HTTP Log Forwarding DNS Logs
Securd supports real-time log HTTP forwarding. Log forwarding is a real-time fork of your DNS log data to a target HTTP webhook endpoint.
We do the hard work by enriching and annotating your logs with contextual information. DNS logs are known to very extremely verbose. Securd logging automatically de-duplicates your DNS logs on 5 minute intervals. This makes DNS logs easier to consume and analyze without excessive noise and cost.
The detailed activity logs that are visible in the Securd logs will be forwarded to your target. HTTP Logs will be forwarding in a simple, friendly JSON format via a HTTPS POST. This enables you to build charts, analyze data and setup alerting in your favorite tool with ease.
Steps to Enable HTTP Log Forwarding
- Generate your HTTP endpoint and authorization in your destination tool.
- Add HTTP Endpoint & destination tool credentials to Securd settings
- Enable log forwarding for the policies of your choice.
- View real-time DNS log data from Securd in your XDR, SIEM or Log Analysis tool!
Enable Log Forwarding in Company Settings
-
Browse to your Company global settings.
-
Click on the Logging tab.
-
Select the HTTP logging to enabled.
-
If your endpoint requires an Authorization Bearer token, generate it in your destination tool and paste to the Authentication Token field.
-
Paste the full URL of your logging endpoint.
-
Click Save.
Once you save your setting, logging will immediately start forwarding to the endpoint. The only logs that will be forwarded are new logs from the time the setting is saved.
Note: If your endpoint repeatedly fails over 15 mins due to an authorization or configuration issue, Securd will automatically disable log forwarding in your Company setting.
Updated about 1 year ago