Fortinet black logo

External Systems Configuration Guide

Microsoft DNS (2003, 2008)

Microsoft DNS

Supported OS

  • Windows 2003
  • Windows 2008 and 2008 R2
  • Windows 2012 and 2012 R2
  • Windows 2016
  • Windows 2019

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Application type

Process level CPU utilization, Memory utilization

Performance Monitoring

WMI

Application type, service mappings

Process level metrics (Win32_Process, Win32_PerfRawData_PerfProc_Process): uptime, CPU utilization, Memory utilization, Read I/O, Write I/O
DNS metrics (Win32_PerfFormattedData_DNS_DNS): DNS requests received, DNS responses sent, WINS requests received, WINS responses sent, Recursive DNS queries received, Recursive DNS queries failed, Recursive DNS queries timeout, Dynamic DNS updates received, Dynamic DNS updates failed, Dynamic DNS updates timeout, Secure DNS update received, Secure DNS update failed, Full DNS Zone Transfer requests sent, Full DNS Zone Transfer requests received, Incremental DNS Zone Transfer requests sent, ncremental DNS Zone Transfer requests received

Performance Monitoring

Windows Agent

Application type

DNS name resolution activity: DNS Query Success and Failure by type

Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "microsoft dns" to see the event types associated with this device.

Configuration

SNMP

See SNMP Configurations in the Microsoft Windows Server Configuration section.

WMI

See WMI Configurations in the Microsoft Windows Server Configuration section.

FortiSIEM Windows Agent

For information on configuring DNS for FortiSIEM Windows Agent, see Configuring Windows DNS in the Windows Agent 6.3.3 Installation Guide.

Microsoft recommends that customers enable DNS Analytical logs only to debug DNS traffic or to troubleshoot DNS server issues. Enabling DNS Analytical logs can cause system performance issues (see Microsoft Logging and Diagnostics).

Settings for Access Credentials

See Setting Access Credentials in the Microsoft Windows Server Configuration section.

Microsoft DNS

Supported OS

  • Windows 2003
  • Windows 2008 and 2008 R2
  • Windows 2012 and 2012 R2
  • Windows 2016
  • Windows 2019

What is Discovered and Monitored

Protocol

Information discovered

Metrics collected

Used for

SNMP

Application type

Process level CPU utilization, Memory utilization

Performance Monitoring

WMI

Application type, service mappings

Process level metrics (Win32_Process, Win32_PerfRawData_PerfProc_Process): uptime, CPU utilization, Memory utilization, Read I/O, Write I/O
DNS metrics (Win32_PerfFormattedData_DNS_DNS): DNS requests received, DNS responses sent, WINS requests received, WINS responses sent, Recursive DNS queries received, Recursive DNS queries failed, Recursive DNS queries timeout, Dynamic DNS updates received, Dynamic DNS updates failed, Dynamic DNS updates timeout, Secure DNS update received, Secure DNS update failed, Full DNS Zone Transfer requests sent, Full DNS Zone Transfer requests received, Incremental DNS Zone Transfer requests sent, ncremental DNS Zone Transfer requests received

Performance Monitoring

Windows Agent

Application type

DNS name resolution activity: DNS Query Success and Failure by type

Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "microsoft dns" to see the event types associated with this device.

Configuration

SNMP

See SNMP Configurations in the Microsoft Windows Server Configuration section.

WMI

See WMI Configurations in the Microsoft Windows Server Configuration section.

FortiSIEM Windows Agent

For information on configuring DNS for FortiSIEM Windows Agent, see Configuring Windows DNS in the Windows Agent 6.3.3 Installation Guide.

Microsoft recommends that customers enable DNS Analytical logs only to debug DNS traffic or to troubleshoot DNS server issues. Enabling DNS Analytical logs can cause system performance issues (see Microsoft Logging and Diagnostics).

Settings for Access Credentials

See Setting Access Credentials in the Microsoft Windows Server Configuration section.