Skip to main content
Sumo Logic

Collect Logs for the Amazon Route 53 Resolver Security App

Set up log collection for the Amazon Route 53 Resolver Security app.

This topic has instructions for collecting logs for the Amazon Route 53 Resolver Security app.

Before you start

If you want to set up Route 53 Resolver DNS Firewall, see the Amazon Developer Guide for instructions.  

Set up collection

  1. Create an AWS Kinesis Firehose for Logs Source. Make a note of the HTTP Source Address for the source. You'll need it for the Cloudformation template below. 
  2. Set up CloudWatch to stream logs to Kinesis Data Firehose using the Cloudformation Template
  3. In this step, enable DNS query logging, as described in Managing Resolver query logging configurations in AWS help.
    1. When you select the type of AWS resource to which you want Resolver to send query logs, choose Kinesis Data Firehose delivery stream as the Destination for the Query Logs.
    2. Click Browse streams and select the Kinesis Data Firehose delivery stream that was created by the Sumo Logic CloudFormation template. It should start with ​​Kinesis-Logs-<random-string>.
    3. Click Add VPC in the VPCs to log queries for section.
      configure-query-loggging.png
    4. Complete your configuration by clicking Configure query logging at the bottom of the page.
    5. Your new configuration will now be listed.
      query-logging-configuration.png

Sample log message

Route 53 Resolver query log example