Microsoft DNS Debug sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Microsoft DNS Debug sample message when you use the Syslog protocol
The following sample event shows a DNS type A query.
<13>Aug 01 07:46:17 microsoft.dns.test AgentDevice=WindowsDNS AgentLogFile=dns.log PluginVersion=192.168.63.93 Date=1/08/2019 Time=7:46:13 Thread ID=a.m. 0E40 Context=PACKET Message= Internal packet identifier=000000A018724240 UDP/TCP indicator=UDP Send/Receive indicator=Snd Remote IP=192.168.113.142 Xid (hex)=0f5f Query/Response=Q Opcode=Q Flags (hex)=0001 Flags (char codes)=D ResponseCode=NOERROR Question Type=A Question Name=d3hb14vkzrxvla.cloudfront.net
| QRadar field name | Highlighted values in the payload |
|---|---|
| Event ID | Type |
| Category | WindowsDNS |
| Destination Address | Remote IP |
| Log Source TIME | Aug 01 07:46:17 |