The dns.windows tag identifies log events generated by the Windows Server Domain Name System (DNS).
This technology uses a single tag to support all events generated by the Windows Server Domain Name System (DNS). The tag is simply dns.windows and the associated events are saved in Devo in a table of the same name.
For more information, read more about Devo tags.
You can use the Devo Agent for Windows to monitor the log files generated by the DNS and forward them to a port on your Devo Relay. However, if your Windows Server has internet access, you might choose to use the Devo Agent to monitor the files, apply the dns.windows tag to the events, and forward them directly to Devo. Below we describe the relay rule you'll need to set up in the case that you send the events to your Devo Relay.
While we recommend using the Devo Agent for Windows, other third-party solutions for file monitoring and event forwarding can also be effective.
Create a simple rule on your Devo Relay that applies the dns.windows tag to all events arriving on a specified port. In the example below, we use port 13003 but you should use any port that you can dedicate to these events.
- Source Port → 13003
- Target Tag → dns.windows
- Check the Stop processing and Sent without syslog tag checkboxes.