Enable DNS Logs
AWS: Enable DNS Logs
If you provided a S3 bucket during the stack creation from the CloudFormation template in the previous section, a S3 bucket is created by the template that acts as the destination for the route53 Query Logs. The VPCs that are monitored for the DNS query logs must be added manually.
Procedure
Step 1 |
In AWS Console go to the Route53Query Logging . |
Step 2 |
Select the Query Logger created by the template. Locate the logger with the prefix name provided in the template. |
Step 3 |
Select and all the VPCs for which you want to get the traffic insights and clikc Add.
|
GCP: Enable DNS Logs
To enable GCP DNS query logs, follow the below steps.
Procedure
Step 1 |
Navigate to VPC network in GCP console. |
||
Step 2 |
Open Google cloud shell and execute this command: gcloud dns policies create POLICY_NAME --networks=NETWORK --enable-logging |
||
Step 3 |
Navigate to Cloud Storage section and create a storage bucket. You can leave everything as default when creating storage bucket.
|
||
Step 4 |
Navigate to Logs Route section. |
||
Step 5 |
Click on Create Sink. |
||
Step 6 |
Provide a sink name. |
||
Step 7 |
Select "Cloud Storage bucket" for sink service. |
||
Step 8 |
Select the cloud storage bucket that was created above. |
||
Step 9 |
In "Choose logs to include in sink" section, put in this string: Below steps are the same as mentioned in VPC flow log for GCP. If you are sharing cloud storage bucket, you only need to perform below steps once. |
||
Step 10 |
Click Create Sink. |
||
Step 11 |
Navigate to . |
||
Step 12 |
Create a custom role with this permission: storage.buckets.list. |
||
Step 13 |
Create another custom role with following permission: storage.buckets.get storage.objects.get storage.objects.list. |
||
Step 14 |
Add both custom role to the service account created for Multicloud Defense Controller. When adding the second custom role, put this condition:
|
||
Step 15 |
Navigate to Pub/Subs. |
||
Step 16 |
Click on Create Topic. |
||
Step 17 |
Provide a Topic name and click create. |
||
Step 18 |
Click on Subscriptions. You will find that there is a subscription created for the topic that was just created. |
||
Step 19 |
Edit the subscription. |
||
Step 20 |
Change Delivery type as Push. |
||
Step 21 |
Once Push is selected, enter in the endpoint URL: |
||
Step 22 |
Click Update. |
||
Step 23 |
Create a cloud storage notification by opening a Google cloud shell and execute this command: |
Azure: DNS Logs
Azure currently does not expose DNS log queries. Multicloud Defense Controller cannot enable logs for this cloud service provider.