Skip to content

Enable DNS Logs

To enable GCP DNS query logs, follow the below steps.

Steps

  1. Navigate to VPC network in GCP console.

  2. Open Google cloud shell and execute this command:

    gcloud dns policies create POLICY_NAME --networks=NETWORK --enable-logging

  3. Navigate to Cloud Storage section and create a storage bucket. You can leave everything as default when creating storage bucket.
    Note: Both DNS and VPC logs can share the same cloud storage bucket.

  4. Navigate to Logs Route section.
  5. Click on Create Sink
  6. Provide a sink name.
  7. Select "Cloud Storage bucket" for sink service.
  8. Select the cloud storage bucket that was created above.

  9. In "Choose logs to include in sink" section, put in this string: resource.type="dns_query"

    Below steps are the same as mentioned in VPC flow log for GCP. If you are sharing cloud storage bucket, you only need to perform below steps once.

  10. Click Create Sink.

  11. Navigate to IAM -> Roles
  12. Create a custom role with this permission: storage.buckets.list

  13. Create another custom role with following permission:

    storage.buckets.get storage.objects.get storage.objects.list

  14. Add both custom role to the service account created for Valtix Controller. When adding the second custom role, put this condition:
    (resource.type == "storage.googleapis.com/Bucket" || resource.type == "storage.googleapis.com/Object") && resource.name.startsWith('projects/_/buckets/<cloud storage name>')

  15. Navigate to Pub/Subs
  16. Click on Create Topic
  17. Provide a Topic name and click create.
  18. Click on Subscriptions. You will find that there is a subscription created for the topic that was just created.
  19. Edit the subscription.
  20. Change Delivery type as Push.
  21. Once Push is selected, enter in the endpoint URL: https://prod1-webhook.vtxsecurityservices.com:8093/webhook/<tenant name>/gcp/cloudstorage. Tenant name is assigned by Valtix. To view tenant name, navigate to Valtix Controller and click on your username.
  22. Click Update.
  23. Create a cloud storage notification by opening a Google cloud shell and execute this command: gsutil notification create -t <TOPIC_NAME\> -f json gs://<BUCKET_NAME>