Securd Protection supports log forwarding. Log forwarding is a real-time fork of your DNS log data to a target HTTP webhook. We do the hard work by enriching and annotating your logs with contextual information. DNS logs are known to very extremely verbose. Securd logging automatically de-duplicates your DNS logs on 5 minute intervals. This makes DNS logs easier to consume and analyze without excessive noise and cost. There is no additional cost for log forwarding on the Securd side for any plan.
The detailed activity logs that are visible in the Securd Protection logs will be forwarded to your target SIEM or log analysis tool. Logs will be forwarding in a simple, friendly JSON format via a HTTPS POST. This enables you to build charts, analyze data and setup alerting in your favorite SIEM with ease.
Steps to Get DNS Log Forwarding
How To Enable Log Forwarding
1. Browse to your Company global settings.
2. Click on the Logging tab.
3. Select the HTTP logging to enabled.
4. If your endpoint requires an Authorization Bearer token, generate it in your SIEM and paste to the Authentication Token field.
5. Paste the full URL of your logging endpoint.
6. Click Save.
Once you save your setting, logging will immediately start forwarding to the endpoint. The only logs that will be forwarded are new logs from the time the setting is saved.
If your endpoint repeatedly fails over 15 mins due to an authorization or configuration issue, Securd will automatically disable log forwarding in your Company setting.