response_def |
|
| myqueryresponse | |||
op_code |
|
| myopcode | |||
flags_hex |
|
| myflagshex | |||
flags_char_codes |
|
| myflagscharcodes | |||
response_code |
|
| myresponsecode | |||
question_type |
|
| myquestiontype | |||
question_name |
|
|
| |||
question_dot |
|
| question_tokens | |||
hostchain |
|
|
| ✓ | ||
tag |
|
|
| ✓ | ||
rawMessage |
|
|
| ✓ |