integrate aws route 53 - netsurion
TRANSCRIPT
Integrate AWS Route 53 EventTracker v9.2x and above
Publication Date: January 25, 2021
1
Integrate AWS Route 53
Abstract
This guide provides instructions to configure AWS Route 53 to send its log to EventTracker.
Scope
The configurations detailed in this guide are consistent with EventTracker version v9.2x or above and AWS
Route 53
Audience
Administrators who are assigned the task to monitor AWS Route 53 events using EventTracker.
The information contained in this document represents the current view of Netsurion on the
issues discussed as of the date of publication. Because Netsurion must respond to changing
market conditions, it should not be interpreted to be a commitment on the part of Netsurion, and
Netsurion cannot guarantee the accuracy of any information presented after the date of
publication.
This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS
OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the
rights under copyright, this paper may be freely distributed without permission from Netsurion, if
its content is unaltered, nothing is added to the content and credit to Netsurion is provided.
Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Netsurion, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
The example companies, organizations, products, people and events depicted herein are fictitious.
No association with any real company, organization, product, person or event is intended or
should be inferred.
© 2021 Netsurion. All rights reserved. The names of actual companies and products mentioned
herein may be the trademarks of their respective owners.
2
Integrate AWS Route 53
Table of Contents 1. Overview ........................................................................................................................................................ 3
2. Prerequisites .................................................................................................................................................. 3
3. Integrating of AWS Route 53 with EventTracker .......................................................................................... 3
3.1 Integrate CloudWatch with EventTracker using EventTracker lambda function ................................... 4
3.2 Create Subscription Filters ...................................................................................................................... 6
4. EventTracker Knowledge Pack ...................................................................................................................... 9
4.1 Category .................................................................................................................................................. 9
4.2 Report ..................................................................................................................................................... 9
4.3 Dashboards ........................................................................................................................................... 10
5. Importing AWS Route 53 knowledge pack into EventTracker .................................................................... 13
5.1 Category ................................................................................................................................................ 13
5.2 Token template ..................................................................................................................................... 14
5.3 Knowledge Object ................................................................................................................................. 16
5.4 Report ................................................................................................................................................... 17
5.5 Dashboards ........................................................................................................................................... 18
6. Verifying AWS Route 53 knowledge pack in EventTracker ......................................................................... 21
6.1 Category ................................................................................................................................................ 21
6.2 Token templates ................................................................................................................................... 22
6.3 Knowledge Object ................................................................................................................................. 23
6.4 Report ................................................................................................................................................... 23
6.5 Dashboards ........................................................................................................................................... 24
3
Integrate AWS Route 53
1. Overview Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is
designed to provide developers and businesses a way to route end users to Internet applications. Amazon
Route 53 is fully compliant with IPv6 as well.
EventTracker helps to monitor events from AWS Route 53. The dashboard and reports help in monitoring
DNS query activities.
EventTracker’s built-in knowledge pack enables you to gather business intelligence providing increased
security, performance, availability, and reliability of your systems.
Through alerts, knowledge base solutions, and reports, EventTracker helps you correct problems long
before a disastrous failure occurs.
2. Prerequisites • AWS Subscription
• EventTracker Public Manager IP
3. Integrating of AWS Route 53 with EventTracker Note: We need to enable DNS query logging before sending logs.
1. Sign-in to AWS Management Console and open Route 53 console at
https://console.aws.amazon.com/route53/
2. In the navigation pane, choose Hosted zones.
3. Click on the hosted zone that you want to configure query logging for.
4. In the Hosted zone details pane, choose Configure query logging.
5. Choose an existing log group or create a new log group.
4
Integrate AWS Route 53
Figure 1
6. In the Destination for query logs, choose CloudWatch Logs log group option.
7. If you receive an alert about permissions (this happens if you have not configured query logging with
the new console before), do one of the following:
• If you have 10 resource policies already, you cannot create any more. Select any of your resource
policies and click Edit. Editing will give Route 53 permissions to write logs to your log groups. Click
Save. Once the alert disappears and you can continue.
• If you have never configured query logging before (or if you have not created 10 resource policies
already), you need to grant permissions to Route 53 to write logs to your CloudWatch Logs groups.
Choose Grant permissions. Once the alert disappears and you can continue.
8. Choose Permissions - optional to see a table that shows whether the resource policy matches the
CloudWatch log group, and whether the Route 53 has the permission to publish logs to CloudWatch.
9. Click on Configure query logging.
Once we enabled query logging on route 53. We need to integrate CloudWatch with EventTracker using
EventTracker lambda function.
3.1 Integrate CloudWatch with EventTracker using EventTracker
lambda function 1. Click on services and select lambda.
5
Integrate AWS Route 53
Figure 2
2. In the navigation pane choose Functions, then click on create function.
Figure 3
3. Select Browse serverless app repository.
4. Search EventTracker in public applications. You will get the EventtrackerAWSAgent in results.
Figure 4
6
Integrate AWS Route 53
5. Fill the details and click on deploy.
Figure 5
6. Enter the EventTracker Public Manager IP. 7. Enable syslog obver TLS as True or False. 8. Enter the syslog port. 9. After you click deploy, a function is created.
3.2 Create Subscription Filters 1. Click on services and select CloudWatch.
2. In the navigation pane, choose log group.
3. Click on the log group provided while creating query logging.
4. Go to subscription filter.
7
Integrate AWS Route 53
Figure 6
5. Click on create lambda subscription filter.
6. Under lambda function, select the lambda function (created after deploying the application) created
from the dropdown.
