DNS log and using multiline record separator

Owned by Carlos Osorio
Oct 30, 2020
1 min read



SUMMARY

Oct 13, 2017

In the Snare Enterprise Epilog agent for version 5, we can use \r\n\r\n as the multiline record separator and this will send the DNS logs as one long syslog string.

To configure Epilog Agent

  1. Select menu item Log Configuration and click Add.

  2. Set the following parameters:

    • Select the Log Type: Select Microsoft DNS server logs

    • Multi-Line Format: Select Line separating events and enter \r\n\r\n

    • In Log File or Directory enter the directory where the DNS logs are stored.

    • In Log Name Format enter the log file format if necessary and select All matching files.

    • Click Change Configuration.

    • Click Apply Configuration & Restart Service.