dns.windows
- Juan Tomás Alonso Nieto (Deactivated)
The dns.windows tag identifies log events generated by the Windows Server Domain Name System (DNS).
Tag structure
This technology uses a single tag to support all events generated by the Windows Server Domain Name System (DNS). The tag is simply dns.windows and the associated events are saved in Devo in a table of the same name.
Product / Service | Tags | Data tables |
|---|---|---|
Windows DNS |
|
|
For more information, read more about Devo tags.
Configuration
Create a simple rule on your Devo Relay that applies the dns.windows tag to all events arriving on a specified port. In the example below, we use port 13003 but you should use any port that you can dedicate to these events.
Source port →Â
13003Target tag →
dns.windowsCheck the Stop processing and Sent without syslog tag checkboxes.
Table structure
These are the fields displayed in this table:
dns.windows
Field | Type | Field transformation | Source field name | Extra fields |
|---|---|---|---|---|
eventdate |
| Â | Â | Â |
hostname |
| ifthenelse(isnotnull(dnsserverfilebeat), dnsserverfilebeat, vhost) | dnsserverfilebeat vhost | Â |
myserverday |
| Â | Â | Â |
myservertime |
| Â | Â | Â |
myserverampm |
| Â | Â | Â |
serverdate |
| parsedate(myserverdate, "MM/DD/YYYY hh:mm:ss A", "UTC") | myserverdate | Â |
thread_id |
| Â | Â | Â |
context |
| trim(mycontext) | mycontext | Â |
int_packed_id |
| myintpacketid | Â | |
protocol |
| myprotocol | Â | |
send_receive |
| mysendreceive | Â | |
remote_ip |
| Â | Â | Â |
x_id |
| myxid | Â | |
query_response |
| myqueryresponse | Â | |
query_response_def |
| myqueryresponse | Â | |
op_code |
| myopcode | Â | |
flags_hex |
| myflagshex | Â | |
flags_char_codes |
| myflagscharcodes | Â | |
response_code |
| myresponsecode | Â | |
question_type |
| myquestiontype | Â | |
question_name |
| Â | Â | Â |
question_dot |
| question_tokens | Â | |
hostchain |
|  |  | ✓ |
tag |
|  |  | ✓ |
rawMessage |
|  |  | ✓ |