7. Enter subscription filter name, i.e. route53Trigger.
8. Click on start streaming.
8
Integrate AWS Route 53
Figure 7
Integration is complete. CloudWatch logs will be sent to Eventtracker.
9
Integrate AWS Route 53
4. EventTracker Knowledge Pack Once logs are received by EventTracker manager, knowledge packs can be configured into EventTracker.
The following Knowledge Packs are available in EventTracker to support AWS Route 53.
4.1 Category
• Route 53: DNS Query Activities - This category provides information about DNS query activities.
4.2 Report
• Route 53 –DNA Queries Activities- This report gives information about all the DNS query activities.
Report contains query name, query type, protocol, response code, client IP, resolver IP, etc. details
which can be useful for monitoring.
Figure 8
Logs Considered
Figure 9
10
Integrate AWS Route 53
4.3 Dashboards
• Route 53: DNS queries by Volume
Figure 10
• Route 53: DNS Queries by Geolocation of Client
Figure 11
11
Integrate AWS Route 53
• Route 53: DNS Queries by Geolocation by Resolver
Figure 12
• Route 53: DNS Queries by Response Types
Figure 13
12
Integrate AWS Route 53
• Route 53: DNS Queries by Query Types
Figure 14
• Route 53: DNS Queries Domain by Resolver IP
Figure 15
13
Integrate AWS Route 53
5. Importing AWS Route 53 knowledge pack into
EventTracker NOTE: Import knowledge pack items in the following sequence:
• Category
• Token template
• Knowledge Object
• Report
• Dashboard
1. Launch EventTracker Control Panel.
2. Double click Export Import Utility.
Figure 16
3. Click the Import tab.
5.1 Category 1. Click Category option, and then click Browse .
14
Integrate AWS Route 53
Figure 17
2. Locate Categories_AWS Route 53.iscat file, and then click Open.
3. To import categories, click Import.
EventTracker displays success message.
Figure 18
4. Click OK, and then click Close.
5.2 Token template 1. Click Parsing rule under Admin option in the EventTracker manager page.
15
Integrate AWS Route 53
Figure 19
2. Click Template.
Figure 20
3. To import token template, click Import.
Figure 21
4. Locate the Templates_AWS Route 53.ettd type file by clicking Browse button, enable all the
templates and click import.
Figure 22
5. Click OK.
16
Integrate AWS Route 53
5.3 Knowledge Object 1. Click Knowledge objects under Admin option in the EventTracker manager page.
Figure 23
2. Click Import as highlighted in the below image.
Figure 24
3. Click Browse.
Figure 25
4. Locate the file named KO_AWS Route 53.etko.
17
Integrate AWS Route 53
5. Now select the check box and then click Import.
Figure 26
6. Knowledge objects are now imported successfully.
Figure 27
5.4 Report 1. Click Reports option and select New (*.etcrx) option.
Figure 28
18
Integrate AWS Route 53
2. Locate the file named Flex_Reports_AWS Route 53.etcrx and select the check box.
Figure 29
3. Click Import to import the report. EventTracker displays success message.
Figure 30
5.5 Dashboards NOTE: Below steps given are specific to EventTracker 9.2 and later.
1. Open EventTracker in browser and logon.
19
Integrate AWS Route 53
Figure 31
2. Navigate to My Dashboard option as shown above.
3. Click Import as show below:
Figure 32
4. Import dashboard file Dashboard_AWS Route 53.etwd and select Select All checkbox.
5. Click Import as shown below:
Figure 33
20
Integrate AWS Route 53
6. Import is now completed successfully.
Figure 34
7. In My Dashboard page select to add dashboard.
Figure 35
8. Choose appropriate name for Title and Description. Click Save.
Figure 36
9. In My Dashboard page select to add dashlets.
Figure 37
10. Select imported dashlets and click Add.
21
Integrate AWS Route 53
Figure 38
6. Verifying AWS Route 53 knowledge pack in
EventTracker
6.1 Category 1. Logon to EventTracker.
2. Click Admin dropdown, and then click Category.
Figure 39
3. In Category Tree to view imported category, scroll down and expand AWS Route 53 group folder
to view the imported category.
22
Integrate AWS Route 53
Figure 40
6.2 Token templates 1. In the EventTracker web interface, click the Admin dropdown, and then click Parsing rules.
Figure 41
2. On Template tab, click on the AWS Route 53 group folder to view the imported token values.
Figure 42
23
Integrate AWS Route 53
6.3 Knowledge Object 1. In the EventTracker web interface, click the Admin dropdown, and then select Knowledge Objects.
Figure 43
2. In the Knowledge Object tree, expand AWS Route 53 group folder to view the imported knowledge
object.
Figure 44
3. Click Activate Now to apply imported knowledge objects.
6.4 Report 1. In the EventTracker web interface, click the Reports menu, and then select Report Configuration.
24
Integrate AWS Route 53
Figure 45
2. In Reports Configuration pane, select Defined option.
3. Click on the AWS Route 53 group folder to view the imported reports.
Figure 46
6.5 Dashboards 1. In the EventTracker web interface, Click Home and select My Dashboard.
Figure 47
2. In the AWS Route 53 dashboard you should be now able to see the following figure.
25
Integrate AWS Route 53
Figure 48