The Amazon Route53 Resolver Logs Matano managed log source lets you ingest DNS logs for queries & responses from:
- Queries that originate in Amazon Virtual Private Cloud VPCs that you specify, as well as the responses to those DNS queries.
- Queries from on-premises resources that use an inbound Resolver endpoint.
- Queries that use an outbound Resolver endpoint for recursive DNS resolution.
- Queries that use Route 53 Resolver DNS Firewall rules to block, allow, or monitor domain lists.
See the Amazon Route53 Docs for more information.
Use the managed log source by specifying the
managed.type property in your
log_source.yml configuration file as
For example, if you want to ingest Amazon Route53 Resolver Logs (default table) may structure your log source under a subdirectory called
aws_route53 (for short) as follows:
For a complete reference on configuring log sources, including extending the table schema, see Log source configuration.
The Amazon Route53 Resolver Logs managed log source supports the following tables:
- default (aws_route53_resolver_logs)
For a log source named
aws_route53_resolver_logs, a file under the path
aws_route53_resolver_logs/afe3c55a-8b05-4ac7-be76-b6fda08af95d/file.log.gz will be routed to the
S3 Path scheme to table:
*(all) -> default
Amazon Route53 Resolver Logs data is normalized to ECS fields. You can view the complete mappings to see the full schema.