From 3b858b608d698375a8d0c98f595eeb322fbf0396 Mon Sep 17 00:00:00 2001 From: Jasper Date: Fri, 17 Apr 2026 13:50:34 +0000 Subject: [PATCH 1/5] Initial commit of new integration EfficientIP --- packages/efficient_ip/LICENSE.txt | 93 + .../efficient_ip/_dev/build/docs/README.md | 64 + .../build/packages/efficient_ip-0.0.1.zip | Bin 0 -> 38538 bytes .../packages/efficient_ip/0.0.1/LICENSE.txt | 93 + .../packages/efficient_ip/0.0.1/changelog.yml | 6 + .../data_stream/log/agent/stream/udp.yml.hbs | 33 + .../elasticsearch/ingest_pipeline/default.yml | 235 + .../ingest_pipeline/pipeline_dhcp.yml | 339 + .../ingest_pipeline/pipeline_dns.yml | 169 + .../data_stream/log/fields/base-fields.yml | 12 + .../0.0.1/data_stream/log/fields/fields.yml | 145 + .../0.0.1/data_stream/log/manifest.yml | 43 + .../0.0.1/data_stream/log/sample_event.json | 53 + .../efficient_ip/0.0.1/docs/README.md | 81 + .../efficient_ip/0.0.1/img/EIP-Logo.svg | 20 + .../0.0.1/img/EIP-Logo_BlueGrey.svg | 20 + .../efficient_ip/0.0.1/img/sample-logo.svg | 1 + .../0.0.1/img/sample-screenshot.png | Bin 0 -> 18849 bytes .../packages/efficient_ip/0.0.1/manifest.yml | 39 + .../efficient_ip/0.0.1/sample_event.json | 58 + packages/efficient_ip/changelog.yml | 6 + .../log/_dev/test/pipeline/test-dhcp.log | 695 + .../test/pipeline/test-dhcp.log-expected.json | 12834 ++ .../log/_dev/test/pipeline/test-dns.log | 2000 + .../test/pipeline/test-dns.log-expected.json | 133860 +++++++++++++++ .../data_stream/log/agent/stream/udp.yml.hbs | 33 + .../elasticsearch/ingest_pipeline/default.yml | 235 + .../ingest_pipeline/pipeline_dhcp.yml | 339 + .../ingest_pipeline/pipeline_dns.yml | 169 + .../data_stream/log/fields/base-fields.yml | 12 + .../data_stream/log/fields/fields.yml | 145 + .../efficient_ip/data_stream/log/manifest.yml | 43 + .../data_stream/log/sample_event.json | 53 + packages/efficient_ip/docs/README.md | 81 + packages/efficient_ip/img/EIP-Logo.svg | 20 + .../efficient_ip/img/EIP-Logo_BlueGrey.svg | 20 + packages/efficient_ip/img/sample-logo.svg | 1 + .../efficient_ip/img/sample-screenshot.png | Bin 0 -> 18849 bytes packages/efficient_ip/manifest.yml | 39 + packages/efficient_ip/sample_event.json | 58 + 40 files changed, 152147 insertions(+) create mode 100644 packages/efficient_ip/LICENSE.txt create mode 100644 packages/efficient_ip/_dev/build/docs/README.md create mode 100644 packages/efficient_ip/build/packages/efficient_ip-0.0.1.zip create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/LICENSE.txt create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/changelog.yml create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/agent/stream/udp.yml.hbs create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/base-fields.yml create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/fields.yml create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/manifest.yml create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/sample_event.json create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/docs/README.md create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo.svg create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo_BlueGrey.svg create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-logo.svg create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-screenshot.png create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/manifest.yml create mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/sample_event.json create mode 100644 packages/efficient_ip/changelog.yml create mode 100644 packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dhcp.log create mode 100644 packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json create mode 100644 packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dns.log create mode 100644 packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json create mode 100644 packages/efficient_ip/data_stream/log/agent/stream/udp.yml.hbs create mode 100644 packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml create mode 100644 packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml create mode 100644 packages/efficient_ip/data_stream/log/fields/base-fields.yml create mode 100644 packages/efficient_ip/data_stream/log/fields/fields.yml create mode 100644 packages/efficient_ip/data_stream/log/manifest.yml create mode 100644 packages/efficient_ip/data_stream/log/sample_event.json create mode 100644 packages/efficient_ip/docs/README.md create mode 100644 packages/efficient_ip/img/EIP-Logo.svg create mode 100644 packages/efficient_ip/img/EIP-Logo_BlueGrey.svg create mode 100644 packages/efficient_ip/img/sample-logo.svg create mode 100644 packages/efficient_ip/img/sample-screenshot.png create mode 100644 packages/efficient_ip/manifest.yml create mode 100644 packages/efficient_ip/sample_event.json diff --git a/packages/efficient_ip/LICENSE.txt b/packages/efficient_ip/LICENSE.txt new file mode 100644 index 00000000000..809108b857f --- /dev/null +++ b/packages/efficient_ip/LICENSE.txt @@ -0,0 +1,93 @@ +Elastic License 2.0 + +URL: https://www.elastic.co/licensing/elastic-license + +## Acceptance + +By using the software, you agree to all of the terms and conditions below. + +## Copyright License + +The licensor grants you a non-exclusive, royalty-free, worldwide, +non-sublicensable, non-transferable license to use, copy, distribute, make +available, and prepare derivative works of the software, in each case subject to +the limitations and conditions below. + +## Limitations + +You may not provide the software to third parties as a hosted or managed +service, where the service provides users with access to any substantial set of +the features or functionality of the software. + +You may not move, change, disable, or circumvent the license key functionality +in the software, and you may not remove or obscure any functionality in the +software that is protected by the license key. + +You may not alter, remove, or obscure any licensing, copyright, or other notices +of the licensor in the software. Any use of the licensor’s trademarks is subject +to applicable law. + +## Patents + +The licensor grants you a license, under any patent claims the licensor can +license, or becomes able to license, to make, have made, use, sell, offer for +sale, import and have imported the software, in each case subject to the +limitations and conditions in this license. This license does not cover any +patent claims that you cause to be infringed by modifications or additions to +the software. If you or your company make any written claim that the software +infringes or contributes to infringement of any patent, your patent license for +the software granted under these terms ends immediately. If your company makes +such a claim, your patent license ends immediately for work on behalf of your +company. + +## Notices + +You must ensure that anyone who gets a copy of any part of the software from you +also gets a copy of these terms. + +If you modify the software, you must include in any modified copies of the +software prominent notices stating that you have modified the software. + +## No Other Rights + +These terms do not imply any licenses other than those expressly granted in +these terms. + +## Termination + +If you use the software in violation of these terms, such use is not licensed, +and your licenses will automatically terminate. If the licensor provides you +with a notice of your violation, and you cease all violation of this license no +later than 30 days after you receive that notice, your licenses will be +reinstated retroactively. However, if you violate these terms after such +reinstatement, any additional violation of these terms will cause your licenses +to terminate automatically and permanently. + +## No Liability + +*As far as the law allows, the software comes as is, without any warranty or +condition, and the licensor will not be liable to you for any damages arising +out of these terms or the use or nature of the software, under any kind of +legal claim.* + +## Definitions + +The **licensor** is the entity offering these terms, and the **software** is the +software the licensor makes available under these terms, including any portion +of it. + +**you** refers to the individual or entity agreeing to these terms. + +**your company** is any legal entity, sole proprietorship, or other kind of +organization that you work for, plus all organizations that have control over, +are under the control of, or are under common control with that +organization. **control** means ownership of substantially all the assets of an +entity, or the power to direct its management and policies by vote, contract, or +otherwise. Control can be direct or indirect. + +**your licenses** are all the licenses granted to you for the software under +these terms. + +**use** means anything you do with the software requiring one of your licenses. + +**trademark** means trademarks, service marks, and similar rights. diff --git a/packages/efficient_ip/_dev/build/docs/README.md b/packages/efficient_ip/_dev/build/docs/README.md new file mode 100644 index 00000000000..88fd0e14a91 --- /dev/null +++ b/packages/efficient_ip/_dev/build/docs/README.md @@ -0,0 +1,64 @@ +{{- generatedHeader }} +{{/* +This template can be used as a starting point for writing documentation for your new integration. For each section, fill in the details +described in the comments. + +Find more detailed documentation guidelines in https://www.elastic.co/docs/extend/integrations/documentation-guidelines +*/}} +# EfficientIP Integration for Elastic + +The EfficientIP integration collects and parses data from [EfficientIP](https://efficientip.com/) DDI (DNS, DHCP, and IPAM) solutions, enabling centralized monitoring and analysis of network infrastructure events within Elastic. + +## Overview +{{/* Complete this section with a short summary of what data this integration collects and what use cases it enables */}} +The EfficientIP integration for Elastic enables collection of event logs from DNS, DHCP and IPAM. This integration enables the +following use cases: +- DNS query monitoring and threat detection +- DHCP lease management and IP address tracking +- IPAM auditing and infrastructure compliance +- Network anomaly identification and security investigations + +### Compatibility +{{/* Complete this section with information on what 3rd party software or hardware versions this integration is compatible with */}} +This integration is tested with EfficientIP version 8.4.7e + +## What data does this integration collect? +{{/* Complete this section with information on what types of data the integration collects, and link to reference documentation if available */}} +This integration collects the following data types from EfficientIP DDI solutions: + +- **DNS Events**: Query logs, response codes, and DNS transactions +- **DHCP Events**: Lease assignments, renewals, releases, and IP address allocations +- **IPAM Events**: Address space changes, subnet modifications, and infrastructure audits + +All events are forwarded via syslog and processed through Elastic ingest pipelines for analysis and visualization within the Elastic Stack. + + +## What do I need to use this integration? +{{/* List any vendor-specific prerequisites needed before starting to install the integration. */}} +Minimum requierment Elastic stack 9.0.x and EfficientIP version 8.4.7e + + +## Deployment methods +This integration supports the following deployment methods: + +**Syslog-based**: EfficientIP nodes forward events to a syslog destination where Elastic Agent collects and processes the data. + +To configure syslog forwarding on an EfficientIP node: + +1. Access the EfficientIP administration interface +2. Navigate to **System Settings** > **Logging** or **Event Forwarding** +3. Select **Syslog** as the destination type +4. Enter the syslog receiver host IP address and port +6. Verify the connection and enable syslog forwarding +7. Configure Elastic Agent to listen on the syslog port and ingest the forwarded events + +Refer to the EfficientIP documentation for your version for detailed configuration steps specific to your deployment. + +### Agent-based deployment +Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). You can install only one Elastic Agent per host. + +Elastic Agent is required to stream data from the syslog or log file receiver and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines. + +### Inputs used +{{/* All inputs used by this package will be automatically listed here. */}} +{{ inputDocs }} diff --git a/packages/efficient_ip/build/packages/efficient_ip-0.0.1.zip b/packages/efficient_ip/build/packages/efficient_ip-0.0.1.zip new file mode 100644 index 0000000000000000000000000000000000000000..8d9577d86657cfd2dd258a8b4f75ec6d8bf49c38 GIT binary patch literal 38538 zcmc$`1CVXqlJ8r#ZQHfWwr$(Cxy!b>%eHOXw!O={{Hou1=X#S#CPs>2ZK*vZg zEg>W#t0Y3_?Cz|h3Z!M zVlr7oETLjpm|WI316i2 zG(Uj1kq}V;VE_wTkb~#b0FA(P4M&1WO3EOn5yl17oL z-6N3t7V3GYG3}HElR$^mdtV|eK*LMqdD)9qEjW2}s}j4zF0L;nFdXM3@M`d=w>lN0 zbxKP?