How to integrate Microsoft DNS logs with SIEM?

Joy Qiao 4,766 Reputation points Microsoft Employee

I am an SIEM engineer and want to integrate Microsoft DNS logs with ArcSight ESM for security monitoring. Currently we are using flat file read (DNS logs are dumped in a flat file and we read logs from it using ArcSight connectors). But we are facing many issues and the monitoring isn't continuous.

I need you help in getting logs from DNS server to SIEM. Is there any other method other than flat file read? Can we write DNS logs in event viewer and read from there? Or any other method you can help me out with?

Thread source link:

Windows Server Setup
Windows Server Setup
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Setup: The procedures involved in preparing a software program or application to operate within a computer or mobile device.
182 questions
No comments
{count} votes

Accepted answer
  1. 2020-07-14T09:41:08.743+00:00


    Welcome to our new Microsoft Q&A Platform.

    If you want to enable DNS diagnostic logging, you could refer to the following article:

    About the Negligible Performance Impact of Enabling,

    "A DNS server running on modern hardware that is receiving 100,000 queries per second (QPS) can experience a performance degradation of 5% when analytic logs are enabled. There is no apparent performance impact for query rates of 50,000 QPS and lower"

    For your reference:

    Best Regards,

    No comments

0 additional answers

Sort by: Most helpful