Integrate AWS Route 53 - Netsurion

Integrate AWS Route 53 EventTracker v9.2x and above

Publication Date: January 25, 2021

1

Integrate AWS Route 53

Abstract

This guide provides instructions to configure AWS Route 53 to send its log to EventTracker.

Scope

The configurations detailed in this guide are consistent with EventTracker version v9.2x or above and AWS

Route 53

Audience

Administrators who are assigned the task to monitor AWS Route 53 events using EventTracker.

The information contained in this document represents the current view of Netsurion on the

issues discussed as of the date of publication. Because Netsurion must respond to changing

market conditions, it should not be interpreted to be a commitment on the part of Netsurion, and

Netsurion cannot guarantee the accuracy of any information presented after the date of

publication.

This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS

OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the

rights under copyright, this paper may be freely distributed without permission from Netsurion, if

its content is unaltered, nothing is added to the content and credit to Netsurion is provided.

Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual

property rights covering subject matter in this document. Except as expressly provided in any

written license agreement from Netsurion, the furnishing of this document does not give you any

license to these patents, trademarks, copyrights, or other intellectual property.

The example companies, organizations, products, people and events depicted herein are fictitious.

No association with any real company, organization, product, person or event is intended or

should be inferred.

© 2021 Netsurion. All rights reserved. The names of actual companies and products mentioned

herein may be the trademarks of their respective owners.

2


Table of Contents 1. Overview ........................................................................................................................................................ 3

2. Prerequisites .................................................................................................................................................. 3

3. Integrating of AWS Route 53 with EventTracker .......................................................................................... 3

3.1 Integrate CloudWatch with EventTracker using EventTracker lambda function ................................... 4

3.2 Create Subscription Filters ...................................................................................................................... 6

4. EventTracker Knowledge Pack ...................................................................................................................... 9

4.1 Category .................................................................................................................................................. 9

4.2 Report ..................................................................................................................................................... 9

4.3 Dashboards ........................................................................................................................................... 10

5. Importing AWS Route 53 knowledge pack into EventTracker .................................................................... 13

5.1 Category ................................................................................................................................................ 13

5.2 Token template ..................................................................................................................................... 14

5.3 Knowledge Object ................................................................................................................................. 16

5.4 Report ................................................................................................................................................... 17

5.5 Dashboards ........................................................................................................................................... 18

6. Verifying AWS Route 53 knowledge pack in EventTracker ......................................................................... 21

6.1 Category ................................................................................................................................................ 21

6.2 Token templates ................................................................................................................................... 22

6.3 Knowledge Object ................................................................................................................................. 23

6.4 Report ................................................................................................................................................... 23

6.5 Dashboards ........................................................................................................................................... 24

3


1. Overview Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is

designed to provide developers and businesses a way to route end users to Internet applications. Amazon

Route 53 is fully compliant with IPv6 as well.

EventTracker helps to monitor events from AWS Route 53. The dashboard and reports help in monitoring

DNS query activities.

EventTracker’s built-in knowledge pack enables you to gather business intelligence providing increased

security, performance, availability, and reliability of your systems.

Through alerts, knowledge base solutions, and reports, EventTracker helps you correct problems long

before a disastrous failure occurs.

2. Prerequisites • AWS Subscription

• EventTracker Public Manager IP

3. Integrating of AWS Route 53 with EventTracker Note: We need to enable DNS query logging before sending logs.

1. Sign-in to AWS Management Console and open Route 53 console at

https://console.aws.amazon.com/route53/

2. In the navigation pane, choose Hosted zones.

3. Click on the hosted zone that you want to configure query logging for.

4. In the Hosted zone details pane, choose Configure query logging.

5. Choose an existing log group or create a new log group.

https://console.aws.amazon.com/route53/

4


Figure 1

6. In the Destination for query logs, choose CloudWatch Logs log group option.

7. If you receive an alert about permissions (this happens if you have not configured query logging with

the new console before), do one of the following:

• If you have 10 resource policies already, you cannot create any more. Select any of your resource

policies and click Edit. Editing will give Route 53 permissions to write logs to your log groups. Click

Save. Once the alert disappears and you can continue.

• If you have never configured query logging before (or if you have not created 10 resource policies

already), you need to grant permissions to Route 53 to write logs to your CloudWatch Logs groups.

Choose Grant permissions. Once the alert disappears and you can continue.

8. Choose Permissions - optional to see a table that shows whether the resource policy matches the

CloudWatch log group, and whether the Route 53 has the permission to publish logs to CloudWatch.

9. Click on Configure query logging.

Once we enabled query logging on route 53. We need to integrate CloudWatch with EventTracker using

EventTracker lambda function.

3.1 Integrate CloudWatch with EventTracker using EventTracker

lambda function 1. Click on services and select lambda.

5


Figure 2

2. In the navigation pane choose Functions, then click on create function.

Figure 3

3. Select Browse serverless app repository.

4. Search EventTracker in public applications. You will get the EventtrackerAWSAgent in results.

Figure 4

6


5. Fill the details and click on deploy.

Figure 5

6. Enter the EventTracker Public Manager IP. 7. Enable syslog obver TLS as True or False. 8. Enter the syslog port. 9. After you click deploy, a function is created.

