Configuring Resolver query logging
Before you can add a log source in IBM® QRadar®, you must configure Resolver query logging on the AWS Management console.
- Log in to your AWS Management console to open the Route 53 console. (https://console.aws.amazon.com/route53)
- From the Route 53 navigation menu, select .
- From the region list, select the region where you want to create the query logging
configuration. Tip: The region that you select must be the same region where you created the Amazon Virtual Private Clouds (VPCs) that you want to log queries for. If your VPCs are in multiple regions, create at least one query logging configuration for each region.
- Click Configure query logging, then type a name for your query logging configuration. Your configuration name displays in the console in the list of query logging configurations.
- In the Query logs destination section, select a destination where
you want Resolver to publish query logs. QRadar supports CloudWatch Logs
log group and S3 bucket as destinations for query logs.
- If you are using the Amazon AWS S3 REST API, select S3 bucket.
- If you are using the Amazon Web Services protocol, select CloudWatch Logs log group.
- To log VPCs, in the VPCs to log queries for section, click Add VPC. DNS queries that originate in the VPCs that you select are logged. If you don't select any VPCs, no queries are logged by Resolver.
- Click Configure query logging.
Create an Identity and Access (IAM) user in the AWS Management Console