dns.windows
- Juan Tomás Alonso Nieto (Deactivated)
The dns.windows tag identifies log events generated by the Windows Server Domain Name System (DNS).
Tag structure
This technology uses a single tag to support all events generated by the Windows Server Domain Name System (DNS). The tag is simply dns.windows and the associated events are saved in Devo in a table of the same name.
Product / Service | Tags | Data tables |
|---|---|---|
Windows DNS |
|
|
For more information, read more about Devo tags.
Configuration
Create a simple rule on your Devo Relay that applies the dns.windows tag to all events arriving on a specified port. In the example below, we use port 13003 but you should use any port that you can dedicate to these events.
Source port →
13003Target tag →
dns.windowsCheck the Stop processing and Sent without syslog tag checkboxes.
Table structure
These are the fields displayed in this table:
dns.windows
Field | Type | Field transformation | Source field name | Extra fields |
|---|---|---|---|---|
eventdate |
|
|
|
|
hostname |
| ifthenelse(isnotnull(dnsserverfilebeat), dnsserverfilebeat, vhost) | dnsserverfilebeat vhost |
|
myserverday |
|
|
|
|
myservertime |
|
|
|
|
myserverampm |
|
|
|
|
serverdate |
| parsedate(myserverdate, "MM/DD/YYYY hh:mm:ss A", "UTC") | myserverdate |
|
thread_id |
|
|
|
|
context |
| trim(mycontext) | mycontext |
|
int_packed_id |
| myintpacketid |
| |
protocol |
| myprotocol |
| |
send_receive |
| mysendreceive |
| |
remote_ip |
|
|
|
|
x_id |
| myxid |
| |
query_response |
| myqueryresponse |
| |
query_response_def |
| myqueryresponse |
| |
op_code |
| myopcode |
| |
flags_hex |
| myflagshex |
| |
flags_char_codes |
| myflagscharcodes |
| |
response_code |
| myresponsecode |
| |
question_type |
| myquestiontype |
| |
question_name |
|
|
|
|
question_dot |
| question_tokens |
| |
hostchain |
|
|
| ✓ |
tag |
|
|
| ✓ |
rawMessage |
|
|
| ✓ |