3.2 Create Subscription Filters 1. Click on services and select CloudWatch.

2. In the navigation pane, choose log group.

3. Click on the log group provided while creating query logging.

4. Go to subscription filter.

7


Figure 6

5. Click on create lambda subscription filter.

6. Under lambda function, select the lambda function (created after deploying the application) created

from the dropdown.

7. Enter subscription filter name, i.e. route53Trigger.

8. Click on start streaming.

8


Figure 7

Integration is complete. CloudWatch logs will be sent to Eventtracker.

9


4. EventTracker Knowledge Pack Once logs are received by EventTracker manager, knowledge packs can be configured into EventTracker.

The following Knowledge Packs are available in EventTracker to support AWS Route 53.

4.1 Category

• Route 53: DNS Query Activities - This category provides information about DNS query activities.

4.2 Report

• Route 53 –DNA Queries Activities- This report gives information about all the DNS query activities.

Report contains query name, query type, protocol, response code, client IP, resolver IP, etc. details

which can be useful for monitoring.

Figure 8

Logs Considered

Figure 9

10


4.3 Dashboards

• Route 53: DNS queries by Volume

Figure 10

• Route 53: DNS Queries by Geolocation of Client

Figure 11

11


• Route 53: DNS Queries by Geolocation by Resolver

Figure 12

• Route 53: DNS Queries by Response Types

Figure 13

12


• Route 53: DNS Queries by Query Types

Figure 14

• Route 53: DNS Queries Domain by Resolver IP

Figure 15

13


5. Importing AWS Route 53 knowledge pack into

EventTracker NOTE: Import knowledge pack items in the following sequence:

• Category

• Token template

• Knowledge Object

• Report

• Dashboard

1. Launch EventTracker Control Panel.

2. Double click Export Import Utility.

Figure 16

3. Click the Import tab.

5.1 Category 1. Click Category option, and then click Browse .

14


Figure 17

2. Locate Categories_AWS Route 53.iscat file, and then click Open.

3. To import categories, click Import.

EventTracker displays success message.

Figure 18

4. Click OK, and then click Close.

5.2 Token template 1. Click Parsing rule under Admin option in the EventTracker manager page.

15


Figure 19

2. Click Template.

Figure 20

3. To import token template, click Import.

Figure 21

4. Locate the Templates_AWS Route 53.ettd type file by clicking Browse button, enable all the

templates and click import.

Figure 22

5. Click OK.

16


5.3 Knowledge Object 1. Click Knowledge objects under Admin option in the EventTracker manager page.

Figure 23

2. Click Import as highlighted in the below image.

Figure 24

3. Click Browse.

Figure 25

4. Locate the file named KO_AWS Route 53.etko.

17


5. Now select the check box and then click Import.

Figure 26

6. Knowledge objects are now imported successfully.

Figure 27

5.4 Report 1. Click Reports option and select New (*.etcrx) option.

Figure 28

18


2. Locate the file named Flex_Reports_AWS Route 53.etcrx and select the check box.

Figure 29

3. Click Import to import the report. EventTracker displays success message.

Figure 30

5.5 Dashboards NOTE: Below steps given are specific to EventTracker 9.2 and later.

1. Open EventTracker in browser and logon.

19


Figure 31

2. Navigate to My Dashboard option as shown above.

3. Click Import as show below:

Figure 32

4. Import dashboard file Dashboard_AWS Route 53.etwd and select Select All checkbox.

5. Click Import as shown below:

Figure 33

20


6. Import is now completed successfully.

Figure 34

7. In My Dashboard page select to add dashboard.

Figure 35

8. Choose appropriate name for Title and Description. Click Save.

Figure 36

9. In My Dashboard page select to add dashlets.

Figure 37

10. Select imported dashlets and click Add.

21


Figure 38

6. Verifying AWS Route 53 knowledge pack in

EventTracker

6.1 Category 1. Logon to EventTracker.

2. Click Admin dropdown, and then click Category.

Figure 39

3. In Category Tree to view imported category, scroll down and expand AWS Route 53 group folder

to view the imported category.

22


Figure 40

6.2 Token templates 1. In the EventTracker web interface, click the Admin dropdown, and then click Parsing rules.

Figure 41

2. On Template tab, click on the AWS Route 53 group folder to view the imported token values.

Figure 42

23


6.3 Knowledge Object 1. In the EventTracker web interface, click the Admin dropdown, and then select Knowledge Objects.

Figure 43

2. In the Knowledge Object tree, expand AWS Route 53 group folder to view the imported knowledge

object.

Figure 44

3. Click Activate Now to apply imported knowledge objects.

6.4 Report 1. In the EventTracker web interface, click the Reports menu, and then select Report Configuration.

24


Figure 45

2. In Reports Configuration pane, select Defined option.

3. Click on the AWS Route 53 group folder to view the imported reports.

Figure 46

6.5 Dashboards 1. In the EventTracker web interface, Click Home and select My Dashboard.

Figure 47

2. In the AWS Route 53 dashboard you should be now able to see the following figure.

25


Figure 48

Integrate AWS Route 53 - Netsurion

Documents

Transcript of Integrate AWS Route 53 - Netsurion