This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am an SIEM engineer and want to integrate Microsoft DNS logs with ArcSight ESM for security monitoring. Currently we are using flat file read (DNS logs are dumped in a flat file and we read logs from it using ArcSight connectors). But we are facing many issues and the monitoring isn't continuous.
I need you help in getting logs from DNS server to SIEM. Is there any other method other than flat file read? Can we write DNS logs in event viewer and read from there? Or any other method you can help me out with?
Thread source link: https://social.technet.microsoft.com/Forums/windowsserver/en-US/93b7c216-3a4a-4452-b907-1d4e58446cf4/how-to-integrate-microsoft-dns-logs-with-siem?forum=winserver8setu
Hi,
Welcome to our new Microsoft Q&A Platform.
If you want to enable DNS diagnostic logging, you could refer to the following article:
About the Negligible Performance Impact of Enabling,
"A DNS server running on modern hardware that is receiving 100,000 queries per second (QPS) can experience a performance degradation of 5% when analytic logs are enabled. There is no apparent performance impact for query rates of 50,000 QPS and lower"
For your reference:
Best Regards,