Amazon Route53 Resolver Logs
The Amazon Route53 Resolver Logs Matano managed log source lets you ingest DNS logs for queries & responses from:
- Queries that originate in Amazon Virtual Private Cloud VPCs that you specify, as well as the responses to those DNS queries.
- Queries from on-premises resources that use an inbound Resolver endpoint.
- Queries that use an outbound Resolver endpoint for recursive DNS resolution.
- Queries that use Route 53 Resolver DNS Firewall rules to block, allow, or monitor domain lists.
See the Amazon Route53 Docs for more information.
Usage
Use the managed log source by specifying the managed.type
property in your log_source.yml
configuration file as AWS_ROUTE53_RESOLVER_LOGS
.
name: "aws_route53_resolver_logs"
managed:
type: "AWS_ROUTE53_RESOLVER_LOGS"
For example, if you want to ingest Amazon Route53 Resolver Logs (default table) may structure your log source under a subdirectory called aws_route53
(for short) as follows:
my-matano-dir/
└── log_sources/
└── aws_route53_resolver_logs/
└── log_source.yml
For a complete reference on configuring log sources, including extending the table schema, see Log source configuration.
Tables
The Amazon Route53 Resolver Logs managed log source supports the following tables:
- default (aws_route53_resolver_logs)
Ingest
S3 (default)
For a log source named aws_route53_resolver_logs
, a file under the path aws_route53_resolver_logs/afe3c55a-8b05-4ac7-be76-b6fda08af95d/file.log.gz
will be routed to the default
table.
S3 Path scheme to table:
*
(all) -> default
Schema
Amazon Route53 Resolver Logs data is normalized to ECS fields. You can view the complete mappings to see the full schema.