HTTP Log Forwarding DNS Logs

HTTP Log Forwarding DNS Logs

Securd supports real-time log HTTP forwarding. Log forwarding is a real-time fork of your DNS log data to a target HTTP webhook endpoint.

We do the hard work by enriching and annotating your logs with contextual information. DNS logs are known to very extremely verbose. Securd logging automatically de-duplicates your DNS logs on 5 minute intervals. This makes DNS logs easier to consume and analyze without excessive noise and cost.

The detailed activity logs that are visible in the Securd logs will be forwarded to your target. HTTP Logs will be forwarding in a simple, friendly JSON format via a HTTPS POST. This enables you to build charts, analyze data and setup alerting in your favorite tool with ease.
 
Steps to Enable HTTP Log Forwarding

  1. Generate your HTTP endpoint and authorization in your destination tool.
  2. Add HTTP Endpoint & destination tool credentials to Securd settings
  3. Enable log forwarding for the policies of your choice.
  4. View real-time DNS log data from Securd in your XDR, SIEM or Log Analysis tool!
 
Enable Log Forwarding in Company Settings

1. Browse to your Company global settings.

2. Click on the Logging tab.

3. Select the HTTP logging to enabled.

4. If your endpoint requires an Authorization Bearer token, generate it in your destination tool and paste to the Authentication Token field.

5. Paste the full URL of your logging endpoint.

6. Click Save.

Once you save your setting, logging will immediately start forwarding to the endpoint. The only logs that will be forwarded are new logs from the time the setting is saved.

If your endpoint repeatedly fails over 15 mins due to an authorization or configuration issue, Securd will automatically disable log forwarding in your Company setting.
 
Below is an example of a policy forwarding Securd logs to Loggly. In the example below with Loggly,this integration can be fully configured on both applications in 5 mins.

If you use ELK, you can use the Logstash HTTP Input Plugin to achieve the same result.

    • Related Articles

    • Syslog Fowarding DNS Logs

      Securd supports real-time log syslog forwarding. Log forwarding is a real-time fork of your DNS log data to a target syslog server. We do the hard work by enriching and annotating your logs with contextual information. DNS logs are known to very ...

    • Search, Filter and Export DNS Logs

      Each Securd company (tenant) has a private log data store where detailed DNS and web activity logs are recorded in real-time. Users can search and analyze logs to investigate incidents and to hunt threats. Search and Filter DNS Logs Under the ...

    • DNS Forwarding Amazon Route 53 with Resolver Rules

      Amazon Route 53 is a highly available and scalable DNS service offered by Amazon Web Services (AWS). One of the key features of Amazon Route 53 is the ability to forward DNS queries to specific IP addresses using Resolver Rules. In this article, we ...

    • Search and Filter Securd Logs

      Each Securd "company" has a private log data store where detailed DNS and web activity logs are recorded in real-time. Users can search and analyze logs to investigate incidents and to hunt threats. Search and Filter DNS Logs Under the "Traffic Logs" ...

    • Forwarding BIND DNS Queries to Securd

      DNS forwarding is a useful technique for distributing the workload of handling DNS queries across multiple servers and improving the efficiency of the overall system. In this article, we will look at how to configure DNS forwarding on Bind in Ubuntu ...