FortiSIEM ISC BIND DNS Configuration

ISC BIND DNS Configuration

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type Process level CPU utilization, Memory utilization Performance Monitoring
Syslog Application type DNS name resolution activity: DNS Query Success and Failure by type Security Monitoring and compliance

Event Types

In CMDB > Event Types, search for “isc bind” in the Device Type and Description column to see the event types associated with this device.


There are no predefined rules for this device.


There are no predefined reports for this device.



AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.


Configure the ISC BIND DNS Server to Send Syslogs

  1. Edit conf and add a new line: include /var/named/conf/logging.conf;.
  2. Edit the /var/named/conf/logging.conf file, and in the channel queries_file { } section add syslog local3;
  3. Restart BIND by issuing /etc/init.d/named restart.

Configure Syslog to Send to AccelOps

  1. Edit conf and add a new line: Local7.* @<IP address of the AccelOps server>.
  2. Restart the syslog daemon by issuing /etc/init.d/syslog restart.

Settings for Access Credentials

Sample BIND DNS Logs

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos