Jun 30 2020
- last edited on
Dec 23 2021
While trying to integrate DNS into Azure Sentinel, I am not seeing any logs come in from the on-prem server. The server is a Windows Server 2012 R2 with DNS logging enabled. The connector shows as connected, and is green in Azure Sentinel, but no logs are coming through. I also tried connecting with a DNS server in Azure, and I was able to see logs from the Azure server but not the on-prem server. It seems there is an issue with DNS logging from the on-prem server.
Is anyone else having this issue?
Jun 30 2020 02:31 PM
@akhalili Any chance you have a firewall blocking traffic? Are you getting any logs from on-prem?
Jul 02 2020 08:48 AM
There is no firewall rule that would block this and I still don't see any logs coming in from on-prem.
Jul 02 2020 09:17 AM
@akhalili You can also trying to regenerate either the primary or second key and modify the configuration to use the new key just to make sure the key entered is correct and working.
Jul 05 2020 05:24 AM
@akhalili: I think this should be handled as a support ticket. That said, trying to troubleshoot on a furum: do you get heartbeat from the agent on the on-prem DC?