What is the best way to extract Azure DNS query logs for further analysis

Question

I'm not sure how to extract (and what is the preferred way) logs data of Azure DNS query logs for further analysis (as raw events).

Does it need to go through Azure monitor or maybe another way?

I would like to extract this data to event hub for further continuous processing. Is that possible?

Can i use/create diagnostic settings for DNS logs or export it like it is done for platform logs to different destinations (event hob/azure storage)?

score 1 · Accepted Answer · answered Apr 19 '22 at 00:56

1

Azure does not support DNS query logs (at this time).

The only query-based metric is Query volume.

answered Apr 19 '22 at 00:56

John Hanley

Can i use/create diagnostic settings for DNS logs or export it like platform logs to different destinations? https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings?tabs=CMD – Tal Avissar Apr 19 '22 at 07:55
That will not help you with DNS query logs. If you mean something else post a new question. – John Hanley Apr 19 '22 at 08:00

score 0 · Answer 2 · answered Feb 24 '23 at 00:28

0

If you use DNS proxy (through Azure firewall) I think it might provide you with additional logs.

Check DNS proxy in the following link:

answered Feb 24 '23 at 00:28

Norrin Rad

2 Answers2