FortiSIEM ISC BIND DNS Configuration

ISC BIND DNS Configuration

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type Process level CPU utilization, Memory utilization Performance Monitoring
Syslog Application type DNS name resolution activity: DNS Query Success and Failure by type Security Monitoring and compliance

Event Types

In CMDB > Event Types, search for “isc bind” in the Device Type and Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Syslog

Configure the ISC BIND DNS Server to Send Syslogs

  1. Edit conf and add a new line: include /var/named/conf/logging.conf;.
  2. Edit the /var/named/conf/logging.conf file, and in the channel queries_file { } section add syslog local3;
  3. Restart BIND by issuing /etc/init.d/named restart.

Configure Syslog to Send to AccelOps

  1. Edit conf and add a new line: Local7.* @<IP address of the AccelOps server>.
  2. Restart the syslog daemon by issuing /etc/init.d/syslog restart.

Settings for Access Credentials

Sample BIND DNS Logs


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.