Forum Discussion
OMS DNS Analytics solution - no data
Hello - I am trying to get DNS logs into Log Analytics and into Sentinel.
The Documentation here (https://docs.microsoft.com/en-us/azure/sentinel/connect-dns), says simply install OMS and check the DnsEvent table, i did, nothing's there.. PS. It's been many days, and nothing is there.
- Although the documentation does not specify, but does DNS diagnostic logging need to be enabled for this to work?
- And if so, does that mean a custom log and data collection need to be configured for \path\to\dns.log?
Side Note: I have packetbeat installed successfully capturing DNS logs without DNS Diagnostic Logging enabled.
11 Replies
- We spent days and days to work out what the issue may be and ended up raising an incident with Microsoft. We already went through steps that are described in this page but nothing worked.
Out of no where I decided to use Firefox (instead of Chrome) and voila! I can see DNSEvents in Log Analytics, I can see Configure option and Dashboard too. I asked my colleague to try Edge and that worked too.
I am writing this response to thank everyone for their guidance and with a hope that my response may also help someone. Generally after you put the agent on the Windows Server that is running DNS, you will get the logs.
Is this the first time you've used Log Analytics - if not, do you have other data sources that are working (this can rule out proxy/firewall issues)?
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windowsDid you "Verify agent connectivity to Log Analytics" as per the above link?
https://docs.microsoft.com/en-us/services-hub/health/troubleshooting_mma_agentI'm actually experiencing the same issue. Enabled the collection about 18 hours ago and nothing is coming in to Log Analytics. My connectivity is working properly and other events come in properly but nothing for DNS.
