Syslog Fowarding DNS Logs
Securd supports real-time log syslog forwarding. Log forwarding is a real-time fork of your DNS log data to a target syslog server.
We do the hard work by enriching and annotating your logs with contextual information. DNS logs are known to very extremely verbose. Securd logging automatically de-duplicates your DNS logs on 5 minute intervals. This makes DNS logs easier to consume and analyze without excessive noise and cost.
The detailed activity logs that are visible in the Securd logs will be forwarded to your target. Syslogs will be forwarding in a simple, friendly imploded JSON format. Log parsers such as logstash will be able to easily parse your logs into a usable field format.
Steps to Enable Syslog Forwarding
- Generate any Syslog endpoint and authorization functions in your destination tool.
- Enable syslog forwarding Securd company settings.
- View real-time DNS log data from Securd in your XDR, SIEM or Log Analysis tool!
Enable Log Forwarding in Company Settings
- Browse to your Company global settings.
- Click on the Logging tab.
- Select the syslog logging to enabled.
- Enter the full hostname of your logging endpoint.
- Enter the UDP port number of your logging endpoint.
- Click Save.
Once you save your setting, logging will immediately start forwarding to the endpoint. The only logs that will be forwarded are new logs from the time the setting is saved.
Note: If your endpoint repeatedly fails over 15 mins due to an authorization or configuration issue, Securd will automatically disable log forwarding in your Company setting.
Updated about 1 year ago