^=$N(ft|d z{gbF#-IW-#bvwVIN2VN?PK2b1qV7ssJX7GmQbY7$yzSAWpj!Sc1WD z5Zi@Lsl7q16HKxq`qjK46E!Yrug?VFA;+;fe^}&x6x7H7Ca%o?Aw^D3{a9GzLrN)PyjMEl-#gw%*g(JyYenWzFhc_%68CK9vmlPUU ziCaMUaU<_oFPCHouYvTsva zh@Q2Y^?0U&tlD&|(XvOpm26u}%=1BZMkNMRn`6Gl4i?E*PFLKR0oyuR`*sehj8=NI zxD|-fe<-nRoZHA)OX)!WCZZRGJy-pa^z*Lx3Z(;vJ7$p)4Qe7~)Cz3vXbs+<<<*Xh zM{Ax!T33Kb+oE^Y>e6$ms+l_TtMf_jYLo;0SK3KcJR=~`t{%V%p>SuCr#UOj0oU)8Fz=m?b>4bzRN%hA$e>LY)C7fR+wPEsC|`-JTSrNGwgd;;LoVb-pQSrW&S zZy{8gFPXemDOVpNIV@r+frm>XJ+y0?GkqxFIj_w1qb_5?bv5d{lp)}Sh+f#xUXyYB zp-UYI7*bHVB<0V>=V~UOw8773&i}!3Sp}hoQDZ%@#*)kQkmihDm$55Em@Hy?modl3t|wPcoaDPb)0$kQ9qBtqXg;B{A8uz~$lqBnYEH z1u&~XWA^cfp(4%p}prtr$ZN)1;h1?!yW$QiG3WRT+e+M9}-d#^RTi0i!RL3b(X-4 z2%ug*Lj%=5^;(aRtq>q;7HoH#nw46R7W87Dyuu_`43ju{olYa@&x9)AiXtlNHrEgE zz;Gu=o!W44Vd>1b5O4spt@mL%88R2;hJv8avhYGay*~;RycPG)fS6oSS(OG1(eZ>Y^s!;s;5NlRqThKRKQ6r*sXlBgJsN8#| z%HJUW?!O>Y|5DjEMfbmdfAjy}koq6livN%OH#TrK&~tKjG%>KD|I7V&-^%w` z{wtO!|20bnX5UiaU$MvV-?8_P9sWm>gzJC7tc$VzzeN+BxuMfvLmCw?U>C>$6MXXy zwV1uK^=3wdj@PFtp3m;Qp!oGn*{iN)qbP^L*E2&uhC!0Mu81QQ!nXJfNmO3ag(@^& zE<;Jr-H7ay0ZC+R5Y+Q)ox7RpDz;8>+kKTIojj<`v8BA-H}iSmhM(EjRkmsE!m8=gl1zf#jIaDb&dKIZfP5PxulSfs>SalR$1YP{>JvlIgFu;>pZavs`ryl@x+n=UM}OT&ompN(pawoy31;#W z@LHPG=&S%qVQ|COVns({GsO@Dm~tSxL!{^N80QH)6cPdvxi#MHpW+WFt5p-T-LyA5`v z&m29*R9#DKwTder3aH1SRI7kx{w*+<*Syxv@+jtnws>(m2`(3uk7v*_bglZsPTRW3 zX#e~=(~$c~7<@-@*wBG&fMoiz*(4_Pn9|;~A3p^=Ss$&-XP%MMqwU> zS-6C4v62pDo4Edj;>IKb_bncR5e~b80g~|$k*OJ@5KU^M_CKY$wCBTqAfZz+8*1mL z%A06+{5tAvEY5@O{@hdVP%we8+Xl!SsRPZEXG8c^lLaa%!a)rJjWjbCye)O|;&h@h zvo4a5%L2Qx3z^R%SuCkz)bTcP(e<#fGUf;0)5;i&)1-XNM@X5fOuv=ZK;gB4-{y7p zu<>wk@;q`dw)f!f=XiL`>m4p^6sL1tlst+p$JgV1d+8x$V(*y$*_4WRiGS05NPK*njf;p=k^sO zpcmbsRbn*l$!nHZK+laA0`-{ER$&oX-c-{!W~~aFt<=~Sx-{{BiyD@WTB~09tCY-)u{FA;=1-ZK6r^DzjhPJ&4feV81vpZrcj6uK1fVIM^-|K$m)D z#Vow2cTB{2(WU5~cw>QQ z4`K2y_i@>C6hI+4gqm{dR$P+wUp45Eom3Zb;C5u}(A!Ip_mrWcSEKD46LeAEXZd8GRJvTfAJa~r!@Dw?qa0)#JQBB2J@oiRuPYI$3}mYl$h8O?^#Mg4K4#(6IhF% znS&InD{lC--|G;+Y}gO}xg1XA{bP#LiiOkP}qV<`9#sHj-ILxv!t>SO;0QIsx1 zqPExMYD_mRWz#5^ttqwn^tcbWd+1c6QWD#UK+?;IEl@G_E1mhp>-1HuC- z;wc-ObI5Df1e2Ilf6{J!=N4VJRcmd>FLyXEi{pOX_PlJC66ZWd%`yNJN#tWK& zo?Y!|{=z(|lf$=`GI4;zP>~AD3EYJF9D+S|dUrn)N0#u}J@8rJ-k>qMrxfVG0@Z9{ z-l&~K=xg~H7;<5&1CNMRJdve8Q+7~1L_PwLXLM6s{k~=K--PnMBEzTD zw@}`}|2vKU5zQ3;CusI}eCipS8~xv6=r193scq-9&wl62mn+z_u9s41xx3v#CFaoA zCUYg5K$^I<(cb1n={itqND^yIp1S|ORbxCc>@V;`;644ZGh_AK_VNCKSo25g#+5Gw z|DP;jMuSCxXOe(8d48i|g`hS9=YY-Iv_Bx`-cGS0d^%eNaWcX;LWAk>f(&$7@DMKX z{_3A%pV-I{z~BmDdYFFKB3VO|W_j&z0Rtd7DBh0+llJ{H^>Y@bS2ye(aFuOJL;V`&H^*zeEkE$vbS9ft_ko&?Cke?JA?( z$KPMPzga)MZJD3;LeI8_`h=@Q3}?yAtz9ncj^7GF%GpJHpmZTbP0yIJJ;R~2dXSt4 zThAwAK0`$RjID#`K`Q!E$yrMT_yp<{I}Hj%NLE0RBkbbOwr}mLM|XK*lW?08WFK^DuB5Ans<{BFVy)SGQ(Z$_y`BDSlVU5X0M?Zs zCrlZ!#<(y}IB18BYesy&m5Es@PN)yKMX;wX7(8v-5}W&Z9J9#elTZ&H0)OBn!4`r>sRSNC z<8jXCk9C!o%4f@&-bhr9@>ptgVI4_IqgcHjM>bE?*tH0xJaHEdmyOLKs;cs6Dl~H6 zvcnwFCQ+wXP_%3{ySEho;1pc-`qAL_&v;ntSl}`vgm(u51CpJO{YRh0Ro&E1w6Mf7 zTw0VVJdZ4O#>)eybNLsmL{3^$+G{y*H9oD4Ot@;_ZBsoD(x(k!xMo!J@FK+D?>OR(`JOLXIcn1o{nKxM{U;0B*-tjPKaYsdsgq^I|5$sdpZ;9+ZOLSSWI zVAJ`g46?nSoo|1Pd`ykTd>&u7B5-d39W`^sKkiO_^ zHMRqP!n@pttK?m65{eV4Y><6k5p#P8Wf?soY!>LYJ!7R>twg-E^7Xb4 zRYg$lZkmnW+}WH9yx`e}2hY_BtogZ1E)6V7$S=2hAndOlN>QK#$LKd8NBE18%%H!I z5`A=%Qpzy5>iQDT!ZdNrkO9YY#jRim{Ni-e|4-Vj+9WVN^@pQWyQr)}M9#K6U9Pu2 zVG+eg9(SSq3eoU^H;WhPS<+}0wX}+Xz=_ZPE&)H49`n$g2!~_%lr=*r z`YzBRf08g@%pOsVL_9ZbmwSH1%l;tFqQHV{Ky4OviWhLp8vv4Ukga+ zzNsK)C^gM)=YT;L1OzAg=^fG#_fM9aK6QSLEk*i1dD7;B*~dHQvRLByAoh@6FMYyW z32TvxC4OMf$13d-8jK6Ob4IAxZ-|hqr@)Ihs=~ z2?I4v+Ht2(ftij3qQ}hJeiex`xpj$RXv%_Xk57 z>wG#gyUIkRQNc-~CWyS3#fb&(VT2nXzvR0CU|y0fm1~}OF9ypmmI%5;ZH)yz)nZI| zWYk^Lsdy@Kw2}-WaNbwu%v>U~>%Q5vjzVki@pH}I?m6e`wat-05@||L8@?dQRVX_J zm0e@)Z6+996%QC1Y(IY;>;Vu#3nc5}*89D^3KRDQ-_T$f6XRayaC z;B`O>_z)JgeajR0|qd+3tPix?d&eI+ATVZ`ztw2rmyA!ND#kT&+8CI+6buvkaFM zuW7>?d?xHIiOfQ!MfmL?2~tiayB*Vjtnf>d7S4d(q0v5B3>*ADePOc9^vabP@$|Z=ArmjV$?I(-*sxXl=(% z%jeq0ar2JoqBb?y*ZKV1^apfn)nx^nBp(X}zC_hRKfL(!iagP-XcT>o)uqpE;Z>G{ zCJPmt$)GN42X=#%!wT3fC@nL$@_yY_ST+RLY#cvb z9ZIN={i!%ur|qghDMi^nC+&5;YCY>V8AhgU$?IxHc&hhSjI*-8RJy-yChOfNhJwBB z6h=SO0%I?{jSJIAGbxX(96jG*7q%F`eomqVcYa2q&jf)*zM!fcnrLdlD`caniTvSx zxe{>iNZo8UeAD|b4g5`-6sQRbB0&HEIGFxd(nR5ZR+`v4{fE`I&bKmI?!M7;;Jhar zw(H%}VNsi&Mait)D3hF5);}={MJZYZ7wZ$plOP$G{k+ktH-7&K+rZV(!FH7il6`ZM zB_>|Ha?u5;02V+N;dnfdMuwpjQo9R;L_}hO7=;FnC2xH038UtQ9OgmN#TLE`C^;7V zumkYGpFjU~Y9_!4=c8Y$+otXrz8e9~-8_$uR5KSEH#SL!Lz4-S1ZjqJ0tnA|HEDX+sU5MLj!dSfFzO+WBC*vcfem+(O-8WU z_k{tTtwD_PwW2%52^lVEugT=Gf--Hq&kx!+aFnAQYK^xa@T0sd`FM)tI1qVo9nl%A zTY?7EEpEvKq`lfsw#Ch_=VRiOS5K-{-gi8_TB&q_cW2nK+(^GTHnloT?|#`EWblrj!b%p=oO%e9MI}NQWl^w{uX#xjCA(h`HFU-ycBiA z2}%hhqy3^K6d>rjE?i8pTOfQ-R22XR-fC0wfgC1?l1JY)b+@-`?FMK``QsVaj*sJ7 z!ti-!pQ3Y#mfL4xA_b{mZX=iT%u5#-f@m{_b68BN8|HrJn=R2a2OW7IY-Mvb@&^~< zYB@E;I@lIY+v9W5;kNvO6p;$!^Ef%D5*2=5E97+&*X%DXnn%`dKga|PT?3fV2pD#W zlG>UNtq^~~>$#={wbr&Hz4rb_4H1l+f=wj3uA=D`O9W-}>UJdW6S^Mj5@$rX}ibvm&f z8cwVlf&pkC;90sQXo%^V3V?LaZCzeO0idFp*t-Z(WfM{`Ibj$Ta{H}HUThZu!*KN9 z6mc{aCdDji+oohAbuSfo7{w)74$IUm1(&gu?jgML?4j^S`Bx0wH?ZG9y8Unx`eDm+ z5p@p9H!$M66lrx)IkQOC7mhTf&7*c)Zk|+3_#l<^zzh}iW37%?`_CQd9lS^m{@z9< zPzT*gtRm!i{`4E2_l4)5iHyPe1M>)uYOlK3&KOsmS1G&^42n@!b}4@rC1%!-G+Dc8 zCN%OOs9m7A;HF~piEtu8JB69Y<3lK7G{GKun^V2&M;+X+^G3_xLMpqqQ&gwe5Q0rR z&J|lR;&bitIxV%8>1IXt(act)nx&T9)I=>zu$H;feZ$w6*5EH3-t1tdXLIweBUn0% z%GR+d;Ox!TyQ}rnjJ0Lg9P2aVjTyFk(5Hz#ZMSRi;O>5NP*wp{5{T( zaL*MPeQ7gIS+|7a84=HS>wYl@su=z>jf-{yG`M%obvns|nf7XdxQb_>Y1|Y#Tfdie zm~ADMU{NaABehy`cyK*-zSpTzks;rAHb`I@^EzhcLUE1+*#c8aYs z7rtDh>akH4*nr%yr192JQ3{rsI6H<+kz-*sf0-KWjr3qPpD7qCp507sY$+T|gxkKJ z`d-_RGAv-0F2FFDr3l?Og;vq;27M#i`CUwL(RO_t%;y z1uJ>c>K>p$w!~(r5WJoN0jI8#C(ncQsu)f6eCuix_j9x|!#fBt#DlKH>o?>}(0Q&pjUp8(t-kYDA{*sBsLv-VS{7xCE=cc}Pb?oGY{j?h*(Z@X>$b2>;q+eOx)hn%xu5&p zMyEe1*LEXA9s1n9s;-o(?yLZITvguVn;*?2G?@%5ZLc*?@p<>$G=K8UWBk$X@?Zdq zYEskWRPb|y7lpTX!pDet($N@m*x<6cBGYY?OX_SgrtM@o>0|S+C^SRsuu0uQA zLU45eqjdi$NcNMhzcEej@BkvF9)7x9a+*G^S1Vq}m_qVYkaj)JWwxHuEVK9dDHYrj z6E5bS-3O5OC$l=1n2u1=lb`A;nqB<*A++0aNBOQ-uVy+f|2FP5-Wvg4?}NW&3d2t^ zg!d0Q z1y7Z_fK~xQ39Vq)V5kB7i$o!Vc!<3}{xs&u!W5~x%g5w}^spj>{U+oTtLitInb>Tj zc zWon3P`>BLKq9aSfqV9a=tv_n$s+sFAI3|jz0FzFgloIc;+Pb<0!vH~=z;l&vKLWTF z^MvvM9;UN5;*lGpVo(OPqEeI62tv+}fRh(J0GJPYWp{rA7)=O_RU$NT2;-d@Q%-uP z<D2>T$8p?1^P_f)4 z1%*A(7@_?sm3w1vUO^#Fds|uZDd5Q@20&kJ6A7t9r? z)uRHU=5v^3XxeW>G zi^uDftNMNO>TmNVmTg0Q{<|B!_FV`6-%h?x1~&HACVD2W-+L73ES>CZ|Eh9FB`R2L zFd&TVyivkk6$KB8UniKDCV`Fu9N7Bu zlDl=4zliQz4u=AB3rpWs zu4n&*-;cWt>+cRW`&+sgFM| zfCTOy%hbNgc+c+~Ow`TZH;%*C;Q8rNoRf8M*yHZ}38)Bdi|O{JQGeu6T&cA+*J}SX zjd|TVmGhts3?)3x!HEDb+%Mi``zvmW*#o#_(}+2~Haz`GoW_xa_K%NX_wPeuGry&; zzxpDz9&n~*-?>x?c)5S zMe@0+DGkP777A0Yw<782@9lGE761#s(wK2ahbD%vGL5&EZpb{Nl2q;HEj<=VA{)(I zOl{9{III96oN4gT&n)3QPXEM7T63AH2-i@WPA z9bCpP4i?#LcaW@@V1Qyn2vrDLH%;}&YrDaysNz9_+SbSUpW@)107|3RUSwP^?@N3zaV3}IY?g8Gx_WoXtmaab2Vi0p5!A2gIqCYeXEW>2>R5U8E z!$hqTg{{0wUz>egv8NzIMjR_uD*JD(*jx8CRyITyp>S>#LNn5AAsGpl_F+{^th+$E zi7??_g-o*xtK^b${^z12%2QBVvc~L&b!=r0Z;ZMn-o|y@z7#<-ld0KAZE|LxMsJXd zXL0L`MiHO~>Q-2rlC|r~25*#B`rcZQD3W#5oaxe4BNC3gnthpD9pY=6neYl^ zu|XEh^`sEa-S9Bi<)=|%^5~i49t0$}*x9DyV*<3ePt^?}y()gj9QG6BefKSe(@?Np z+ta~EBuzu6T~8~~(}cKXYBsmD&P_(abA}yIQ;HE{E2o_D(4Zjf;qged!~>lugYc6) z?YeB<(1<>lwW2I2iv39d_jZQZhE|mO^vYxtZ0nr%(gYhvWhl;yx=U}`5%kV4hL)lg zHJ;LbO}J&$qI9RAy3fskJO=TCrvcKNjK4#u1>OcN%Fu>SS9uznQb-@_Qaqycg6OSj zw&E4UKo*@cuhLttQ#{%LvJI06wf&aSXCr8Qoo&#SJgX@C(7qLGpe!9Pi;m;Pw*7fb5a51^mmkF}vih&NERgKAAgn!jGv z7Y=ldMaSF8`PtIy>K!GmXe(g7mP3Q}A|OBeO`*KFXNZ#iUun;69B4==Xy zU-IZY8dx~QaL0l;3N4YL(*c7Bgp>l?#tqH$;B|Fd+%`xi(sfuRD$U0u;ZAou&@tr5 zsBXzh(19;pUA6P^6<#}!())oXo-=WqQc^&Ja0}DFJ-QyoqTBJpJu9lq?6h!W?cVA; zbmjaKzIce9vlUYh1Ga;G5pGVd2I5f6vo1*Q^?V!Q+|Ksum9Nk8+}Uv=;-~t9ntu1_ z>)6h>V;N2I-6b*HOk9_z;b9LPOs+(-t$p8W?r!0$){GHFkFM%* zeU%;4E;7vS{#qizme^!dFMae|i9nTuJFJglY@xYtU_=&S_Im%f*9Yo0aeU_{{?!eH z1*OlZ_-6=}z?Q{*)PY(b#wCVss`}aXEm-%*@rfI?`Qr+#_w)Ca8da!Vsg(PQnjyId z6u$rve^T^TZTxG2Mlz3%O^}NL-GV6*SPxi0-@V59 zFeGkH4M=JsN?NkcaJ&;uz$7Kbw$4h^xF^JG0-A0Na&Rkh`ln>3rNf}xdv#}XCp#*L z0WQ_;idOKOF~u0xs~U9PX+*NZWX5C#RgFfIwfy!)#G zMhrb&&C}Bln31=Uo*Ozjhwcrp*O8?u+vfp0!LHZa71O;TM;DjJgPIXBpK4nB#%lZb z`-fKCX}1MmzaPya!+ZP2?@9uaF$1hbvQXpI0``6JT@gyZapKMIU6W9fvQEXc_ODvD zyC0!=jhK9IZ|kqvxp}4C-YVWgHxlc*u8T(|c05Ir`khh$?H?yo_*vs4Bm(G*-Kvg2zO|KlR6>(h1p zz5~|J6IV(xnGc#F8yoxp4o)(-Xo zEZF$V(GgP`H^tpM2qjg%Oo&ZPuC$pk87>m@{13Y8<>%D?0W4@9Ti8NHQOoh`bijKbKj31VJAW# z&yqfU!-psg@*mE)9f?3?R}4snJX@2as0uw{ zWAo<_mP%5gr0O;&(o8`;*wi8^Yf#6w_Gmlf3iDvJb!B~xxDw=RpY|t zpbKwx-fogM-!RGS{N`2_&xl6U0vky;uP{^Yt5-4ic+r}s5SU+{xDa0<>C&2y+~NkZ zaX}Mb^Zane)&?o5%8>wIS>U=-g=Xf2li%`C3T3Y|>Fo1_UPVq=TVK+ot5qlvwi`sU z_geO*$SYUU64a|UT9ZJ7bUF2?2L;u%W_DAzYbbVIsBl%McPhi1Q(ag!=$h(;!dY#d zs$Zvl39t@OX%kX6rgPJ5hdF}tArZ_FjGwTj6_6Rr@pCgtlo4&bIT$~d6yK+i8LBET zJ|-hnc0$Eig!&~xb5c+CX=0sdFQt{nyIp4S~gxivozssJeb5;kJyfVBy zALahJ7{4U}HA+pVCC-)bgPgc(rMewId|?vX%LO(?8(O0pxnAd)CiLB+zCW*7F3^Ni z(G{c~m&)ywm?Ea~Rl(m`{c_T#$&JfJsd3Rtwy0{UnpkKL6bpxzN7 zA#^k5&T~ZW0APoU217ib&~a^0vwpNEK}untNbv7>@AzI~;X-nZ zKpfWt;Gi`Of>_HtO0WUC~nH- zPp!HA;=Ff32~^7}M`E3Hrauc+0SzT#NGA|QRgW{n!j@I&Rj6tNYXhfoZ3B`Fh&vSx zi*V3{O<3gPAzY7#@*ParLdHl&Zh@@&fOU3XPZ*eJmqNoV1@j%G6>)Vf8QXP~f`PuG zs?(XvCr?2lvWmA8lc`m6^UcTYj0qiJksltBaxL4QnY9KT`JHHmyQLr(n8t<^-hq!4 z`F}p)VVX|#Ww+Lu!{IZsq@@a~wl1xp5+1SV<_%9?HqoAi*xc6DeOyOO)ezDrifGHV zVwK(SmLcmt#yRQjD6>rl>zg|Gx>QLP7GPp1-Z$R@sTDm5&15*`t+@nI3;eC)$31Qq zWz_iVJ`}dR;<{>Ed;!LfC;Y_24+=iM&n@lcelKqRw)_p5)lRrp4h4W8b7dS;gS9HZST;H296!@_WF2u3!O1D!szGcAUr1kj32&t8?g6u`EanK zAFyxtdw;ur#YyexD)IB~+`97pBU6g+_ui!8UPrOfgYU<~bGBd;o#+z3kXtfxW#5+h z^wv;U#RR8jc909D=!nyd=%6U?3L5|&bE%RQa1th**-}vW>ri-S1Ie!E@u^DfH)!T< zWNfO<$lmRObI;eG-)Gm>)-@exx34X_h$g>*rh2ev3K20%<9lV$3SYNN$ zPll`U^{mYaL#Vph5Obk5<&IWPfe&w}K;~ z7O}^Snv}qW7ayw1VOWNu}OR!PBo`1gclpvRvp|I zC$I0ECFF?d9TTdj9!>(g;Fr)}Cls9tb0890spF!ITZbbSSYMcm(nfrYOrxoa`Ni7g ztRArBI?cTBh7v!2Xmjf>g*~HV z_{O{N06Sw8T)2i&XJVff-s~xWN~0B=lG<|=fJ9=`)fwX~Ge4K0dwGm#UeUlmzI+kd zu}j2m^C$>ZnjX`rMLT=S&hK&}gS$VNatn4rt1l;RYNck?)+-u~)P*S3d!=!o7gR25 z1L@NiV?wS$vY2-=hK6EZH@EqXkBoJhnstM&$s$i-Eg7TGN7j2Pd;J5}3Cos4=z2)i zBRGTjwoQw(A4yyf@emeJB6J;1AS|R_pIgZ?teA7%vDBH=gy99us4e9g8JR)yTLRuP zR5ZGI#77B&0DfZE2t{8$8f%@j)WTP%U)lA7DEx`)(E z&=Qs_HhY7hnb63fVg_6BiDpUXs#Q$ni!BEdxb4Zm4!Kf|&c2bpK6JPg?*UXs+>wY9 zr>5N;=SpHCE2>$ee z4oMAVq(_vRXXdq824rSnWw^`MjUly=8i#OFPrX&<4h!pBFm zYyDSS_`ITEpq~g2G8E3t$Eb`itBT#MBW8c)#wXtwKeq80#3w4h|F}1?YHX}(vyD2e z?lbh;-XF+r*(S4It){2}rDUh-^8`y@{jsCZ6G74a1t@gIk*3tbDzhI*M!qm_ZpHSN z5n%iw+Ss`2!P_$QF*}vbs+zl1w}vWw>}U~rzD&H79qJ-z-BUk3p(TlqS!aE9Emwm& z_P`uS48`~Sxf_wBJF1Zghq4hPKSV*GRp_|J<+6Y(Z~awv%`>XIs>KIja(~2EICwVZ z+s)zkJo8r@f?12X{_2}2y8k6l$o@G`{#HVz{XR7I?-wS{$$PR^Y%n8wL!56o$Quq> z(kNvFab#OOgP2Lp^KB31v?y0+isxxR1<%LbWHhn za6Qk=yqRdo(1)f@f!MuG9X*CFcm z{GmB}*CAc5WU0|(>+9Ct{pT%T(DSq1y+cR(?#u5#o*7@7tQBV-y0V#&G2mbIU)|aI zyw@kS8+<%Ax~dB=f7;V+tNkWVwn{HsLPJ9#b5s{{`}r}aj-!YmIf(}`ASglmvLJpq z(gxC!V{kA)2@R=F=t~(eLPoG$v>Pg$|At|*6qWL*#wZXl(<)H6f=Vm(RJN`?LQ)0n zOZq|5s0cp7Nex&~g^Y%H`XDW6sp9a|EqPH<_tt@{OlNQV|JD#L+fUfC^cKJPm_+S_@}E=sh3V(K z$k+8p^^;C@9$4GM(DKPZ1Q^B%428)(ZwSM-tr|~zl4pE&{08l+ZUUX~vaD`=s$H&p zw%=T;T((cU#@84Q`5Ynv8Q(fGpjb=KyucZObN(U?eEDFyxKEu2TY4%3nv}f&I6aiEo zc60E>v`alth;h5k#u=s8=;n{73o;SzNauFz#0rs=X5RMo8e=(}p#4aZoy@p1z#S|j zO-A=<T{1xzF?bV1B) z1qDAKHBzbRtXU9ieVtxC_JxRydn6|?b1a zQV*XJSb(%VC*-x`aFi{FtgSJ4`s9Og3!b0L5KyWxV|9*cLEOVV%i2Iwkqs3Sy>OZq z-o-qz;{0(*WnHn%R?o5W8n$@;Uko#Dne@i8xNZ`nq^tnaA=3T(48e91woNZIdsjY>qyJ;9eZNVpURS%j0efUQiXS} zH^!Ix4$nJMz!f7e?