Before you can add a log source in IBM
QRadar, you must configure
Resolver query logging on the AWS Management
console.
Procedure
-
Log in to your AWS Management console to open the Route 53
console.
-
From the Route 53 navigation menu, select
.
- From the region list, select the region where you want to create the query logging
configuration.
Tip: The region that you select must be the same region where you created the Amazon
Virtual Private Clouds (VPCs) that you want to log queries for. If your VPCs are in multiple
regions, create at least one query logging configuration for each region.
- Click Configure query logging, then type a name for your query
logging configuration. Your configuration name displays in the console in the list of query logging
configurations.
- In the Query logs destination section, select a destination where
you want Resolver to publish query logs. QRadar supports CloudWatch Logs
log group and S3 bucket as destinations for query logs.
- If you are using the Amazon AWS S3 REST API, select S3 bucket.
- If you are using the Amazon Web Services protocol, select CloudWatch Logs log
group.
- To log VPCs, in the VPCs to log queries for section, click
Add VPC. DNS queries that originate in the VPCs that you select are logged.
If you don't select any VPCs, no queries are logged by Resolver.
- Click Configure query logging.