Querylogging - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.3.0

DNS/DHCP Server includes a powerful channel logging feature that creates detailed DNS logs according to the settings that you specify. Querylogging is disabled by default on DNS/DHCP Server appliances and virtual machines. You can configure channel logging in Querylogging Configuration mode.

Logs can record various errors, warnings, notices, and other types of information as the DNS service runs. Logs are divided into channels. Each channel records a particular event category at a particular severity level, and then outputs its contents to a log file. For example, you can configure a channel to record query events. If required, DNS/DHCP Server can mark each log entry with its time, severity, and category (these are optional).

Comparing DNS Activity and Querylogging

The following table outlines the differences between DNS Activity and Querylogging features on DNS/DHCP Server.

DNS Activity Querylogging
  • Drops messages in the event of extreme loads on the server.
  • Can be configured to filter queries based on certain criteria such as domain name and source address.
  • Events are written in JSON format with a predefined key value schema.
  • Captures DNS queries, responses, and updates.
  • Can be configured through the Address Manager UI and API.
  • Impacts DNS QPS performance in the event of extreme loads on the server.
  • Does not include filtering capabilities.
  • Events are not written in a standard format and do not have a key value schema.
  • Captures DNS queries only.
  • Can only be configured through the DNS/DHCP Server CLI.

For more information on DNS Activity, refer to DNS Activity.

To view the status of log channels on the DNS Server, use show querylogging from Main Session mode.

Adonis> show querylogging
State = Enable
Channel: example
    File = example.txt
    Size = 3m
    Severity = error
    Category = database, default, queries, security
    Print-severity = Yes
Press Tab to view a list of available commands, or type ? to view a description of each available item:
  • Add—add a channel for querylogging.
  • Disable—disable querylogging.
  • Enable—enable querylogging.
  • Exit—exit from querylogging configuration mode and check for any unsaved changes.
  • Help—display help information
  • History—display the current session’s command line history.
  • Modify—edit a querylogging channel.
  • Remove—delete a querylogging channel.
  • Show—display querylogging details.

Limitation

Restarting DNS Service on a managed DNS/DHCP Server will automatically disable querylogging on the managed server. However, if you have enabled ArcSight or QRadar, the state of querylogging will be preserved upon restart of DNS Service.