-f|;Jie34Su(GFNpJ)h|3Na#uYo$2`Og)zhM)3BRB3spBM-5| z`a$Df`thdAp`~Q3B=%Ab@bEsIf}h(C=Q`4z1CIhpkTg$o%ht_aUD#*2kqZ0?i+t2q zSvU>P;IWMI1WpiWSG~@tx~$R3Ft)wE_O1oXQP;^p3I&d5*>za1=k2`wu+qI_TT_I) z%uuRo>b)v{83Lb8f?IFHIVTv(` zFrY!CNjcqx6g?VCm@HRb0d_*5Bq%A9jwFj=!{dfC1F5#?o9-XTl#yTyk8I5fV$kqE`QW9cLp=J#C?m9n<%7=h+@( zCWw%!=Ood9%~WJ{p(qGB0<-aJ(+zvked>;#hK%M=vhCu?&kH!7b0pH2`Oa)k`@%>7e zFG|dq80c1CD{nTgqx&O7A*p7m%UfU3g(ffb^!Ks|_^uELIkei+{Y^SE!gC0C@yi-5 zriaJ}?vI;&#<}j(QhNXpF8shJmJeN1X7!R?(*sVP)kI4wbL8-a!r5YdW|j)A5#M)b zoAJE=i?4Ht(nJZeaOst8+qP}}#V)(cwr$(CZQHhO+n(OcZqDp-pBWK(BJTa7#&k*J zvi)(%Di#AkmZb#6Z!eH}zW+H^=-+pwr;j47o~}sfxQ=FQ6zp2CtyguG9U<@aNLJCJ zm`uCRZAMNeaCf{zL{v$HX@LUXn3K~uc4N4q!z5j8=j0#ETcx+sRzc~M#Z513{RdC( zjX&kRo5I*q|372Bw6KA1(gzfc(RIhN*qS<5|8zMDz05xyllTsFJTJUF-s35qCB*!; z-nY=S#$qj%)F_xztKY=2cj%Dv5=#+XW79}Ad{zT=(=h&R;Cgk^;ve(@_^l+uo+!!BQ6eJ{pGosO`lC+OT=7`D7|yVa~J*M^&RWA+#o13zihr;vmI{W7^RzY_SJP zU%eFtq_s|o-j+PSHV)!C0k=v!-LvLU9;gs?C9GLZ1oj{`6>!>`$Jj&ommtf4{I%x5 z-1GX#h1$tLQcE4pVG*^Sh}GObUj`FUKF+ZZ-Z!nnG)EkAG)BG?3{B_~W}8}+`kOMz z@jkc4o36B~#`)23zpTH+W7Qo2n9o44!xt-C*va@x(#y9a5gZ*s5tk=mpREz0E3!}3 za_}eWVhBFDq~l1J8Mt5i!Ks42btk}&ZzGz4Us8W{u;%#x!|g;g16CDgbVp-fMI+Dv zD`g4N{V;)3V}%d8rgeHb`%I)-kTumnR^w~mb$RDn31A7FK6cxEqdk?dnrRSAbW_zMVS*TkKU}rV6$BeRKO?;52n2;CU z=l3M}Sbn81oA+g@dk%&n62QtYCyq`hyFCVb|3tt+=s-TUb_mK$)O@N*?)^E)ae<2; zj}+cd=m|ft_nXu`S%YJvZR_rknX{taTiCJfo@N;03=VEC0LEiT5oimo(YKuXCHA;?>nGne^hki4vTEm8B|jTglP;ZIVIVtWtCc=vEf!x;P@lpf>J!%K8Revhh4F3lq>qhYXSD z6-c|hlvrbM>N->cuD`OO0PdYTAyiW@H=9X9;=lX|<|(w?qz`%wChj=bS_2VAG>y}7 zLo^Y<6e=b`@6k+u4E@R`)i=0WCV}4L9h3Y zuYH>l3e&gNWw4@EvFa{3%iOOIza~u-Nsf?))ToGY?9VWO4uCE#?IHiL|rpr@u z+bK@)wp6H=-WPOu$l&s&p{?;8#O40(s^8QKk4j*SFS;zWWOd8;^~qmkN4qX}@cNK= z%nB~4fget-jlLCtB3>^>MC%8xCL3{5doZT%D!cA4JGwIK{|9f>W3`U@v74VhXO1;w zEMzXqy3_8^*yHuxMpaIKf+5HMpGlI51qGn(2IWgPO&mGPWwg;CzW4b+eE)-PXHEzT zDUMUUc0e0XOM!YiZ3MPB7vhG&7kwi&!O$DBpocmw=c)JNlkY;NSRjb9;}BSp0d2^+ zJ{p-cuK;~gq7k&6^9-E>^7M|zZ13I>tA0R^^+{EWPIRt2Ep(#~FGW#A2!bq= z3NE9`qYn~P&uLU!EIn+_dWwJh=DQc_R|fh7NZY+tAiI*EKle?Cz5a`14ztDIx^Q_R zh}0*;2|+9;N)1&q$5W&sR+}6GRd^^AYB(B?cglw8_^(xtn^(irX{|w}_buqS zP6{}sBt5!^8e(5-ncom~?qIjK38kBLQk(rBU94V$FPI=wVS=kGzQ4HY`0K>~A-g8d zlU3cqF_QC2E{4Sor4FPw%mlcscIUB;#F?eT;cxRB|vmL>Wk1Q3J>URiuUBXdcm|hO< zgVOl^G+afNmZCdFASJ|64RokMKf&Om5?WOL;dZmCk8s{hOr%~~F>i$gJN&WLXy8vC zgB+>Gf+B;6w#NC}!p)NewdY{}a`W~v%)&I$HpFTrxwp7L`(#w+fMaG{wM1<|{b+s# zN0V@^WsTMw&8UbMdI|%a8CpLPnjso8w~G5aHQJ&HvyuKcQK9V(%#JJC?2~V0z@9S^U+?Xuu-L7+Jnlb`Hr#ot?=Ke`$QQ-i265n2H-8}f%Yu|b zy-O5T;(%>DZjcd`CG47-*gKu>4}X{tXjhIv;y;q_Hc6AEL^$YuarJs%(0_(%`xI2Q z>0G_2Y6BC_Q6@*NzQODyn-49(a)qQ`MXHI)DNQIjaEH6*DdZtYO*kID7jFAQwHS3O zk%`hv-^t{#UiHG(qEAO2#B!yN3Lu{Mrv?^{Wwwxh_bim*TiUT$xltR^^*l{d=^^-FyrptkC{D`hqShhGIA3J7BJo;7%b~ZV zzyFZjFe=nc5{SNy#@L5}bxv*vFm2nJEt$0x>e#H}}Jbn4SI#c573PQPgD$f3+2 z6Of;tiW8rIlV&Z|qlQ0ra>?bybY^&Tw{0s<;I0kFN$4enY4ogljqH5XZxW(D=)Y9u ziqyXd?VAeO(QDxRixBgZuVe&2qNU{EwU2jtqvTKJIZlAb@G@0V&!$PWBXr@ z^5|G^%fK^Np#Ox+PAc6FaXq@J9L*OzaCO0O26&9ua|Yl55SWqEjOuc9^(eypb3BtQ z+Bdfq=>QbU3v=AaeGD8g&yNv~fk;Vf``>=RO|Z7uEKe2Cebk~ry+=)FtbglreB8Ez z2}T;5GZwDp%}(r2nAprDCvV@BbNax$+H)~tr4yI8UPT=^0s^>Dn!7JphYk;C1~p z>Owm%Lp6F$afxNN8_zep&I9vJs;o+TzE$ciQA!j) zY3q4Et^>x|7@+q<8JAcSy`WT_)w`*2UGb;ThN6z?J}`5WNFZ^Wcya!gb&Q0GZ+ul^ z!ay!kT}Jp^XC%Od+_m-fyM8`56Bd#%Ez@KEn!_{ceCm;3k1T(}%0ScD#QcxS(TM&I zIJ+FPZBR#AU_OsEhGhe(D^!jO21$gE^AJl4>GF*V!2a_&v$ADHggt7=T%{JNH`Q1&b@ z&BTPQv!y8&@{}bhLP9%l73&aW^DGuh928n zNpX+H-u1bVJ5lHG==YO6uZz z$@nv&eRmiPf;r<;@!|fO>{Wg~a7>7!2QIg*pUpeF;^B)pDSI$Eg~nWU*Duw&;(Y)f z;~4$4s!T&Iz6bQqIJot#qV^qkb%v+@ zy1{CSh!p^wa6>XCO9;BN8kjjigc%PjOMS7PflM$}}Gwt}&hYA}rozYr+cw`*bO8&7Zm2*e`f?ls4Z8HLmRA^ z184|Y{<%KxQ`WL6%PF0-5JdnV%lDR$Y<79X$JS!qdnQ?)8!Ymfu8uQohJQbF2ye=V zpLX1w?BRdr`Z?0*q<;4hQgSuOyTS6FQakkwcg*a>8qlWDGhF6(^{CUNPR=34PYK+t z=x>i2#@gC<;6hDie||O{xYj&Yhu#1Li@9#jSLqUil?fY^?TcZpH(NbB)XnTXd8EYH zR*4Q=@6XvoQ#)APKAt^~vde|HVm$e^MrULQliu;a<`|3n$N4%P6A(x#2sY>F`L!e4 ze$k}DluI9VmkO`#kuozLFbL_Fb(Gl~ug}r^;T2!M7Mi;a5s_gWQ8Vf)qdcF3-^Eog zg6iMT*TMYp=RfaSR4u@ujDM!W`a6opJdI*q7!4(5O+NR_v zMUCW~doU9jHBefp*NrF5G!Kc_|C^G~H3K4Td;cSzABtn;HI9}4K~{b>{k?@fq^oU$ zg2XxU`ZOD9<0BX4{|UrxSJ!*03}Q(3+8Bb?pSY7zGL`vmDgZPF@7yT}Jq|*OQeDY`?cFrbL}a?&yqYV_@Ga+I*%5L3gNwl8 zie6NO;xGv662!BZSCo|O+jMyV3ko{=hX1R0d2$-`XCqD&w#^YOV=JB|G%7VT2ggTB z=?Gij-#|_Vw$chWrUqXRvZT&>U~CXR>vgiq?`P7m$&LPyUzYm5li_mQFJ30_}yMz_BOJ2D6)Z_o0{+I<+f{V1$Z-8 z$B~7zG*mj1aUXZAhGDlzx+h<%VGV*CcRfoErQ@)-*ARGZC@TRVLm)}?k+)U6l*(fp z#idM@&s)xj7!sb= zo2J}B5=elai)GdF1fB0t4ugCoUJ8v+YRO=;;FeeVTO^#(L(XKNPVam&Tv#!^oCoSq z_I?PT`|FbiuC}1)HVF2w@(xm3)x#z!YW-bU;AAT~8}&p}sAqmqBS}mfeX7KN_HDgf zxe}AMW@zCOjrSvU<_|m5-*t2UDd|JQLhc)9M06_wFOM@oq0nBReo4%OkmAou$!0Mp zuB7|(K9NrWA}Yh{qRNbXziZmh4;F#f?hHpjgxu|_DrQ?H2IePmLM?G2wdFGT-=&ye z-$X6#+WE4$l*X8Zox2_94*h`yXmm^)a9`vZ!-)^w_K7M1Y*vxzV)` zLWS#d&)2?x?pk$jdHjcev10^-7;T;%sYCA7o1c|#`V`y)0@2o<={3$aiv&w^GZ@=SGP888B#L(3W>ddH3qhOQ(2aFl_ph`V~ zG6k(AbZ14CYho{@{}6Id*~5%Wd*lRexr~*{ z&kV|@!r^epUSnx~RQs@Wn*75ceYItTc>g`P32dbaaFwC>4IWvnD!(45IO2lRub_@r zWZCER*x&w;tV6_yv)rgemw<4+8jqn$ii8!67mMS*;MDnqwh`vEk_#%dWNex_!m?f+ zO(Yb+vax?&Cz0H0GE(@T)l{F2kASt}9*WD6vZ~Qi>it{?kuAN#U~VD&Ko6x8ed#x5 zP*);5c7`^X)@e?Rh`N3sqHJjYu>xQKPoDJjAw~|(dS=@LSZh*#W5$RZ|CSnk@Ie;j z&7qtTJ$n#?MQ?=kezASHH^jI-D&eWEGSP(rwB+8`6}X^zN2Ay0tuYbfT<>2WhkZ(TzcY`VXqT0LIzuP}rx85b{8 z*j4J2xX}p3b`j_{Xt_J_B*akB=;2-vpC$6}L65;S{o_MHO$jFy$lHS%?gm_!z-B7!jh7=pP%S@`YnSdnPBqcaR4>q?IJUh6Q< z`%2Qrh@%&qy;$HnsqLR*Ff0>`_hTk0M3&6w>Kig4gPV88dVZCeqGwqqF#U z^mn3OChQDR1BDVcq`^T^b%Xa$)gJ;neJv*v**aNrgo~5YCK-p~eMD*}@oFZv})cU_WSizQRofb+Rdr>;FIin^g#ou`$W zv^n0JY2%Hwh8+YZ*J8bPnXYHvI!~XA5_6ZC(mRu&Hi=9EYfA$_wp{>|x2VV0d*Yrre6w>wQsWAP zp1FXx_KKG4cSplXurQmc@xJJEHLpFM?DVLnz(T%CUeX0t& zI4G=jrHL4;*Hc;Nn3RsI0E;meWUo&=i4{_p?h%*8Mu*3VlxG6vmm%RWqGJN?wJE#L zK8qNx?R!wmWirSZB^-kU`=1fPQ?69y0KdhEsq@%5JuYPysrvmskR5!V=87iCre*`9 zdcUv(h3Uoce4mbu{MwAi5M@<4|HSmap?`-_Ps%34onSr5ai1qek*A%V07)a;0#F;*vTwImM=i#l_9}qX8jB* z?jN-poRJ`yI7nn*VI>Uy3J(f?6AA2){4!)VuU?j$u5Kxz9Kd_0E(tUpD@adK-NbFk z_3y{czq&aJHGZ-b|q3t-Jhh~LsOC@o4^|7k91CbGLg_;H*YJL?MHS%L*mNL4e zrxF-D&#SSa-O5d;XcjH-7+{EqZYP#FhLCSYxT(Bj-OtP}mwpH#-NsA1-xmP29Fm$M zh3qge8|3RH1QnNbRthg8)V}{az}*cs6l!4Mf#SkyY)p4 zUloshCAmFSB|gek$kAjcj2a-@)cZ6-9eJt-9qEyF{}p4eOHXyri2P2AhaWf9`V-wM zI=&z$Bq)eq&Wgg>=5>qbpaU|0n(jT(o6}4oCfqwa((k(UvDOeeAYfu-TP=d6+D6`AG@7KRto?g@ z3%=q=7Z$&Z`|e~<<5Mj9&rBxty4*Tk{xG6;s;RbW2B*F^_hvC%vf?`s?Ry!_d~b@;PM*{3b3}$pMxs~ zchrfsz{HLZHqCm)L4UklYx27#bJ&&Q;yJ9=3jDkTLz&MOb&meEl1aIvE^snotxp#m z!EOY$fb`KeC&v7E^#)pB-L4V6=Mo&4!&*+jzb8@&^MQs-x)u{*{Ae+l$2ysaWtN!q2P`I|v4cMSE* z__P53bw-xV@YF=8>m%Zdm8M}QvGo>Mm^C7Ej*|Sv>;5+RDG%jdQKr`HA)(tzKm)!q z6vMvgn&4(;RPc6sbhavZ7d32iym(0+CJEx~ z&@t8GMW}>o^BOhA&a5b$_NP@s$YtKKYFh@7VTYxpz}k4HJ*Pdbu?%^jI=s~~1pmt1 z3tAQ672F2%=HKs#*hwQ8ws$W}QWW1#19p!8^z<*DNLHe9A1dr>^#X8<2ZJ4He%S;g z)a$LsjU~FqJ9^Et!-((Mu+}nGc2xgKjmFVLj7X>W5Z}jXAZ4dy03i1!6;0=nj`EYs z$Uj8u-@-pjEwR*tgHcN5baKZkD~c8V79CgT4P3`VR~|zW+=rdIbi?HR@YEB$-kG{m z>A|xeL3bGl<0o@4nK$LF&l|eT4s{09azn=EaG6tKUs}M(NwmOTve8}{+(HkZH#1v< zTZjn%(&_%x{=Qp|=kxD0QYab}e9qo?uHlgBoj@6Vvl2(tL_p_@Qp#Q z=+E&9R;|o)mfrnUHvGyFX~5Cq(=JTLW-*R^}u&b8yf|qxNqx;bn68Vy`sA zVkNUp>RIgH{Qn*#wLyH*Jj#>~&?u72ZF@Cw-i-`eaDu4)r4}1Z8Wl>q8rZOcw|EZz zvkHZY6MYcHUO2sM<*5lBrED2q_s%h~(1&Mqm(;Lf$trn=fMg@plR^8r|AfAG4|#IC z&0i1!XkD9ESsD)R8bg{48z>!usdgt^^xUjxt9Dlr1$tm?5PuvBkri1o8s8}VXH*1E z|I2e-CupEFY3dHLd*bFG~;?Pk=eGq+UvljiZUlF)Wd$7Ea*l$_+gfY5bcpYU1M@f%vZI zY|d~k-uDx8Cm0x*^AFIBk(8rl>d}t{+lwind9=2RxXEROvUvbNLGG4h=a+9RC zR}vFe=>hHUqGzijpN}fImuUI4rnj6cMZu1Bz`mIIFnol&KKX}ex}6coeWMUM@lkSu zXLeuT$h>zP{JoAJ;KNfudc&V(%PyNAJrf|j6e`Fe1hEp=U9y)?b#{MlG@6{Z*ht|g z`8|m-JqG~wX1L&9AP+U~`N*4o35nO;BIljze`3zhs8}qvLXhDx*gEjO*fbEjJv%}3 zLG@=b1JWILapOu}{%!ezfk6L~urX_hp(4qSM~I-asApN%nD{f4vaFOomFE3i>fNRjjG+#L0`Bpflm^-D>8 zGh~$_v83i%cyXTRR#H}-B>-_P5*CdIJ=JACd=-DGd*Dhne=xzTQw=6C1+~6Cs59)%`JE%A|+)izCUmeTezN0Ejvb;H{vynm>zu}buKO$X;0|QhaYfwAQk687T0<}K;#nQec{-za z>N>Mj)8$QX-cFqH{JJy@Y-k7_xNCN)Cb^(UuTX6e+8CjH>M1OM+_99WHM#*CIkmqt z0%KcK{W75#3vFk#nK4mUi9C&SL9p;mI*LCZCuv) z>Z#YW61RHrUx>mBJbv`n!0{}!h4{^yH0qp{!M1aOcD@R0Y!+(PgdxtP8+N{vC-7d9 zmRGl8%d0#4q#Y*hwr_S#+9?DU2EBZ5s>BLkm(DlC=};(bA5ErsPm7wI?OEf&a48qR~||#Sk1Yz)*(^R>phl%)z;4%CoE5WW9ox9scTQ zep$--{g*3Dz1uD^9jm5U-WmU`C_ie*#8tYMtH`yO2LyiyM}yssJTDq~KiA;%ibEmU zxkEOrxZtU7qMpN=Ooa0(*CO6F#8AsFkVgsCJkv1Fez(Zud7Z>!Cre zWWqu#kjTpMQj7Dea7n4JzO#hL`{mIq`Qz~Y`C5%70>0-5Z#?b4daZBpvYzCtSgTeI zS3#=O7Dzo?&cZSJqVQ0^@4vbf!CAGjII^;TX{B4q$X?(776IgA+Hv_l5LWp|X#4WB zTnDxMTp$3oV#+z;3h0b4t7pPrr4t76Wp`J{=j}q~!(dl} z^&3K+m8yUJ_ zNbx`za*PkRy6z$psbc;q{HTY~^YIE-{65R~^5g-G>F~=4U3oNJ-?e+=%PnmG-p<9) zxcqhbQHVC|wM#jD$%V5qWAkmhn-!V#ZJWZ4Ust zk!$+Tb8Pv6Gs;Z`(>;yjoa@C7E;n=?eNw8ZCc#7i;Yy^zs|GC#I9KnG@1C|s#gsTt z6rD2*!kf_x-5l~Bjc?r&FR(z&4NZ20pW${B%o!P|jZSRR<{4B*aj_H}s*$Hh+ zPhe{|`ec2TqE}2JUaHUe3V%3uQT5LOyPM3A>N4e;{ewc3OzC+N8*M#@5D?MIL;R`q z^3)?c_qm?em0z3dvXaI+!0qThQgtB1U~|3->Cc;wy-O*)kWkTNh2)(q&t2w}DZ}-r z;aa<1C)K=MbR_P!GyXV6KBTeW~7)7V})7hT(CC8PoboymLn&-1?Q!;}PYSr&Mq@MOh>+idl3 z*-{>qc+|64PA8pqy>XmcZ0J;l6JlTIPI`=He$LT7sh#{}a4P@+m&FGyzBk8BcJJP? zYlfjCaEq1-o?2Tba{YNQzxrIQsXpiFT%of(mn$hzdgdnxL4V5cUAeqJ!ET&_wPoMh zxRX&MO+d`6=r3Z!V)rhs@y&1>B~Dw0muDIY)RAK9Ns$(&Jqt%X)uQG)hS&yCxhr2| zvf6%RXcOHr{xI$O1N8nbw1j=ifI>pka28FnWnceyxa9?o6*O~e(P4`(!g5+F<6NKV zOy)FjYMC(fqedEYB;ywi6FSlo-lL(5#a_VJH-}^%BY5&`slhr<3_O)xHtL*Bp9!2T zz@FGWft+9`AY~0@rhGWw8?hU{qIgSr^0^dp!1_5!?-%=*&(KTup|ZvaH?=BN{8r|5 z#MAM(%&q#(GZXM0K&GA8f)l;90l7Fq&MxJ1>>$w4;&%p3*H@% z_~$6zCR?90mi9lBr99l?uS{w#UH9bIbuUfs5O3;Q0s8goQ}OG5XO{&h@zP@9m&X}=sP8N` z;n&OAAr2dlQ}U^ovf(V|{?8Ucga^mLG{2KDY6hUC+xfMQ zz{1Y_52@T?)he@uVX0wfS3zg9rRi4sW>Wn8^_or`#}9uGMsnp>k=H?=-Njt+x_Rkk zsAQb2NmVYKW58=)d%Iy?un(0BO8UKvIL&r78bFX@koydsY^Y6dZaqGIOxxi0 z8}GJrjp$8_#EK+Tksba(@hd!Yq+M8g4JkmC;(CD;fUiBdxbfB{WCODLR(Gu2;(S~6 zzmHq(&=#{ljtk9{xNX^AgKq6>lLB97n|(Y!AvCFJTBwfh@r%B@$QuLws6)?SF>9ze z<0rJQXIy&Uz%Pz<>!-flOtqEeCXK>Oj6@oQNaOLlg=N~e_agPldz8}SQ)sH9+j0W# ze-!mJltK=ES~<8H#SfsZ2~o!}>3sWk2|~H(WZb2AT zwT;+qwU`(ao4ZBLydNz1hcL*9KYHsT%ZKwUuNJjlS`%=^Ss~&dsZ-Lw$TTPIF7MQz zCVYshF%H05v+b}Lw{7`eVtk$%H=}v)G5$wB8*#gWc`PRHfmrys9mSR7X_;K6r5H^H z8UnZ5X2koPM@bPOz7KMiQcZ&Gexwogo{m;i7mJ+f!mZu;BFCp)!DR*+WrwyYSoWr< z>EppeHf)810=l{vlvema`Xp>@cYK<|Obd(~Crfm%|AXF-zdLV^m(ZQc&7)2Q(Jz?e zW(O?XoDMcZQ7VOOV~hNKLL9NSQY{h%<{7pCxd(O=*(L)5<%S_sHVx9;o1S|oxU_|e z2}BcP$L+IFE|HnKQ+~TA*&ezU3;k+3E7#cpBE_x*ROWdxgmurxo$=>nB0{kKYH)=H zJGMfoZQz%C@a(kvM5LTq|Ct}qs`(ggHRc6Q$TastLzucF2&uY+Z#9qaN5x|02B<6z zGyMru%BRbs?6(F-oIAv@ZcHV_IsZ0$xm?N#WBf!ruU~z);u09 zv;%HOnO!#wi^@SMM^@5zQrQsni?1)%9-%~$VSM8Ik6hmPxtQ{z+GFTh4Ul|;euMcJ z3peLs<`CAKM_z~*nUE=2rEJpF;b5L&$GZ96%Gx^kD5Gz5h4N1lO(A-G?uG@eVfuX% z{udGjGi)#ofFT`J&`iTtCU#GTt>ZR3#DL*L=8iB;5u+Y`(I$A%a4@94PVLnmrBsku5gMz+b#{+jj^#gOuG)haLn^&D zPdU65enD!TSEHRNJU^=$W!J&D_l&tU%BdU~g$7n|f_`pOVmj5gj@@lRi#qc+NruEP z74@Q}k;MOL!1y|_I?sOCH>VmZ$PQHld%s_wM)EgTT;Q=R;(Et$W;0-Zb}?G$gB);Q z!DS@41Z=-x$VJ^##mtX5S2ZEPG)qV;1`_L8jD6DZSczbW>NqGzl%^Qioi(N`vv+@{ zWOIxYLw%O(k137l?8l#N)|>-hg3hFaSd4=w-V6_^~kl-gSf^rY=Gd9acxK_YndWWkBj{ zZF)7DNDlXD4X*#KY;vZ{-VblBp^*n+L`?DRk;TOM3XKjj-~nm3GQkE#+Hj)N*9m6- zua&JyYmYZ}RnUL{B);^%rSo!5xB`^(L2k3-b=(uug!Qo0zIks!eqI5tR^H*w;A2Gi1eV{v5#I-gV4=W@Bn#%a= z&V35#iLokE7*|zg?yTcM{fIDw>H!LZS??uK^0;mrqZ;6X%l=8&VZ2o0%^_8Z-oa-Y zT9FIXll&AA+!4mU)3MVtWx&7Qy(v;hg z#Ao7O!i-ao$Up6ZOL()Bu${7EE&%u3SaI3M%uQlAl}b=uq%YS*bWoW4+v{N&^|{o^ z=2eH*PL`*Z^{GZ~8qdH)o);iVE2@Jx#n1401(_!;W_1&$lE*ATXF8>&_Sf*#=KCn{bG=VyM*@}jfXmbSmlJa@^ClpJwy0-5Fzji$zT>|1=Q z)uQ{hyo1vL>(#8cZ+!}Be_sO9K!x*Q=_N!~M@Y`QH0SW6s*qlA);ebqY9K`94;2(+ zip}wgRRy6IK-E=3!+UJMN8EIqhaK%bzD!(K;h5QwtN858bI)$hfgz)a|Rsdw=>?C zYR~IRXc^nm`RbZ^mitAze`uwXlq&r)rFca(Xq2gf`IL1ySyV?^hrE#PjZaLLH<8&j zMb%)_2nwYhfd70w7QX^-n9~SR1J0m@W@`&$^6au(buW3!ksxuzy!9G1Q{GiZO3_{T&Cq0b;XVxS2xOGqBnHzGlrt znDMNO=>7OtW{jsSgJ^7xC6q>NlIPR(^r&a!D^r-JdNg!(SEV9oq%pyCm+#UdbGe~S z(=%0IKYfv;wD|(^CFcn)*{KjQk_W{xIXSJYWj4=t(gRhIL)ExMC2`1m+2?xTD8ZJ= zo4!ACLL||)l5=G~tMU3DO_v^ZInUEwbB>zaQAs$ixQFsv2?UAWR&0u8Z_M^?=KGD! zLaih1%bcP;OzDonBbjYWd8^eI*gCHD?