DNS Server Logs

Overview

Evidence: DNS Server Logs Description: Collect DNS Server Logs Category: Applications Platform: windows Short Name: dnsl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

DNS Server logs record domain name resolution queries and responses. DNS logging captures which domains were queried, by whom, and when, providing visibility into network communication patterns.

Data Collected

This collector gathers structured data about dns server logs.

Collection Method

This collector gathers DNS server log files from the Windows DNS directory, including active and backup logs containing query records.

Forensic Value

DNS logs are crucial for detecting command and control communications, data exfiltration via DNS tunneling, malicious domain lookups, and DGA-based malware. They reveal network reconnaissance and lateral movement attempts.

PreviousDNS Cache NextDNS Servers

Last updated 3 days ago

Was this helpful?