BlueCat DNS Edge Logger Utility - BlueCat DNS Edge

DNS Edge User Guide

prodname
BlueCat DNS Edge
The BlueCat DNS Edge Logger Utility allows you to use a SIEM of choice to collect, monitor, and alert on policy events from DNS Edge service points.
Note: Prerequisites
  • Ensure that Python v2.7.x and Virtialenv are installed in your environment

Installing Virtualenv

If you haven't installed Virtualenv in your environment, follow these steps:

  1. Install Virtualenv:
    $ pip install virtualenv
  2. In the root of the project directory, create a new Virtualenv folder:
    $ virtualenv -p /path/to/python2.7 venv
  3. Activate Virtualenv
    $ pip install -r requirements.txt

Installing project dependecies

Install the project dependencies in requirements.txt

$ pip install -r requirements.txt

Configuring the Utility Logger

Edit the dnsedge.yaml file, which is installed by default under /etc. At a minimum, the following items must be configured:

url: Replace placeholder text with the the fully qualified domain name of the customer's Edge portal. Note that it must contain "api-" as a prefix. token: Replace text with the customer's SIEM token, which sent in an email to the designated super admin.

Logger types

The Edge logger has two log streams - applog, used for application info or debug messages, and datalog, which is used for query logging.

Each log stream can be directed to a file, or can be sent to a syslog server in LEEF or CEF formats.

For file-based logging you must specify log_level, file_name, and logger_name configurations in the dnsedge.yaml file.

For LEEF or CEF-based syslog messages you must specify server, protocol, and port variables in the dnsedge.yaml file.

Running in a Python virtual environment

$ cd /path/to/dnsedge-poller
$ source venv/bin/activate
$ python dnsedge.py --file dnsedge.yaml