}NvV+ba89k_zYC%Tps4+6_0k-#ARktZo#B zIZ7`#CoddMGpqey@u<3e&OhLRaM;#+%o<_OU1rl3M&tC=Jey}T57t$z!+do! zo(%&LNxyc5`XB4Ri(-?x0h66POue(?KZgvtl0DLRaGJ=R>3XErevv%_z>fW)X(DLP z<2XBAB;nqX1J3&&D#NyQIK*68pGmP6yj0K`7U=h%9oAyw#IO^D6UeM>3u#ua5(C2VG(V`jqi*ih_*?`*Eisn37Y|hnv zP%LfPRrl={ef3EfC~=uIaHxA`s#j1Eb^<#(^d zmKXC5ytFIEfTVSD?aJaUZ1zT?qjbNau36Cz+oPIWT#!G}oTe1%hQu@(>2D1I=^-oA zf8ECu7abK)Vmd_<9osG&797^@AoM9)+Ws?9D zXP;9HLs7|Y@d~OG6K2)Sft%$qa7o+djNS$xNRYDppS8Pl%PZH%RRxDEs8tq>v<8)9 zzop&~#v>@#$F?@q@$H7g8e?zru{BPb{MK;#!CbL{)EUC?LJ?co@R`)Ior+{)g3N=k z-s7P%rm>xLc*m~Q?v=QF=&NRngUNT56x|m$vfQ7QWceWPPr=g)j$Ff(Fq;f#kQ&?E z=_l1~gG2;I+A*9Zt$yOGE5fo8#uutqIpwi^_%hUDc!}n2)E}G!yUa54hg*v&w9)BXDZrv@(m|-J z8{tKgt>Hw&xfQ!rn^ATMc*DE9VHfO&2oD2Jrt!?oE;E?`LLX`ACibpF&PE+lOzaLB zDUBk7ijTL+|Chtq^7y-Ux za_h-HNipRi8Co+z06rUYzYVC{e4f$~PFP@D;niU5OaqoN-Y@)0G_QX*g|)GlSYpCB zry_Sb6Pq|X-?D?>su0>gGiThlV$r)uRvVOk>`Q_RYy6u|E7?nDMe&p<2W0EPeDjb^ z2@1VTGcs_b=B>&{p9zm0?TR_yj?tibiMi3lXLD<#$&1S1718AL__uo zLcQ8x-%0L{c1d*Ix1LY7hx1!z*B9t;;LXnD`V8Xif&nir+V)S7p)*Zr*&a}QxR+Mj z%xK!fboaAc_?eL;+#oR#6t^ zglEz*>2yr+m~qnqs{8mvRk+i#$54XkDqyk{eQ_$VkeFC^?x89#kc3?G!h)QBM`t!F z)kV903GjM#Q@ZAOGX1-K3-cutd8ATZ-7Rn`$39Q#ufY|?Q!wL>CT z&hfkA936=S1`9iT_OUq2IZMDj-JmP$SP9zeg3*fa^B9tUF0Vf0FsmMSmLzb?M%G!f;{T6boq^xw48u#mE76hjW%K2&HfbK_y? zV>sz33nR+aF(?#AjDJ7?Wu`liv_28&E|ePqdBtUjs@hwOKQrSv$_ghWkpu--w2A5M z&U?a79B;qlZKg9fj{?c#90EN6?Yqw8R!|4pyY4(q^IsU|i>c_dx@87aMk{#DHN^#V zFlT2i&kWh0=K0R;@hSbW{$sx_g8;={lnEShs&J~xMK95XChV(0+)57)oeyW9; z;$fWO#O^gewH}6EebYTB1O_@KoSim6iGFZ?Soa9xc59VJrG-l4D0(&>^;wN*eQRGG zv5;5)8M>+B=gYOH{J6-tKi-Uc?>_g#Db5n0`$U7245~kkn|uE>O$gBqZhUYa(dt zcl&van6VVyDM>IrBrbRez~bt3)xJBy-Tky8$5yXT)XK1EMZv9{%6pN>wldtzm19rW zZj$NikOmJx{zw?Vs&MqF6ZyNx?29{4Dvxt3zaY?Fj%Ui=PcYW^$>UqD0?(`2;lSp6 zT{N3~uGP!)DB>$MfHKD7^@%)7uZGf>XqFFA-=VbB1;wv!-hz)9efpme%Q_lu71xr8 zuD@N(n3NidAd%)-zIgmaVZq6DN>_rXCr35_o{l$-H^XS=fY)G6M6mdYjc($Da5ZJc zyZ~$UG87H8$2IpB3=8!>5BKa~o}(H5{8HGBSRQ1|jfG#pMj7XHj#+O2U>a)M@`OBF$=mJpKG`~`YttN`Ps z7j;uc2BYf1H!1}6$ba{Q`qJ64(!a zl&$7%U?iG>eKvVxr~L|##qLN8~?)pFRNxe6KO+A90(|1>i=Wa5d7ajssD42 zg_Y8@%_bvk&m|S4UMQz-fOA^yv>zH~2uL@B0;(n%b^QOVO=J1Vd36)s{t@x@>-q6_ zVw$?OK%g5KCn*N{Y0hr-jh?9w*~yQvA455oc5Vz|IzBC_?g`< z!RBAX7aOUxuVv(TGNJSd+v=Hjl0wa=-dw!PrB=>zeoCkDuM}@_E6)u-KQm4HzTxNB zA3TmW0@YV8t@E+_dgGo^&t}QJDo(nLVh`BP3LT$hxZk@<`n85nq|iqB|602g1MMW$ z_bgX3xpY4x{pK{T2SzDhzq{M^F*aNd5q4<5`!>RQ^%JeddWxI&dCgC&3tfKY|+;pIzmsL{VBiGRI&1F!TIG| z@?@^9eq8m{GoJt7X+yTl-U{Wn(t2t){M_^QWtH0M-+Wef^*b8eIT>T;WrhnB+WSOn z?>{P|-0?mmY=7YnWv19k97ks9T3_LQJkN6D{|CU~^_3CTr`8`{XIua3>DjfSM>Qu; zmSETW{@ETD(`mZD3Z?)LrVIt1OoaPXA{Fd0jpyct5MXrM2<&;TDfUM%zOhRoRXq=Q zg=1q}(Z{8>rW`y|Z|!hV)pNe2*W>g)ZbF$zU|-Wbo`Upm>1k{1!x^bgx<1?lD%--%zJ6t{gWOJ6% zdB(Z+D-YWhXzom~w0kE%_okY$+mUHy(By+8VkK4#|1o)EQp%(zuo>T!32 z9S3LT#otqR=*nwZq)N3h{Ga|P%28-R)AmEG<fK&*gd=#s`5pjB85P0mQnOHTzJ zVTW>m4$N4POSEz)#(-!T0F_@5Ai(g}F$Q=p7Zzhv5=#=}i%W`96LXO-$by6bNH@Bv zpu@irrY<6ED$vQqnXHLo@*CnzPD}>|J#pq6pqOt1ya<#)cz|3EF&|d|!IDVt%6XSQ z0Yk+Gc%Yay+!_XkEsc}Ou%OH5ai470#O{IAVpP&pxspqa|gCG2fBI> z0zhf*v?5XNz`TeLwWLM9v<`F?9}H}1lu;tZ0$dmK!8`*`GWK)Q(XBu}p%ZjiE(|PbykU#e z3S39$q8pCfr9yRots^1BaUA)HZUu5%9?`Y|p5WQ2*@4vxqOuHf%Ma8KfPp2A!d+NR X#g|1`fo(Si1}Px41lCg4Js=(ce0uy` literal 0 HcmV?d00001 diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/LICENSE.txt b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/LICENSE.txt new file mode 100644 index 00000000000..809108b857f --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/LICENSE.txt @@ -0,0 +1,93 @@ +Elastic License 2.0 + +URL: https://www.elastic.co/licensing/elastic-license + +## Acceptance + +By using the software, you agree to all of the terms and conditions below. + +## Copyright License + +The licensor grants you a non-exclusive, royalty-free, worldwide, +non-sublicensable, non-transferable license to use, copy, distribute, make +available, and prepare derivative works of the software, in each case subject to +the limitations and conditions below. + +## Limitations + +You may not provide the software to third parties as a hosted or managed +service, where the service provides users with access to any substantial set of +the features or functionality of the software. + +You may not move, change, disable, or circumvent the license key functionality +in the software, and you may not remove or obscure any functionality in the +software that is protected by the license key. + +You may not alter, remove, or obscure any licensing, copyright, or other notices +of the licensor in the software. Any use of the licensor’s trademarks is subject +to applicable law. + +## Patents + +The licensor grants you a license, under any patent claims the licensor can +license, or becomes able to license, to make, have made, use, sell, offer for +sale, import and have imported the software, in each case subject to the +limitations and conditions in this license. This license does not cover any +patent claims that you cause to be infringed by modifications or additions to +the software. If you or your company make any written claim that the software +infringes or contributes to infringement of any patent, your patent license for +the software granted under these terms ends immediately. If your company makes +such a claim, your patent license ends immediately for work on behalf of your +company. + +## Notices + +You must ensure that anyone who gets a copy of any part of the software from you +also gets a copy of these terms. + +If you modify the software, you must include in any modified copies of the +software prominent notices stating that you have modified the software. + +## No Other Rights + +These terms do not imply any licenses other than those expressly granted in +these terms. + +## Termination + +If you use the software in violation of these terms, such use is not licensed, +and your licenses will automatically terminate. If the licensor provides you +with a notice of your violation, and you cease all violation of this license no +later than 30 days after you receive that notice, your licenses will be +reinstated retroactively. However, if you violate these terms after such +reinstatement, any additional violation of these terms will cause your licenses +to terminate automatically and permanently. + +## No Liability + +*As far as the law allows, the software comes as is, without any warranty or +condition, and the licensor will not be liable to you for any damages arising +out of these terms or the use or nature of the software, under any kind of +legal claim.* + +## Definitions + +The **licensor** is the entity offering these terms, and the **software** is the +software the licensor makes available under these terms, including any portion +of it. + +**you** refers to the individual or entity agreeing to these terms. + +**your company** is any legal entity, sole proprietorship, or other kind of +organization that you work for, plus all organizations that have control over, +are under the control of, or are under common control with that +organization. **control** means ownership of substantially all the assets of an +entity, or the power to direct its management and policies by vote, contract, or +otherwise. Control can be direct or indirect. + +**your licenses** are all the licenses granted to you for the software under +these terms. + +**use** means anything you do with the software requiring one of your licenses. + +**trademark** means trademarks, service marks, and similar rights. diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/changelog.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/changelog.yml new file mode 100644 index 00000000000..bb0320a5243 --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/changelog.yml @@ -0,0 +1,6 @@ +# newer versions go on top +- version: "0.0.1" + changes: + - description: Initial draft of the package + type: enhancement + link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/agent/stream/udp.yml.hbs b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/agent/stream/udp.yml.hbs new file mode 100644 index 00000000000..40a1ef99b8c --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/agent/stream/udp.yml.hbs @@ -0,0 +1,33 @@ +host: {{listen_address}}:{{listen_port}} +{{#if max_message_size}} +max_message_size: {{max_message_size}} +{{/if}} +{{#if timeout}} +timeout: {{timeout}} +{{/if}} +{{#if keep_null}} +keep_null: {{keep_null}} +{{/if}} +{{#if tags.length}} +tags: +{{#each tags as |tag|}} +- {{tag}} +{{/each}} +{{#if preserve_original_event}} +- preserve_original_event +{{/if}} +{{else}} +{{#if preserve_original_event}} +tags: +- preserve_original_event +{{/if}} +{{/if}} + +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} + +{{#if processors}} +processors: +{{processors}} +{{/if}} \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..e4e79e5c2de --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,235 @@ +--- +description: Pipeline for parsing EfficientIP DDI logs. +processors: + - rename: + field: message + target_field: event.original + ignore_missing: true + if: ctx.event?.original == null + - set: + field: ecs.version + value: '8.11.0' + - grok: + field: event.original + patterns: + - "^<%{NUMBER:log.syslog.priority:long}>(?:%{SYSLOGTIMESTAMP:event.created}|%{TIMESTAMP_ISO8601:event.created})\\s+%{DATA:host.name}\\s+%{DATA:efficient_ip.log.service_name}\\[?%{NUMBER:process.pid:long}?\\]?:\\s+%{GREEDYDATA:message}$" + - "^<%{NUMBER:log.syslog.priority:long}>(?:%{SYSLOGTIMESTAMP:event.created}|%{TIMESTAMP_ISO8601:event.created})\\s+%{DATA:host.name}\\s+%{GREEDYDATA:message}$" + - "^%{GREEDYDATA:message}$" + - rename: + field: _conf.tz_offset + target_field: event.timezone + if: ctx._conf?.tz_offset != null && ctx._conf.tz_offset != 'local' + ignore_missing: true + ignore_failure: true + - date: + field: event.created + tag: date_event_created_tz + timezone: '{{{event.timezone}}}' + if: ctx.event?.timezone != null && ctx.event.created != null + target_field: event.created + formats: + - MMM d HH:mm:ss + - MMM dd HH:mm:ss + - MMM d HH:mm:ss + - dd-MMM-yyyy HH:mm:ss.SSS + - ISO8601 + on_failure: + - remove: + field: event.created + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - date: + field: event.created + tag: date_event_created_notz + if: ctx.event?.timezone == null && ctx.event?.created != null + target_field: event.created + formats: + - MMM d HH:mm:ss + - MMM dd HH:mm:ss + - MMM d HH:mm:ss + - dd-MMM-yyyy HH:mm:ss.SSS + - ISO8601 + on_failure: + - remove: + field: event.created + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - set: + field: efficient_ip.log.type + value: 'DHCP' + if: ctx.efficient_ip?.log?.service_name == 'dhcpd' || ctx.efficient_ip?.log?.service_name == 'dhcpdv6' + - set: + field: efficient_ip.log.type + value: 'DNS' + if: ctx.efficient_ip?.log?.service_name == 'named' + - set: + field: efficient_ip.log.type + value: 'AUDIT' + if: ctx.efficient_ip?.log?.service_name == 'httpd' + - pipeline: + name: '{{ IngestPipeline "pipeline_dhcp" }}' + if: ctx.efficient_ip?.log?.type == 'DHCP' + - pipeline: + name: '{{ IngestPipeline "pipeline_dns" }}' + if: ctx.efficient_ip?.log?.type == 'DNS' + # Since logstash sets the @timestamp if not present, `override: true` is required to overwrite the value with event timestamp. + - set: + field: '@timestamp' + copy_from: event.created + if: ctx.event?.created != null + override: true + # If individual pipelines has timestamp, they should take priority. This makes @timestamp < event.created conforming to ECS. + - set: + field: '@timestamp' + copy_from: _tmp.timestamp + if: ctx._tmp?.timestamp != null + override: true + - convert: + field: _tmp.host.ip + if: ctx._tmp?.host?.ip != null && ctx._tmp.host.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: _tmp.host.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{_tmp.host.ip}}}' + if: ctx._tmp?.host?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: _tmp.ip + if: ctx._tmp?.ip != null && ctx._tmp.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: _tmp.