FortiSIEM ISC BIND DNS Configuration

ISC BIND DNS Configuration

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
SNMP Application type Process level CPU utilization, Memory utilization Performance Monitoring
Syslog Application type DNS name resolution activity: DNS Query Success and Failure by type Security Monitoring and compliance

Event Types

In CMDB > Event Types, search for “isc bind” in the Device Type and Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

SNMP

AccelOps uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation, then follow the instructions in Setting Access Credentials for Device Discovery to establish the connection between the device and AccelOps, and to initiate the device discovery process.

Syslog

Configure the ISC BIND DNS Server to Send Syslogs

  1. Edit conf and add a new line: include /var/named/conf/logging.conf;.
  2. Edit the /var/named/conf/logging.conf file, and in the channel queries_file { } section add syslog local3;
  3. Restart BIND by issuing /etc/init.d/named restart.

Configure Syslog to Send to AccelOps

  1. Edit conf and add a new line: Local7.* @<IP address of the AccelOps server>.
  2. Restart the syslog daemon by issuing /etc/init.d/syslog restart.

Settings for Access Credentials

Sample BIND DNS Logs


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.