Send DNS Query Log
393 views
Skip to first unread message
Jan Jimwell Panganiban
Oct 12, 2023, 2:36:12 AM10/12/23
to Wazuh | Mailing List
Hello Everyone
Is there documentation or already setup of Sending DNS query log from windows AD controller to WAZUH manager ?
Is there documentation or already setup of Sending DNS query log from windows AD controller to WAZUH manager ?
Abdullah Al Noman
Oct 12, 2023, 3:19:10 AM10/12/23
to Wazuh | Mailing List
Hello Jan Jimwell Panganiban,
Thank you for using Wazuh.
I am looking into your query and will get back to you with the exact information.
Regards,
Thank you for using Wazuh.
I am looking into your query and will get back to you with the exact information.
Regards,
Abdullah Al Noman
Oct 12, 2023, 4:27:06 AM10/12/23
to Wazuh | Mailing List
Hello Jan Jimwell,
There is no complete document specifically focusing on DNS query log collection from Windows Active Directory controller. However, this should not be a complex task for you to configure. Simply you have to perform two steps on your AD controller.
First, enable the DNS logging and store them on a specific location. As a second step, configure <localfile> capability on your Wazuh agent installed on your AD controller to collect the DNS query logs and forward to the Wazuh manager.
Follow this localfile - Local configuration (ossec.conf) guide to configure log collection on your Wazuh agent.
Hope this helps.
Regards,
There is no complete document specifically focusing on DNS query log collection from Windows Active Directory controller. However, this should not be a complex task for you to configure. Simply you have to perform two steps on your AD controller.
First, enable the DNS logging and store them on a specific location. As a second step, configure <localfile> capability on your Wazuh agent installed on your AD controller to collect the DNS query logs and forward to the Wazuh manager.
Follow this localfile - Local configuration (ossec.conf) guide to configure log collection on your Wazuh agent.
Hope this helps.
Regards,
Reply all
Reply to author
Forward
0 new messages