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{_tmp.ip}}}' + if: ctx._tmp?.ip != null + allow_duplicates: false + ignore_failure: true + - append: + field: related.hosts + value: '{{{host.domain}}}' + if: ctx.host?.domain != null + allow_duplicates: false + ignore_failure: true + - append: + field: host.ip + value: '{{{_tmp.host.ip}}}' + if: ctx._tmp?.host?.ip != null + ignore_failure: true + - append: + field: host.ip + value: '{{{_tmp.ip}}}' + if: ctx._tmp?.ip != null + ignore_failure: true + - lowercase: + field: event.action + if: ctx.event?.action != null + ignore_failure: true + - geoip: + field: "client.ip" + target_field: "client.geo" + if: ctx.client?.geo == null && ctx.client?.ip != null + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: client.ip + target_field: client.as + properties: + - asn + - organization_name + ignore_missing: true + if: ctx.client?.ip != null + - rename: + field: client.as.asn + target_field: client.as.number + ignore_missing: true + if: ctx.client?.as?.asn != null + - rename: + field: client.as.organization_name + target_field: client.as.organization.name + ignore_missing: true + if: ctx.client?.as?.organization_name != null + - dissect: + field: network.transport + pattern: "view %{}: %{network.transport}" + if: ctx.network?.transport instanceof String && ctx.network.transport.contains('view') + - lowercase: + field: network.transport + ignore_missing: true + - script: + description: Drops null/empty values recursively. + lang: painless + source: | + boolean drop(Object o) { + if (o == null || o == '') { + return true; + } else if (o instanceof Map) { + ((Map) o).values().removeIf(v -> drop(v)); + return (((Map) o).size() == 0); + } else if (o instanceof List) { + ((List) o).removeIf(v -> drop(v)); + return (((List) o).length == 0); + } + return false; + } + drop(ctx); + - remove: + field: message + ignore_missing: true + if: ctx.event?.original != null + - remove: + field: + - _conf + - _tmp + ignore_failure: true + ignore_missing: true +on_failure: + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - set: + field: event.kind + value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml new file mode 100644 index 00000000000..0b082e8a942 --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml @@ -0,0 +1,339 @@ +--- +description: Pipeline for parsing EfficientIP DHCP logs. +processors: + - set: + field: network.protocol + value: dhcp + - grok: + tag: grok_DHCPDISCOVER_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPDISCOVER') + patterns: + - '^%{WORD:event.action} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id}: network %{DATA:efficient_ip.log.dhcp.network}: %{GREEDYDATA:efficient_ip.log.dhcp.discover.message}$' + - '^%{WORD:event.action} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{WORD:event.action} from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPOFFER_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPOFFER') + patterns: + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{NUMBER:efficient_ip.log.dhcp.offered.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{GREEDYDATA:efficient_ip.log.dhcp.offered.duration:long}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{GREEDYDATA:efficient_ip.log.dhcp.offered.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{GREEDYDATA:efficient_ip.log.dhcp.offered.duration:long}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{GREEDYDATA:efficient_ip.log.dhcp.lease.duration:long}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPREQUEST_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPREQUEST') + patterns: + - '^%{WORD:event.action} for %{IP:client.ip} \(%{IP:efficient_ip.log.dhcp.router.ip}\) from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{DATA:efficient_ip.log.dhcp.uid} \(%{GREEDYDATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{DATA:efficient_ip.log.dhcp.uid} \(%{GREEDYDATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{DATA:efficient_ip.log.dhcp.uid}: %{GREEDYDATA:efficient_ip.log.dhcp.request.message}$' + - '^%{WORD:event.action} for %{IP:client.ip} \(%{IP:efficient_ip.log.dhcp.router.ip}\) from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} for %{IP:client.ip} \(%{IP:efficient_ip.log.dhcp.router.ip}\) from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} \(%{GREEDYDATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{DATA:efficient_ip.log.dhcp.uid} \(%{GREEDYDATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} for %{IP:client.ip} \(%{IP:efficient_ip.log.dhcp.router.ip}\) from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id}: %{GREEDYDATA:efficient_ip.log.dhcp.request.message}$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id}: %{GREEDYDATA:efficient_ip.log.dhcp.request.message}$' + - '^%{WORD:event.action} for %{IP:client.ip} \(%{IP:efficient_ip.log.dhcp.router.ip}\) from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name})$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPACK_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPACK') + patterns: + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{NUMBER:efficient_ip.log.dhcp.offered.duration:long} \(%{DATA:efficient_ip.log.dhcp.message}\) uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{NUMBER:efficient_ip.log.dhcp.offered.duration:long} \(%{DATA:efficient_ip.log.dhcp.message}\) uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} \(%{DATA:efficient_ip.log.dhcp.lease.message}\) uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} (?:\(%{DATA:efficient_ip.log.dhcp.client_hostname}\) )?via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{NUMBER:efficient_ip.log.dhcp.offered.duration:long} \(%{DATA:efficient_ip.log.dhcp.message}\)$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} \(%{DATA:efficient_ip.log.dhcp.lease.message}\) uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} \(%{DATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} \(%{GREEDYDATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{GREEDYDATA:efficient_ip.log.dhcp.lease.duration:long}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{GREEDYDATA:efficient_ip.log.dhcp.lease.duration:long}$' + - '^%{WORD:event.action} to %{IP:client.ip} \(%{MAC:client.mac}\) via %{WORD:observer.ingress.interface.name}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_RELEASE_message + field: message + if: ctx.message != null && ctx.message.contains('RELEASE') + patterns: + - '^%{WORD:event.action} of %{IP:client.ip} from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) \(%{DATA:efficient_ip.log.dhcp.release.info}\) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} of %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) \(%{DATA:efficient_ip.log.dhcp.release.info}\) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPEXPIRE_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPEXPIRE') + patterns: + - '^%{WORD:event.action} on %{IP:client.ip} to %{GREEDYDATA:client.mac}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPINFORM_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPINFORM') + patterns: + - '^%{WORD:event.action} from %{IP:client.ip} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id}: %{GREEDYDATA:efficient_ip.log.dhcp.inform.message}$' + - '^%{WORD:event.action} from %{IP:client.ip} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPDECLINE_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPDECLINE') + patterns: + - '^%{WORD:event.action} of %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id}: %{GREEDYDATA:efficient_ip.log.dhcp.decline.message}$' + - '^%{WORD:event.action} of %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}): %{GREEDYDATA:efficient_ip.log.dhcp.decline.message}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPNAK_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPNAK') + patterns: + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name})$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPLEASEQUERY_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPLEASEQUERY') + patterns: + - '^%{WORD:event.action} from %{IP:client.ip}: %{GREEDYDATA:efficient_ip.log.dhcp.lease_query.message}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_REFUSED_message + field: message + if: ctx.message != null && ctx.message.contains('REFUSED') + patterns: + - '^%{REVERSE_UPDATE:event.action} for %{IP:client.ip} abandoned because of non-retryable failure: %{DATA:event.outcome}$' + - '^Unable to %{ADD_FORWARD:event.action} from %{DATA:efficient_ip.log.dhcp.forward_name} to %{IP:efficient_ip.log.dhcp.ip} by server %{IP:server.ip}#%{NUMBER:server.port:long}: %{DATA:event.outcome}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + pattern_definitions: + ADD_FORWARD: (?i:add forward map) + REVERSE_UPDATE: (?i:reverse map update) + - gsub: + field: event.action + pattern: ' ' + replacement: '_' + if: ctx.event?.outcome?.equalsIgnoreCase('refused') == true + - set: + field: event.outcome + value: failure + if: ctx.event?.outcome?.equalsIgnoreCase('refused') == true + - grok: + tag: grok_Encapsulated_Solicit_message + field: message + if: ctx.message != null && ctx.message.contains('Encapsulated Solicit') + patterns: + - '^%{DATA:event.action} message from %{IP:client.ip} port %{NUMBER:client.port:long} from client DUID %{GREEDYDATA:efficient_ip.log.dhcp.duid}, transaction ID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_Advertise_NA_message + field: message + if: ctx.message != null && ctx.message.contains('Advertise NA') + patterns: + - '^%{DATA:event.action}: address %{IP:client.ip} to client with duid %{GREEDYDATA:efficient_ip.log.dhcp.duid} iaid = -%{GREEDYDATA:efficient_ip.log.dhcp.iaid} valid for %{NUMBER:efficient_ip.log.dhcp.validation_second:long} seconds$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_Relay_forward_message + field: message + if: ctx.message != null && ctx.message.contains('Relay-forward') + patterns: + - '^%{DATA:event.action} message from %{IP:client.ip} port %{NUMBER:client.port:long}, link address %{IP:efficient_ip.log.dhcp.link_address}, peer address %{IP:efficient_ip.log.dhcp.peer_address}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_Encapsulating_Advertise_message + field: message + if: ctx.message != null && ctx.message.contains('Encapsulating Advertise') + patterns: + - '^%{DATA:event.action} message to send to %{IP:client.ip} port %{NUMBER:client.port:long}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_Sending_Relay_reply_message + field: message + if: ctx.message != null && ctx.message.contains('Sending Relay-reply') + patterns: + - '^%{DATA:event.action} message to %{IP:client.ip} port %{NUMBER:client.port:long}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_fallback_message + field: message + if: ctx.message != null && ctx.event?.action == null + patterns: + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - lowercase: + field: event.action + ignore_failure: true + ignore_missing: true + - gsub: + field: client.mac + ignore_missing: true + pattern: '[-:.]' + replacement: '-' + - uppercase: + field: client.mac + ignore_missing: true + - convert: + tag: convert_client_ip + field: client.ip + if: ctx.client?.ip != null && ctx.client.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: client.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{client.ip}}}' + if: ctx.client?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + tag: convert_dhcp_link_address + field: efficient_ip.log.dhcp.link_address + if: ctx.efficient_ip?.log?.dhcp?.link_address != null && ctx.efficient_ip.log.dhcp.link_address != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: efficient_ip.log.dhcp.link_address + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{efficient_ip.log.dhcp.link_address}}}' + if: ctx.efficient_ip?.log?.dhcp?.link_address != null + allow_duplicates: false + ignore_failure: true + - convert: + tag: convert_dhcp_peer_address + field: efficient_ip.log.dhcp.peer_address + if: ctx.efficient_ip?.log?.dhcp?.peer_address != null && ctx.efficient_ip.log.dhcp.peer_address != