Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > Integrate Windows DNS server with LEM

Integrate Windows DNS server with LEM

Created by Bryan Davis, last modified by Jared.Jackson on Jun 14, 2017

Views: 105 Votes: 1 Revisions: 7

Overview

This article provides steps to configure Windows DNS to log its debugging traffic, and to configure the Windows DNS Traffic Log connector on the associated LEM Agent.

Environment

All LEM versions

Steps

Configure Windows DNS to log its debugging traffic

  1. Log in to your DNS server as an administrator.
  2. Click Start > Control Panel > Administrative Tools > DNS.
  3. Select your DNS server in the left pane, and then click Actions > Properties.
  4. Click the Debug Logging tab.
  5. Select Log packets for debugging, and then click OK.

This procedure was adapted from the Microsoft TechNet article, Select and enable debug logging options on the DNS server (© 2017 Microsoft, available at www.microsoft.com, obtained on April 21, 2017) and validated on both Windows Server 2003 and Windows Server 2008.

For information about what this option logs, see the Microsoft KB site. 

 

Configure the Windows DNS Traffic Log connector on a LEM Agent

Note: LEM Agent must be installed on your DNS server. For information on installing LEM Agents, see SolarWinds LEM Agent Installer for Windows.

  1. Go to the LEM Console.
  2. Click Manage > Appliances view.
  3. Log in to the LEM Manager as an administrator.
  4. Click Manage, and then select Nodes.
  5. Click the gear icon next to the LEM Agent associated with your DNS server, and then select Connectors.
  6. In the Connector Configuration window, enter DNS Traffic in the search box at the top of the Refine Results field.
  7. Click the gear icon next to the Windows DNS Traffic Log connector, and then select New.
  8. Replace the alias value with a custom alias, or accept the default value, and then click Save.
  9. Click the gear icon next to the new connector, denoted by an icon in the Status column, and then select Start.
  10. Click Close. 

When the connector is running, create a filter to display all DNS traffic from that server. For example, use the filter conditions, Any Alert.ToolAlias = *DNS Traffic*, provided you used the default Alias of Windows DNS Traffic Log for your connector.

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

 

 

 

 

Last modified
08:31, 14 Jun 2017

Tags

Classifications

Public