You can create a logging endpoint that stores all DNS queries in your network.
Note:
- You can only assign one logging endpoint per site.
- You can assign a logging endpoint to multiple sites.
- You can create multiple logging endpoints but only one can be assigned
per site. This means you can assign different logging endpoints to
sites.
-
Choose whether you are using HTTP or HTTPS.
-
In the top navigation bar, click
and select
Logging Endpoints.
-
Click New.
-
Complete the following:
-
Name: The unique name for the logging
endpoint.
- Optional:
Description: A description for the logging endpoint.
-
URL: The full URL of the local logging endpoint
including the protocol and host. For example,
https://http-inputs-<customer>.splunkcloud.com/services/collector/raw.
- Optional:
Headers: The HTTP headers for authenticating the
request. For example,
"X-Splunk-Request-Channel:
FE0ECFAD-13D5-401B-847D-77833BD77131" and
"Authorization: Splunk
BD274822-96AA-4DA6-90EC-18940FB2414C"
- Optional:
Server certificate: This is required for logging
endpoints that are secured with SSL/TLS certificates. Drag and drop the
root certificate for the corresponding certificate authority (root CA)
in PEM format.
Note:
- If you are securing the logging endpoints with private
SSL/TLS certificates, upload the private root anchor
certificate.
- If you are using a trusted public root certificate, you do
not need to upload any certificate.
BlueCat does not recommend using the server's certificate instead of
the trust anchor (root CA) in production systems, as this incurs
additional overhead of updating the certificate when it expires and
can result in logging downtime.
-
Click Save.