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: efficient_ip.log.dhcp.peer_address + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{efficient_ip.log.dhcp.peer_address}}}' + if: ctx.efficient_ip?.log?.dhcp?.peer_address != null + allow_duplicates: false + ignore_failure: true + - convert: + tag: convert_dhcp_router_ip + field: efficient_ip.log.dhcp.router.ip + if: ctx.efficient_ip?.log?.dhcp?.router?.ip != null && ctx.efficient_ip.log.dhcp.router.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: efficient_ip.log.dhcp.router.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{efficient_ip.log.dhcp.router.ip}}}' + if: ctx.efficient_ip?.log?.dhcp?.router?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + tag: convert_dhcp_interface_ip + field: efficient_ip.log.dhcp.interface.ip + if: ctx.efficient_ip?.log?.dhcp?.interface?.ip != null && ctx.efficient_ip.log.dhcp.interface.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: efficient_ip.log.dhcp.interface.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{efficient_ip.log.dhcp.interface.ip}}}' + if: ctx.efficient_ip?.log?.dhcp?.interface?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + tag: convert_dhcp_relay_interface_ip + field: efficient_ip.log.dhcp.relay.interface.ip + if: ctx.efficient_ip?.log?.dhcp?.relay?.interface?.ip != null && ctx.efficient_ip.log.dhcp.relay.interface.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: efficient_ip.log.dhcp.relay.interface.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{efficient_ip.log.dhcp.relay.interface.ip}}}' + if: ctx.efficient_ip?.log?.dhcp?.relay?.interface?.ip != null + allow_duplicates: false + ignore_failure: true + - append: + field: related.hosts + value: '{{{efficient_ip.log.dhcp.client_hostname}}}' + if: ctx.efficient_ip?.log?.dhcp?.client_hostname != null + allow_duplicates: false + ignore_failure: true +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml new file mode 100644 index 00000000000..282e00f64cd --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml @@ -0,0 +1,169 @@ +--- +description: Pipeline for parsing EfficientIP DNS logs. +processors: + - set: + field: network.protocol + value: dns + - grok: + field: message + patterns: + - "%{CLIENT}\\s*\\(%{GREEDYDATA}.\\)\\:\\s*%{NOTSPACE:efficient_ip.log.dns.category}\\: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type} \\(%{IP:server.ip}\\) -> %{WORD:dns.response_code}(\\s+%{GREEDYDATA:dns_answers_data})?" + - "%{CLIENT}\\s+(\\(%{GREEDYDATA}.\\))?\\s*%{NOTSPACE:efficient_ip.log.dns.category}\\: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type}\\s+\\(%{IP:server.ip}\\)$" + - "%{CLIENT}\\s+update '%{DATA:dns.question.name}/%{WORD:dns.question.class}' %{GREEDYDATA:efficient_ip.log.dns.category}" + pattern_definitions: + CLIENT: 'client (?:%{DATA} )?%{IP:client.ip}#%{NUMBER:client.port:long}:?' + VIEW: 'view %{DATA:efficient_ip.log.view}: ' + - date: + field: _tmp.timestamp + target_field: _tmp.timestamp + if: ctx._tmp?.timestamp != null && ctx.event?.timezone != null + tag: date_tmp_timestamp_tz + timezone: '{{{event.timezone}}}' + formats: + - dd-MMM-yyyy HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSS'Z' + on_failure: + - remove: + field: _tmp.timestamp + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' + - date: + field: _tmp.timestamp + target_field: _tmp.timestamp + tag: date_tmp_timestamp_notz + if: ctx._tmp?.timestamp != null && ctx.event?.timezone == null + formats: + - dd-MMM-yyyy HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSS'Z' + on_failure: + - remove: + field: _tmp.timestamp + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' + - script: + lang: painless + if: "ctx.dns_answers_data != null && ctx.dns_answers_data != ''" + description: "Parse DNS answer records" + source: | + def answers = new ArrayList(); + def text = ctx.dns_answers_data.trim(); + def validTypes = new HashSet(['A','AAAA','CNAME','SOA','SRV','PTR','MX','NS','TXT']); + // Split by spaces and walk tokens to find TTL TYPE boundaries + def tokens = text.splitOnToken(' '); + int i = 0; + while (i < tokens.length - 1) { + def tok = tokens[i]; + // Skip empty tokens from multiple spaces + if (tok.length() == 0) { i++; continue; } + // Check if token is a number (TTL) followed by a valid type + boolean isNum = true; + for (int c = 0; c < tok.length(); c++) { + if (!Character.isDigit(tok.charAt(c))) { isNum = false; break; } + } + if (!isNum) { i++; continue; } + // Find next non-empty token + int j = i + 1; + while (j < tokens.length && tokens[j].length() == 0) { j++; } + if (j >= tokens.length) break; + def typeStr = tokens[j]; + boolean isType = validTypes.contains(typeStr) || (typeStr.length() > 4 && typeStr.substring(0, 4).equals('TYPE')); + if (!isType) { i++; continue; } + // Collect data tokens until next TTL+TYPE pair or end + int dataStart = j + 1; + int dataEnd = dataStart; + while (dataEnd < tokens.length) { + def dt = tokens[dataEnd]; + if (dt.length() == 0) { dataEnd++; continue; } + boolean dtIsNum = true; + for (int c = 0; c < dt.length(); c++) { + if (!Character.isDigit(dt.charAt(c))) { dtIsNum = false; break; } + } + if (dtIsNum && dataEnd + 1 < tokens.length) { + int k = dataEnd + 1; + while (k < tokens.length && tokens[k].length() == 0) { k++; } + if (k < tokens.length) { + def nt = tokens[k]; + if (validTypes.contains(nt) || (nt.length() > 4 && nt.substring(0, 4).equals('TYPE'))) { + break; + } + } + } + dataEnd++; + } + def dataParts = new ArrayList(); + for (int d = dataStart; d < dataEnd; d++) { + if (tokens[d].length() > 0) dataParts.add(tokens[d]); + } + def answer = new HashMap(); + answer.put('type', typeStr); + answer.put('data', String.join(' ', dataParts)); + answers.add(answer); + i = dataEnd; + } + if (ctx.dns == null) { + ctx.dns = new HashMap(); + } + ctx.dns.put('answers', answers); + if (ctx.efficient_ip?.log?.dns == null) { + if (ctx.efficient_ip == null) ctx.efficient_ip = new HashMap(); + if (ctx.efficient_ip.log == null) ctx.efficient_ip.put('log', new HashMap()); + if (ctx.efficient_ip.log.dns == null) ctx.efficient_ip.log.put('dns', new HashMap()); + } + ctx.efficient_ip.log.dns.put('answers', answers); + ctx.remove('dns_answers_data'); + - convert: + field: server.ip + if: ctx.server?.ip != null && ctx.server.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: server.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{server.ip}}}' + if: ctx.server?.ip != null + allow_duplicates: false + ignore_failure: true + - append: + field: related.hosts + value: '{{{dns.question.name}}}' + if: ctx.dns?.question?.name != null + allow_duplicates: false + ignore_failure: true + - registered_domain: + field: "dns.question.name" + target_field: "dns.question" + if: ctx.dns?.question != null + - remove: + field: + - repeat_message + - dns.question.domain + ignore_missing: true +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/base-fields.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/fields.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/fields.yml new file mode 100644 index 00000000000..a7cd550f46a --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/fields.yml @@ -0,0 +1,145 @@ +- name: efficient_ip.log + type: group + fields: + - name: dhcp + type: group + fields: + - name: client_hostname + type: keyword + - name: decline + type: group + fields: + - name: message + type: keyword + - name: duid + type: keyword + - name: discover + type: group + fields: + - name: message + type: keyword + - name: iaid + type: keyword + - name: inform + type: group + fields: + - name: message + type: keyword + - name: interface + type: group + fields: + - name: ip + type: ip + - name: ip + type: ip + - name: forward_name + type: keyword + - name: lease + type: group + fields: + - name: duration + type: long + - name: message + type: keyword + - name: lease_query + type: group + fields: + - name: message + type: keyword + - name: link_address + type: keyword + - name: message + type: text + - name: network + type: keyword + - name: offered + type: group + fields: + - name: duration + type: long + - name: peer_address + type: keyword + - name: relay + type: group + fields: + - name: interface + type: group + fields: + - name: ip + type: ip + - name: name + type: keyword + - name: release + type: group + fields: + - name: info + type: keyword + - name: request + type: group + fields: + - name: message + type: keyword + - name: router + type: group + fields: + - name: ip + type: ip + - name: trans_id + type: keyword + - name: uid + type: keyword + - name: validation_second + type: long + - name: service_name + type: keyword + - name: type + type: keyword + - name: view + type: keyword + - name: dns + type: group + fields: + - name: after_query + type: text + - name: answers_policy + type: text + - name: before_query + type: text + - name: category + type: text + - name: failed_message + type: text + - name: message + type: text + - name: view_name + type: text + - name: version + type: text + - name: header_flags + type: keyword + - name: rpz + type: group + fields: + - name: action + type: keyword + - name: domain + type: keyword + - name: domain_rewrite + type: keyword + - name: query_class + type: keyword + - name: query_class_rewrite + type: keyword + - name: rule_type + type: keyword + - name: type + type: keyword + - name: answers + type: group + fields: + - name: ancount + type: long + - name: type + type: keyword + - name: data + type: keyword diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/manifest.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/manifest.yml new file mode 100644 index 00000000000..7409a05942c --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/manifest.yml @@ -0,0 +1,43 @@ +title: "EfficientIP Logging" +type: logs +streams: + - input: udp + title: "logs via UDP" + description: |- + Collect EfficientIP logs via UDP + template_path: udp.yml.hbs + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + - efficientip-log + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original`. + type: bool + multi: false + default: false + - name: tz_offset + type: text + title: Timezone Offset + multi: false + required: true + show_user: true + default: local + description: >- + By default, datetimes in the logs will be interpreted as relative to the timezone configured in the host where the agent is running. If ingesting logs from a host on a different timezone, use this field to set the timezone offset so that datetimes are correctly parsed. Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00") from UCT. + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: >- + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/sample_event.json b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/sample_event.json new file mode 100644 index 00000000000..03a0729c923 --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/sample_event.json @@ -0,0 +1,53 @@ +{ + "@timestamp": "2026-02-25T10:14:26.000Z", + "client": { + "ip": "10.10.10.10", + "port": 58860 + }, + "dns": { + "question": { + "class": "IN", + "name": "test.foo.bar.