Before you can add a log source in IBM
QRadar, you must configure
logging for DNS queries.
Procedure
-
Log in to the AWS Management console to open the Route 53 console
(https://console.aws.amazon.com/route53).
-
From the Amazon Route 53 navigation pane, select Hosted
zones.
- Select the relevant hosted zone.
- From the Hosted zone details section, click Configure
query logging.
- Select an existing log group or create a new log group.
Important: The log group must be in the US East (N. Virginia) region.
- If you see an alert about permissions, choose one of the following troubleshooting
options:
- If you have 10 resource policies, you reached the limit. Select one of your resource policies
and click Edit to allow Route 53 to write logs to your log groups, then click
Save and continue to step 7.
- If this configuration is the first time that you have configured query logging, or if you have
less than 10 resource policies, grant permission to Route 53 to write logs to your CloudWatch log
groups by selecting Grant permissions, then continue to the next step.
- To verify that the resource policy matches the CloudWatch Log log group and if Route 53
has permission to publish logs to CloudWatch, click Permissions -
optional.
- Click Create.