BlueCat DNS Edge Logger Utility - BlueCat DNS Edge

DNS Edge User Guide

Locale
English
Product name
BlueCat DNS Edge
The BlueCat DNS Edge Logger Utility allows you to use a SIEM of choice to collect, monitor, and alert on policy events from DNS Edge service points.
Note: Prerequisites
  • Ensure that Python v2.7.x and Virtualenv are installed in your environment

Installing Virtualenv

If you haven't installed Virtualenv in your environment, perform follow these steps:

  1. Install Virtualenv using the following command:
    $ pip install virtualenv
  2. In the root of the project directory, create a new Virtualenv folder using the following command:
    $ virtualenv -p /path/to/python2.7 venv
  3. Activate Virtualenv using the following command:
    $ pip install -r requirements.txt

Installing project dependencies

Install the project dependencies in requirements.txt using the following command:

$ pip install -r requirements.txt

Configuring the Utility Logger

Edit the dnsedge.yaml file, which is installed by default under /etc. At a minimum, the following items must be configured:

  • url: Replace placeholder text with the fully qualified domain name of the customer's Edge portal. Note that it must contain "api-" as a prefix.
  • token: Replace text with your SIEM token that was sent in an email to the designated super admin.

Logger types

The Edge logger has two log streams - applog, used for application info or debug messages, and datalog, which is used for query logging.

Each log stream can be directed to a file or can be sent to a syslog server in LEEF or CEF formats.

For file-based logging you must specify log_level, file_name, and logger_name configurations in the dnsedge.yaml file.

For LEEF or CEF-based syslog messages, you must specify server, protocol, and port variables in the dnsedge.yaml file.

Running in a Python virtual environment

$ cd /path/to/dnsedge-poller
$ source venv/bin/activate
$ python dnsedge.py --file dnsedge.yaml