DNS/DHCP Server includes a powerful channel logging feature that creates detailed DNS logs according to the settings that you specify. Querylogging is disabled by default on DNS/DHCP Server appliances and virtual machines. You can configure channel logging in Querylogging Configuration mode.
Logs can record various errors, warnings, notices, and other types of information as the DNS service runs. Logs are divided into channels. Each channel records a particular event category at a particular severity level, and then outputs its contents to a log file. For example, you can configure a channel to record query events. If required, DNS/DHCP Server can mark each log entry with its time, severity, and category (these are optional).
Comparing DNS Activity and Querylogging
The following table outlines the differences between DNS Activity and Querylogging features on DNS/DHCP Server.
For more information on DNS Activity, refer to DNS Activity.
To view the status of log channels on the DNS Server, use show querylogging from Main Session mode.
Adonis> show querylogging State = Enable Channel: example File = example.txt Size = 3m Severity = error Category = database, default, queries, security Print-severity = Yes
- Add—add a channel for querylogging.
- Disable—disable querylogging.
- Enable—enable querylogging.
- Exit—exit from querylogging configuration mode and check for any unsaved changes.
- Help—display help information
- History—display the current session’s command line history.
- Modify—edit a querylogging channel.
- Remove—delete a querylogging channel.
- Show—display querylogging details.
Restarting DNS Service on a managed DNS/DHCP Server will automatically disable querylogging on the managed server. However, if you have enabled ArcSight or QRadar, the state of querylogging will be preserved upon restart of DNS Service.