Configuring public DNS query logging

Before you can add a log source in IBM QRadar, you must configure logging for DNS queries.

Procedure

  1. Log in to the AWS Management console to open the Route 53 console (https://console.aws.amazon.com/route53).
  2. From the Amazon Route 53 navigation pane, select Hosted zones.
  3. Select the relevant hosted zone.
  4. From the Hosted zone details section, click Configure query logging.
  5. Select an existing log group or create a new log group.
    Important: The log group must be in the US East (N. Virginia) region.
  6. If you see an alert about permissions, choose one of the following troubleshooting options:
    • If you have 10 resource policies, you reached the limit. Select one of your resource policies and click Edit to allow Route 53 to write logs to your log groups, then click Save and continue to step 7.
    • If this configuration is the first time that you have configured query logging, or if you have less than 10 resource policies, grant permission to Route 53 to write logs to your CloudWatch log groups by selecting Grant permissions, then continue to the next step.
  7. To verify that the resource policy matches the CloudWatch Log log group and if Route 53 has permission to publish logs to CloudWatch, click Permissions - optional.
  8. Click Create.

What to do next

Create an Identity and Access (IAM) user in the AWS Management Console