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-02-25T10:14:26.000Z", + "original": "<13>Feb 25 10:14:26 named[52927]: client 10.10.10.10#58860 (test.foo.bar.): answer: test.foo.bar. IN A (10.0.0.1) -> NXDOMAIN" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 52927 + }, + "related": { + "hosts": [ + "test.foo.bar." + ], + "ip": [ + "10.0.0.1" + ] + }, + "server": { + "ip": "10.0.0.1" + } +} \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/docs/README.md b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/docs/README.md new file mode 100644 index 00000000000..eed6ed8959a --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/docs/README.md @@ -0,0 +1,81 @@ + + + +# EfficientIP Integration for Elastic + +The EfficientIP integration collects and parses data from [EfficientIP](https://efficientip.com/) DDI (DNS, DHCP, and IPAM) solutions, enabling centralized monitoring and analysis of network infrastructure events within Elastic. + +## Overview + +The EfficientIP integration for Elastic enables collection of event logs from DNS, DHCP and IPAM. This integration enables the +following use cases: +- DNS query monitoring and threat detection +- DHCP lease management and IP address tracking +- IPAM auditing and infrastructure compliance +- Network anomaly identification and security investigations + +### Compatibility + +This integration is tested with EfficientIP version 8.4.7e + +## What data does this integration collect? + +This integration collects the following data types from EfficientIP DDI solutions: + +- **DNS Events**: Query logs, response codes, and DNS transactions +- **DHCP Events**: Lease assignments, renewals, releases, and IP address allocations +- **IPAM Events**: Address space changes, subnet modifications, and infrastructure audits + +All events are forwarded via syslog and processed through Elastic ingest pipelines for analysis and visualization within the Elastic Stack. + + +## What do I need to use this integration? + +Minimum requierment Elastic stack 9.0.x and EfficientIP version 8.4.7e + + +## Deployment methods +This integration supports the following deployment methods: + +**Syslog-based**: EfficientIP nodes forward events to a syslog destination where Elastic Agent collects and processes the data. + +To configure syslog forwarding on an EfficientIP node: + +1. Access the EfficientIP administration interface +2. Navigate to **System Settings** > **Logging** or **Event Forwarding** +3. Select **Syslog** as the destination type +4. Enter the syslog receiver host IP address and port +6. Verify the connection and enable syslog forwarding +7. Configure Elastic Agent to listen on the syslog port and ingest the forwarded events + +Refer to the EfficientIP documentation for your version for detailed configuration steps specific to your deployment. + +### Agent-based deployment +Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). You can install only one Elastic Agent per host. + +Elastic Agent is required to stream data from the syslog or log file receiver and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines. + +### Inputs used + +These inputs can be used with this integration: +
+udp + +## Setup + +For more details about the UDP input settings, check the [Filebeat documentation](https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-udp). + +### Collecting logs from UDP + +To collect logs via UDP, select **Collect logs via UDP** and configure the following parameters: + +**Required Settings:** +- Host +- Port + +**Common Optional Settings:** +- Max Message Size - Maximum size of UDP packets to accept (default: 10KB, max: 64KB) +- Read Buffer - UDP socket read buffer size for handling bursts of messages +- Read Timeout - How long to wait for incoming packets before checking for shutdown +
+ diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo.svg b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo.svg new file mode 100644 index 00000000000..23ddd7902e3 --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo.svg @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo_BlueGrey.svg b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo_BlueGrey.svg new file mode 100644 index 00000000000..f163b40e557 --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo_BlueGrey.svg @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-logo.svg b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-logo.svg new file mode 100644 index 00000000000..6268dd88f3b --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-logo.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-screenshot.png b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-screenshot.png new file mode 100644 index 0000000000000000000000000000000000000000..d7a56a3ecc078c38636698cefba33f86291dd178 GIT binary patch literal 18849 zcmeEu^S~#!E#4Tq;}?6chqwB{?k=6jc5D4>l%v(rleJ2Y%tW zDj9g7px}|*e;{M?LDwiK3@FNS(lDRTd-MJYIyUJCN948~OJk1M(DrJyI#iV;P4k~& zFZo35IfQt0RwlUN`48^6(1dv_wm(y1xhEdMld=Y?!%u=fPT_*{3( zwBwz3#qR}_)t>C*jp5@U)Ti~B)Y;qq*TRxZJ7ZRN_^A3TDAEM*@7Ve%(Ro7=1%1B< zVj6GBUTxXev>_^SFA zgKZ=g4aTS}9>Ofj7cSB0WO?gQ)x=+!hs_)b$6#>ScFZ>XAoIX)%Bc|BDC~JFBk0f0 z0NY}6gb)&!qx^FWC(!ji+Kl$V$2|ocA=vN0TM0Y`U?tX+T)c*C zA!IL(T2Vm%MCLa85^if@J@Kkprx8QN5!6eCR@4Oa5S?4-4|ou?90mFCM8D!;n(5xz zO}-*t!TntN>|a$s(kGQg1P-U?hqvGF2_fGvd&~yZ_l3Qf&j~XWa=;>N3#-~#zjzcc z*m18L`A-K2o!d@J>a8SRbm4P&-q1(H>|JgIymDbnJF&@008`=X!P?4DGgZb>voUl^ zNJKgPR4S={)3vuk_{n@=M8q;;aJL>q+VLdTnO=}`&x;1DKjJA3*f*idS{jP5?+;!W zn-^7021Z4zv`Aq`hmX1aid997RNh3fa-@PG(W7TzKa1W&5^y3|lPeETP7j9qXpo4)7%(W0_2 z^Nmq;t@rb1eP3?%kOkH`P%!zTC7ZHjSfNN3*Sb#=3#jB*KpNGNfnRZ{N(6DrW(;B2Bwom<%m?VQP%K+ zsFeF1-(DY}oP@)w^Kw~gPg03q?N;)Ec6^|nikA34T~RynX*z}H>R~qgT$`Zbhn8wzZs$j2fsGN&rOK-mIBBvzD@a8FgbLpL!h5N^u&0wG} zq!#md3MHITv?3@$37J?lc_5*LWJTTjel;IiU-Yq;(g9I^D&KN_NKVS0O~GvB~FzPM6}=4d%fG4Nw4pZshcyLqK@`b8?RhD38haIyr@+8+0r5TC1*C7^WleJ zZN3_ngTD#RQvNL*;qD2H@cBWJbCC#d!}=oKfod5SE9a?!?j%DVt1z@inN}Iy$r+96 zM@P?AC+(`cM;z6J94BYGJ;+P-N#yj$?`G26ydS&OVH?~JY(N4l()Fh+x+DoJ@r<+i zhm^ck@QP`=fLApr62@KyOef~}zuG;(VbDQmw|Wb+oSHSw=%w9R)=et0cY*~ytX)#M zEXlK^p;zM@vTnXn+C1vwP)~TJv|TvDE2($;;EzC5_5IL#H;u z)#CO8)TSzbt8)wHB8$I8KcIojx&GoE)3QNu{CQ+_xBmQ&`mL5-u=BX(hs^hMY^ zae!!*Q;Tr$@(0~GoBJAohGw*d{l8~!aXop87aaSUb2jm)Tk>#$1*cdo5Sl+?oD!l4Og~yX+soottl4 zp4OartUuAN(dD~yLJ}`A1*!D4-|L^hM;`_DM^1KYs-VF(}h(BjRO``b+xV~%O=-)?p z7ciJH7Fnl?V&=ay_AB{oQoa2iR;6$^tiE|-eRCFy|3F@%j#6gUxkZX@?K`F$u#;T< z4IZORpUthmB?U`;zrOkp?P(Rvd5TFRWrBJmVg;KEZvJ+;Q}FRY%QZ?c^&$oPXW+C5 zdN#c>v%U?QuE+hMQdzxS1Q(BT90;29qu#^A?a^)Ui;{TJ;%`nLgm2ew$J4NvREjCJ z$`C7&?tH$CrVG@M3J1-KJw_*9BKeL*JX{ zN+Vg_TXb9^jJO$ZGkXO6BBFDjt~w5`w2TB*z$&1W5Il3IiDs=ZMDt|9iRtKET*wF6 z0Z+|N87p-5Fh)^(*l>OVr5^aY5LW(@PuM>Qo@&)yj6XRkPm1>eTF#Y_c*aRF^ZY5A z9FAU7lKEHG@i{wJMPg;n6z2|69d-)q9@<7t()d-zPy&X zdXG7{Uw{k23)CzzQAXw#iqj<1u~W@K_Ljc#?ukh;fRKHeJ2l~Z+52b2n^bGiDF2oX zm25FLx|4AP8>rAi@koY03lrtS#X?zK591c?2iZ_jjc>0y>q9>fU<08o6zG%z9WK+S zDwZMW4~28wu#ye#V*@#5t^S@NiAA`3{SF$xINmc_WW^u-C9M=H>RQ1>WM=|R!660{ z6E6%DwX`eu<3pkmz7Z=FCRd$(vhDkc3yMnSr)5C*aho)DZ<12$`$TXj<8Z70)|rK7 zXFD8QzksfWZU`qL2K8X{C~TcF{KVW`3Y{IMb&)T9%1V`tv(HY1 z+LXkLyM|3mtLD{x-#hOw-U?sr-iLeHFA|=-sGZ4#hX)atL!a91(tWJc+og&5W}VfZ zpgE7`{5D`~?yGR++y7~xA&eU0N*ZezDjF$> zUeK&1aTFQRg*?v^Z2e7u<`lk$czR6}b6Cl-qA9%A`#A6q0*zyTu)X`3rhjR86NK3= zLdw{+-F}+b2gxd-qF7>Rla}dFkj|L#c|pg5Ni+MRA|BZH(@ME*o<1ijKcoXb%PVfJ ztp_uf=G%kvU((pHcw90Xut=}atA!giM-5By)f40nKp zv7Wdb{;^<}VRvruH~rYr~wEuYY2ov-5Q|p@u3Da9+z7PeIpBAwi?RxnxN3Kt+N9L(LUS%wxY` z>e&1VV;{CYw8DNRlvBH)>!I49SU4R!t3I4=y;mCevPZh!-}~G+F>6hcL_Rli4r zC4(WN)`j$>^S=~GMGR=^)A6wrqi(-x{xK37&Vx!OS6t=KQ2JVZo#GrSODtTe=TVh%*qfF%91nqsMNLNL^Gp|_ zz%I*HUkMQGqb!1eh{{bp|0GSCDbkG_D_d)8<(0r<6-%Qi7qDa7xZjcdZ$?Rth9L!f z$erCcs3<~mtupywbaT8NWZF#v?iZkvqSz3@p`RiXs7P!GUa~-U9hEG(NgI#3BzO-# z!9JWf(;r!*A=@g$f}>wi|6Q@9z8AmYf~x8G%sp>C5cfuJY;hs1o3Ozu^{pH0AFbs%yU)Xy5>Cf?qXiHn*-PAfKDRiy`U0sFSKFsgEZ6_ z9#ma!<#Izr^}_z*>PRSt564u6We*XmZUx^jv*dK; z4zyFZ*ZFSE!00<6!|+#33&R)@RA8V9YRjp$HS9?CGq*xDSDRbX#i;}mateEF{fqTI zt?X}Efkq_Ap*_ETgaikOBbQ|;47}hwX44K`(DUI@C)QiG&6UJ1UmRn*Q@6%e`+x(gpQp74O{;yli8YLCV}qD z4gIyZd_(8ED~WWaeXOb0^r=9=AiDT}by~+$KVF~M{ywbQl zng-h?a_E;yX?DCr4|_h7JMc7>xgWf7Ek-VmH^hCYunVp3{(d{---&%-GZ=rK#V5Jo zJvP8b!2AA5?9)G8gwzB6ze3TU<5*Pqms^Q-?C9-CN~4hb-`U0D@kAkTWn23``cao^ z8IWAp8h7`%ZA+eI?w$sJktq5m>e&0@mQn>2BdpKAxbj1$m$8Z;`!iFvl9($Lb9Ff? zT^6cTZ~HgIeR6R*;G(rzpgsJP41Fx9Df;G6{;k6T(i}&8hX(jHSC@~#X@70h#)g(( z*9vUC+a*b%oAdf1$}Z3NR;|c5nY4^Z51pfqk(tmJbB;Q#ka#tf5eae;-kq$I{xO3<(TI$0lSe-JQzJ*es;il=Kn_?&?E zfLbs{qErPqm)-*ZfwbA*D-shgb|1;X;cH*yA|q8gS=HiosF=-kbdk6--SR+`F^H_` z0*i`J==@XSe=HT;_``G}ulE=H@*3GU*?gVd@h*`eT^GKjI;C@8+h~;(u3bA#b&bN{ zYw>dJ$(;RfHDLlndS`CWOE=g0jOocCc&;w(dOzrLf4-DK*MD@P_;u&CbfMw=#Q-B` zDq8hGwKN-O7(hQA_bP3f5XrZH+@*FGw~ppmDgNWcf|Lf*Pc%e5dw1DcJ1BWm!z7z3 zr^toEU*P(>G#;_1X}Rz(5lbDtCui%hY^d3lm)kw0vyk zX~K4$AG#7cG`6s2%9g9zsaQ9o?;3yzW4Pt!;NlS zzI#G7tiq&@eV&}qDtY(e$1JwscAfle%Al{3>Nr%``n?`Jac^CdOXUbFgI3;m{RkA~ zokl+lxuw9=%W&MmzA+G%ZdFMMP&N2^6BWjG2Lt|xKx)lMCR@b0n+xgw<)&Dwi?}>- z+$_e|@M;uW@3z6)q&L7bYitZ%huzGqH_qHOr&G5o!?(8TJv_MN1ka|&c6_!Q>#PgHSFoPWiLg|k_{ zQd#Zy&BPkU(0OE5S35!B5qb6%T3Wd#J(zBl8dw6I#xIDDF-LBPi-jXv1E?!gE|1OIdTejK)+U3ooC^otSIRsWZf-`&K}6}s!407Y58zH zK(oYx*7sN1O|Z_1YIJS_H$E@DH(hB4QKNCGQT3PTvwYoe2&8WKi5`5tU-r4!>_V3XUT}N)>8V;+z-!@-IGCKiD>E9RC(K`NMx=;Qp zf$2g^t?)zpU0L!BZi(oE#)^Z_biT*Svh>r#%1=O+Wo37G`Q)4@k#Pe?^mgBIugC)8 zyEICH=`{A~^x#X&%tr-$j|(nXrIrGQYNY+C3M+LO;yUU4-|v>a5#P)XYp>_|C0f0n{_p0mvwWmghfd%!Cm}$qBDxOqA3htLs~ghSA1>6^dVgd~ zVHHBBy6;Pp=El;dkTE=ttp~BoOJ$L@EB3Z37T1kTNG3tm4PY5O-7hP5DA$-k=vV&6 z?RiAm;W~*o)R7!x9>u$&@|&D4xMmJ*y+^-6t!F0u8G~78t&Bs#W>w_NbW>W9M3tXWXRf zI86FWVx%iXXh6MJ>dg#?lNu{K@S#nzMIG4PXQd%!Bvc*H0c7F_Y=adptJr*cHevMQ z%?Xu~q8CFw>^L*S_83kVhq=)hf0%_Lq}SE*g(Da_A{kXVZfAd*YCwp~bG32wi&SNM z#QZ7}Ug5-=+s^uqAh_|}gzya<(&E?XAZ%0ybd9nraj?|z1YfPr*{N?Q{ji}YG`T#| z=uwJZHIMlsmevnenT#-)t$L*=2wh|1EYXW?_36TR?L!sUItJVxaC0$Gb|gq4{|4gA z(v0ODFj!T)jc5>65ys)* z7$aBHfbKdz@QJq1b`NT`344*g()$>5*Ey`TPB7WI;|_8o8t9-_4ikFub|I{66>ge> zHA+6onzFKY*eaiA!77SD*^&LyumAR6gSvxY6Q?;!AvI{rZ##!G$%ZfIgce4F`aF;e z?jVh%+B-vj69ei~bh_zA9w}S4B4rzRKQ1~u$gwVu_x5PlRKDXX2(_2Mm7fs%6{SS7Qh1gWT8xaxc=f8`mW38ukIZxwU;lmHABwFSg50*o zrj%f%j~IKR?N5Dxwrq|sTa?!pd{b3sFM&~{4~_^YH4$bI^Fq2W4-y`))^|7fS?i0) zJ&Z9wY!8%l7@gAr`2{fqA;L;ptQR*X2|xUtrT47KK%XN+dydN$*M?65LuXTRabgERR{n>;E;(&vS0_@COY!p<%5LsRqGpER%~YjkSK zwBo9-2|-ZFiU3TT&S+@}3gDT35t0IXTzX@yHA(v>Y8;-mZNySQ&fE7RJ1^tzJfvdApX& z*!+tE)Y{oR%jk8A)3EiI3i*(TOwP!;B3hAOj?KQ6^h-q~1V^166uYS~mH*2Hh*0}r z`R3u1#^LG9IW|^QT^|61H(T1Jz?n;(Z>52lU0BO>Q6*zgpP*gTFk2Uw)!3zt>3F~_ ztil4!R*-j}wjh%&(kSB%}X=u4RbFRp@^l+$SmM@nW9B;yGbf@nasjFMEE{m9Oe

}qal5$moSACwfNXLXG5|3R0AtBcN` z?%yS)&>O>sqxU64U~C3&Q^>z-Zt}WuX4Wh3dKj9EO zfSbV!c3e;EOeKHQmWEw#NM4;*tw-2o@x&kKT?rsmy-F|$jw-F>WgA7?C@{O1qPg*J zf92|RTBMh&ptHADFc{T+cB?+mOj>h2HKgwkxq6w&XBxPc?>=JKvU2K9aU93@vp-R% z{5T=P$9U}AYZ5QU{3%7}YZ+ACWXw#-U zWyxU(OP#Q9-2AeGmCwcp`zWghf2hvsOjWjDQbU?U`v0&a--f1`v0Bd8HLiLmo)PKz5!A1|XVO+89 zm3h2~6yI~cpWor!_yt-?Lt>z`c0a7cJAW)#d8N8nNIf0H<+v;s4{0guDD(?T7Z<~$ zd`$vpZ_QQgFaMT0_d5&+(jwGU?M1FqUu6wjA-9z?mRM}(CmSdK;2e$Na}F-8jbhgN z9)@AIQeghf{xCC^{9P%VdYW1PP#}2BJwWt z0Hd8%st1NK5%h+)UB^mVwh{e#8TIm$xxgGo6I5;e{~VUeeMGRpM_Z%=eH5$X1}?Z5 z`|*_Vp~K&ziz45-Ih9y>EOr(Buy0&n$dbQ4$5eSr=Ti z#~7^n8dmem;$0D4+6eV7&G2D~d@ z+R#u8+nw_N%7_U_1e53P?~&10^m|ZUXrZhVp04lQLsGos%0fRDhS=@>8TOAAxK;Cy z9GZw_1pfSxD5~xoR!INI?tU0wrKDd6^Tv{jL>`Xb49kBaNPlhMaIfh_nq_)zB7NcX z05XeQKz`@BDUx7*i!V~%dc8XQ#ngBw0A2tSr(npSCrNy5Z7>48v&Zz?0{%FRElh_h zN2|?#EhJL5HQMIu6m1=ypTR?tVymHK)xQvS9ir7FzMp?CjlND39PK`od#GytVhZWp zQ1@>MTE1*Ip>hnXSWa?XbMH#708@j12yPbm`JfcqIgmJepn$5YgkJn_%5I)mr`Q(k z-a0yFR3A`houhvf&|wNpIsV{2p%MqhR@`@R(l6`}iufEgI*UxWq~26?WTpZCV{JtG zYL?&#I98fyf_;2S0?_V{=Aa4t^x%vy$pF$_Lh7W2f*~5uPvGYh;vZhMv|u+Z?2t0~ zcYPXdxbg6OS*LUjR_=jLDt)ab6;?g1IuySLG@UE;jLpt-wjLX&RlY>fnd@f&?0NyT zht5vhP^};k6`U76$%&I)iWPNxG6KPjdh`S6>g9GN@;KObQsLG zKyjfrPR0PU1B0a0=)3@9eCDl?mB9rFdlTMtTAeZv2}F*|@JWleq2+H1bt>>x!^wTk z+I)cgsZwzCMwoRpW_*!3IySTQu!`HWugAXe(Ai(a9Rsu;*0#o6torxwNMxPzEAjt` z>70Vw;HCQ?AnP`RKQ;2R8h%;LI#tx^(MO*lMWJe4_?)Q571P`kTmN#(ez21V!<6+S z@Uap+y%#8&cGgdf+E@y$dUx3g#)=#5k31Vqv0p!%L`*=-PiQAiSg-d9lKRZQDuJ-| zA96zwwomG+4}X$vR*IU=NC!vL<`rUTbf_uRJC4FS;k&HtV<=<)p(qymH)=MDV^aqK z#%sid7K|~!H`J!7hRr~Z!emxgWq6#GpQs%c#BM+scvNGz|Gi4G`;8Z~dP8)+51iB8 zw)0fazNz5(iK$LJeC_4e^8&@wT(DZ~~>SStz3P(>V8CLNlZqgv=2K-|Lu~si@XFwMN>QE^k zVS2U_A?Q$?M`NkU}^!M8m%O&T=kW>dG}1s2I~hxp9Y=a=1XX-(fB5) zej3`e5Et~R^r%?CZK0)UZsF_+tSOGIBMdrtMf#oJjGF9U`*P8t>i*TWed$Z2WNUZ* z_1Qw4Yr+Q0@bD?hD0P-^v}?FpPBg~zz5~g@J#J76C695|P>1l;OS8%~hZh5&-9Ji# z50%&56ZK4FC9}{jHL0!=qo9Yd(GGHCEX2|-F(f}q6@NMT4P3rQd{Q!=bz-8N(Z^!N;;ZzAWRf@C?X>mG=_NgyQX_?Jv$m(9$W>P;+e}O|&w&DjbsJPdWp0A2$yLr*!BY73Z z5d*BCaTI)w=sTlofc>n}@v_tSXIK?8(g`G_06u>SD*fOZJ~visq3lBVS2+cf-r$UQ zZ(8A0g&5M$IV7w5nqL(m$VS0X?=yy-e6>S>Ca3wZNT)b{GF39_gJdONflqc-j$b~o z2l@@h{$KVfC)V?#We*)@xYC;L^<@cHo>8axRMbSzw|eYTl|8pkabsQJ(3`z{>5H}c z`psz_Y6t)hvzL^=}P#++XUl6v`-j)SuXd6BynjNZ!&c2hnyE&4*K$nXn31Zk)cm+lx;> zya{T?{MRtSu?^3Y9bS&O$*mW^vRUpv!J3Tz12?3&Y62b_oiZ$24O(75Z)JWb+Rj)ACbK`f<&tSwtT$|Sy z$41kRPiM-jnPY9PKrLyI`pHm6LusMsrO*HpmE){Kp1^u2t%6nW^;GB|!4k!Ik8oav zjM?DBKh9G@W0gEwiU-M}0B)}olvoM71RccgiZBCs)L?q_GX&JDhegx4k2&cNatr5w zU)1#2USb8&`etO5Vk z?0}K+*2*@a5yt*X{qg0@8jEz~jcylVj>-042p1PBnabI#xUiCRD!ouw3?u-wwsqwF z8(@m8-Lk7q@v154g6yvx_tRDa>}oqpVda)wfI9(;ZVGt1v^{<|X?vC_(i@IJC+2I_lusrT=$h zF1lPc*Neb`;Xgrdf`p$w)~MzQW0M3_FYRKu{2$VU82J^B=X1#^<&P$_`=S$Ey04WU zTxG;hrFNLhWC*p+sH3x=JVcBJ9*7>eO20)n671SxQhZQlHMRP8FyO}yai~OTsbms0 zQ3b$C1Cn!>jMHDq{VX1ab^~_Q!z+f75+_AuwiN0*wA_#M#0|rU{+NlB%>Y+TNT0Gj z`3^LKMSJjz2(?lwg~ixDl_5%rzzZ}o_6Fj9e)T7gpH4=BgT1zmwJpC@g(f%&0`}8B z%7Y&qlP3aFmI#nmT`|R3+Lwzp+PLXt|5g%vlY_$fvse7zjus0D0fA##r+i4G4K-2Y zC#H95NGoYfWP#ZF_v$^Li{PZpm}fc&)aL?5doPcb835Cr6`T+EzzcEvLtmXcbAb<^ zw!_Zgk6Az7YA@*vb)(G{_W-B|zrf76z^`X%jOgqIIaqi~5nUup3vugzzg&rA^w(zR z+qCzvIV~nGR=47pDOcNTzuBw#5a=<=DMvGa)g zPw$^pmq9Fg&b#BZrPSoml(149rZS!fioV*Dy$z440U3MXDJmI?RZqLy0}IKSxN)o( z8+8wIZs#q(|KTg6y;Z(=96>xfpUsr@SP}I^v zN^R;ZVrDaWmNrM5-<X@k6JyjvA3;jHhma|Y|7!Vk& zgf(UK_6~cC;!|b!YTjke=nBiUqQdb#I9TY}!s5P)H+^c;9cW(QO8O%n5J^8Xfktd*qrn)+?-gP`m%B&q zi^}7jKm`yMW8ITFOMN#!QIB6$SWx*75tnCMaNg*_J*WuwBh~AT>0($nS8%&zmFQDp z$dL65niDtTV%!Kg1`6epWoQGNG`$`doy;Zjaa`keyL0F6iJMae6FIgnhAfzU%m@V+ zm5rQihLwS~b6{-bVR1ZSzBI7(Yj+V6T-8V*7I`ptWArGdy~8pnV>fALpi~NQLZ7;^ zpaj35=md<~-(tNmF69UX3?ua}A7UIn)q5i1iPYEGlhYSbkfeX`5epkxtzk3Qbu| zlgA`7ts%IvF4HJ}-98akyRnjCo{u-`A4&b+r?s|o`4wdYAHs-yh91p$7C_|+EdYH5 z10`!*=n+W9g>V&dfU1H!J}ASZi&-?`2IlDOAHnu306rD`y>jT)4^@S(X4XhN2{g9i zj-ym98+RT|d0ejIFJCM5>S{mT-8uGmRRqkJ3sMO_AQDrv77Q zv$t>zaVpVF6eBguE%9M2u?E-Oleft8z5+~W`G}KXD(Yc;7m4{Op>Le(k`g1UK7(1# zt6g}$n=Tdn{T4pu>v!c;xRCd_WI$Ali13x=U_0T!Ga-U~9W88q-lU+RLn2`N8Ouho z^0@SvC>$DguHWx)?^*ms-{PVq%dn(U3vrLj9zITDqQZ`H>Wsp@Gf%}SG=m)Vh}F$ztQAbwVGdDgd!28j&yX9wLW&s! zNR~6`nYg;ULAq8zi<;gUchAV5ib67Y##l2 zy+%gaD(|~G4@||{A;TYDSoS>q2o{t23t-^!NDSDEm8j3ao7Ei>KYLEpb$jz}7ciAM zD}trDN+AVVT_lXW<++~>8>Cj8fzJo@R;>%nGq)6+w?(#mNc#1J4W+!hA}?g$0Xqo? zn67qJmss)e%k(xO*&K@z6+}nHA(lCkb6n-|{pSztys$8HiOWTVR)tCO*Q9~if%3n7`uxGzE+OCu zwcVV|tgQdq60952$>85-GHk$lwM(uI+CU1?i{sVnKd0+UNq#eSSKjUKfDDgLnBG1y z^v?f#MRFkph~TgkoKBvM`L_~we8__xpLcjh`GwV|87q`vazJq?SX=mXhdvK>VqUf~ z4sYoTIpt5S)KrE-?>&=cRoBumD7;b5pq!Y07)#I$`)<@U+mo*dE*P~773p*u^6waO z2#thJahX_ySlYMpjx%h<)i43ao~Is`^Ya zMNZkuChEA7+ZJe6$>-C*dzTYf3#1SY82yFG?S&Q)5rTbKS-XLjckTLEc7>^sFcntQ zBeNXCSg&q1N3Bi^4zlQ%mcEBQ%2ab$?(;t-$HYd2%cnX$uuwU#I_6D3($m zR(>gHzM9ODf;r8b0l5LuEIQVZiQ0-|3Y_xzJkZc*CD=bPJ+&J+>>se%D4uTq?Ny{l z0Z5~og*Wa1O&anlcRWu_%o)(x?IZ0CfUNk_R-ik>GyvdFmpu1wHZaKTDGhL zqxsji)n<+)VKbV0_BRq9E;Kb`f=&vn(BK0Ba-gL?ZN;^^b3YFg6R=!q#zM;tcX0dM zdy5PPx@6pJPXHzH7$dGjM|6@6777nXPWV;CIQdNf(*Znv)sMy&Xcq> zhCq+6h6&v8<0}vd2(sKqU3j>fr7&#Xy%qZHcMU3m{wld^Nstkz8GagB?Y=SI&H z&{&BSA-|(i35$9(l6LpFyLm$0M0fK`Dz!~ezL?yEInsXAFR!bHe;ZL>Gd(#Hv?<$%`^b)oi?x%(jkylCPb=juPlF znMo&o961=NZ_$gd{xp1ZY2dNDOS!=XVj!M^A z+$z`EK4v=m{Bs{&I4W)({`&<5*^BV#z{IBAI_d+9Qx;~ zby?2zEjzUUeZWBDo5cz>%;z||z)<+6UtC)y60yD5J5`oo_zSM;l21@CY<0_|)NME5 zs)kHCMBa5YzB#N=W2aR?y9((~WuYwwf+HAc2mvU>NYlxOTvGf^Ye3za?*f-qUs^`a zT3>RPh9*Jf%3*bf|kqtnD_Buxv!<9N>BbuD#uYv-q^ z%RDnd7a3O4M9Y~TNISS@9K}JDkdg@>x8E6@n8jF=6qiDV+}{!V)(o?ykcr0sxBGEx zo!X;pc=r{H^vw6ztV5VZXBa4~(ujB$rZQ|AaGN@J7#q%2nU9gJ)g6dcj}zYB1& z@iFE0vMQVxa|v7tDHS$gwX$Ihc#M^DXRC>J@Zk?dC(3uB_s~*W&m-01DFMQGWjj5x z5po1@1gPl!v1Yra@qPG{D;$bYLM3qOwpl~7f~l)#n< zP+6`!NYe3EE~4RFR#_e=7YctPRBt6$He@`%e5m}f$M%yzC2S0<1}hRPjO>HJY~ z*dx(nbMbjv*;o&k{qzBdF|lS;UNVKziV=gbLq}UOCwr8GT5E9oRYQ}+>DhbQ1R=lj zgcNJN8|D)$Mx3#c+t@lhqcDUnHGVt0&EyQ{b5)=52B(VTzw=pQ^ba3`JB@BU^lS`_ zJEiLzgU#Acd_!}FMxCWC**FP^i#P}bYzNs78)#uSejEtYLbG>JJ7Igtho2oKQ;XW~ z4eMGO+t!_;G^V6c&R`5Tg+Pz2ToN(aybq4Q0ssie_{`t*DO%V7FaZ`{MBobFc9|pV z70o5ayHGJo9$$&Pgbs)pWNzduAcbh?~U?_P)(ve0S*3H%eNF&a5XR=!J#4c z;t992n7ZJr{*%`^dU1d-ALE8!3i#v;3r4r%j+JFCe=%3Vj=8{aXe zs)jrcUBZ=;LudcTUXj2ub>K5!{HHFHJ}Trx(PYugbQ8yK7&sqX;(;|UWjk3tGs3zuceeX)i4i_jA8Qz2Bc%DxN8 zXw!$+9jBtEHd1y90bYG4f8DcJM)Ab!M39tH5zz94*MAvnhA377@buNupSOUU3j8~> zd6&hk^ENRCp9T?_QUHk<=(&9Q^MJ^pi;nKOYNR@?L=RCSmKMJ5UQJQ`X!i~(gD*P! zs`RobzJG3Ra_Pg+WZUXUmMU$ilpwfcEti6)mw(~MZ0q!^sza>#jv!-+7B6F3QuMWg zVO!rXwD+lF1BBTito?ml-CV3vxuek~TKuOX^N6sol$v*{_%nAuD7i81eXm^Lz(Z~I z2Xj_Dts#G0&C;PV_Wkq*1QvB7+Post4={v;gk7b9u%#DC_bh(iJm$rqog^{JEx6NE zrs5^2SEL$|98#2WV#iG@L6cq|)SuTMSfGocPl65wUd^|5Lbpnb(;t>-Qu2jvANLgv zdte0vED-3C@^BdyHWLL(7{G$WA02z@JG!T-U^Q7HZ(7Bs&vchkh(p&}KvnS{MG^i6 z4r){gJp9p7WyWOEiKA2Cm6EXIn&&gk|Fc6^78OpPrX4ExCFE=SD$xcH;C2eB^{XTI zaxz_Cef*Yj==w_i_BTGXP;8C&f? z*QEM>={jFM8)lWAR870pG4XEWsl%%K|82S5b=9hVz7p_6i-d(Iyvq76&a#PV zR;VbQV|n?mg}&(ehClg%tK%IjgtnTR-u)lxH06XxXqH0soAZbB_Rm)XX=6Nge1uoG7 z9vQM_S~2h53n|W`y{{R9+=08rv~MohI_v4-BU^7fZ0-A}#b5{AOSTJm+(J;9yw%pD zX6u62GJ&@HKX5zQwq~j8T!Hrv-Mk^QSB5cu09L03{ToDO7jikM0WAcsjW>D}^jqCF zT0DEZ@K^KO_MD*%M!+V)lGVU6?LpX)eQVXEmq}R`NIJv;kBitJ!nW?0OxTVlu2ADf zE{A!*0g3%nwVcBD+AgT5bGx@WOnQk{zRpiZ4HhP`3BF%N|HdqPbbiV5)7x)kzC3ID zZ;27>0^mrMgWc7evsbQY`l`l})wr+e;=8U_!2&B77;1qL!N8y)eTJ2lf#CvhR~!Qa mc;sM|90DP5A*JW%f2r=u1xt!e4gwD_V(@hJb6Mw<&;$SznOm^{ literal 0 HcmV?d00001 diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/manifest.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/manifest.yml new file mode 100644 index 00000000000..786bbdfca3f --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/manifest.yml @@ -0,0 +1,39 @@ +format_version: 3.5.7 +name: efficient_ip +title: "EfficientIP DDI Logging" +version: 0.0.1 +source: + license: "Elastic-2.0" +description: "EfficientIP DDI integration for DNS and DHCP log ingestion" +type: integration +categories: + - custom + - network + - monitoring + - security +conditions: + kibana: + version: "^9.2.0" + elastic: + subscription: "basic" +screenshots: + - src: /img/sample-screenshot.png + title: Sample screenshot + size: 600x600 + type: image/png +icons: + - src: /img/sample-logo.svg + title: Sample logo + size: 32x32 + type: image/svg+xml +policy_templates: + - name: sample + title: Sample logs + description: Collect sample logs + inputs: + - type: logfile + title: Collect sample logs from instances + description: Collecting sample logs +owner: + github: elastic/integrations + type: community diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/sample_event.json b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/sample_event.json new file mode 100644 index 00000000000..0cda45e75c0 --- /dev/null +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/sample_event.json @@ -0,0 +1,58 @@ +{ + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.42", + "port": 56474 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-common.online.office.com", + "registered_domain": "office.com", + "subdomain": "euc-common.online", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.42#56474: query: euc-common.online.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-common.online.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } +} \ No newline at end of file diff --git a/packages/efficient_ip/changelog.yml b/packages/efficient_ip/changelog.yml new file mode 100644 index 00000000000..bb0320a5243 --- /dev/null +++ b/packages/efficient_ip/changelog.yml @@ -0,0 +1,6 @@ +# newer versions go on top +- version: "0.0.1" + changes: + - description: Initial draft of the package + type: enhancement + link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link diff --git a/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dhcp.log b/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dhcp.log new file mode 100644 index 00000000000..3774a7dda66 --- /dev/null +++ b/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dhcp.log @@ -0,0 +1,695 @@ +<27>Apr 17 13:07:38 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:01 via 172.16.0.1: peer holds all free leases +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.2 from aa:bb:cc:00:00:02 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.2 to aa:bb:cc:00:00:02 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.4 from aa:bb:cc:00:00:03 (device-0002) via 10.1.0.3 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.4 to aa:bb:cc:00:00:03 (device-0002) via 10.1.0.3 [28800] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.5 from aa:bb:cc:00:00:04 (device-0003) via 172.16.0.6 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.5 to aa:bb:cc:00:00:04 (device-0003) via 172.16.0.6 [86400] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPINFORM from 10.1.0.7 via 10.1.0.8 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK to 10.1.0.7 (device-0004) via lagg1 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.9 from aa:bb:cc:00:00:06 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.9 to aa:bb:cc:00:00:06 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.10 from aa:bb:cc:00:00:07 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.10 to aa:bb:cc:00:00:07 (device-0001) via 10.1.0.3 [28800] +<27>Apr 17 13:07:39 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:08 via 10.1.0.11: peer holds all free leases +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.12 from aa:bb:cc:00:00:09 (device-0005) via 10.1.0.13 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.12 to aa:bb:cc:00:00:09 (device-0005) via 10.1.0.13 [28800] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.14 from aa:bb:cc:00:00:0a (device-0003) via 172.16.0.15 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.14 to aa:bb:cc:00:00:0a (device-0003) via 172.16.0.15 [86400] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0b via 172.16.0.16 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0c via 172.16.0.17 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPOFFER on 172.16.0.18 to aa:bb:cc:00:00:0c (device-0006) via 172.16.0.17 [3600] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.19 from aa:bb:cc:00:00:0d (device-0007) via 10.1.0.13 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.19 to aa:bb:cc:00:00:0d (device-0007) via 10.1.0.13 [28800] +<27>Apr 17 13:07:39 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0e via 10.1.0.20: peer holds all free leases +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.21 from aa:bb:cc:00:00:0f (device-0003) via 172.16.0.22 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.21 to aa:bb:cc:00:00:0f (device-0003) via 172.16.0.22 [86400] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.23 from aa:bb:cc:00:00:10 (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.23 to aa:bb:cc:00:00:10 (device-0003) via 172.16.0.24 [86400] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.25 from aa:bb:cc:00:00:11 (device-0008) via 10.1.0.26 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.25 to aa:bb:cc:00:00:11 (device-0008) via 10.1.0.26 [86400] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.27 from aa:bb:cc:00:00:12 via 10.1.0.28 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.27 to aa:bb:cc:00:00:12 (device-0009) via 10.1.0.28 [86400] +<27>Apr 17 13:07:39 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:13 via 10.1.0.29: peer holds all free leases +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.30 from aa:bb:cc:00:00:14 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.30 to aa:bb:cc:00:00:14 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.31 from aa:bb:cc:00:00:15 (device-0010) via 10.1.0.3 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.31 to aa:bb:cc:00:00:15 (device-0010) via 10.1.0.3 [28800] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPINFORM from 10.1.0.32 via 10.1.0.33 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK to 10.1.0.32 (device-0011) via lagg1 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.34 from aa:bb:cc:00:00:17 (device-0012) via 10.1.0.3 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.34 to aa:bb:cc:00:00:17 (device-0012) via 10.1.0.3 [28800] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.35 from aa:bb:cc:00:00:18 (device-0003) via 172.16.0.36 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.35 to aa:bb:cc:00:00:18 (device-0003) via 172.16.0.36 [86400] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.37 from aa:bb:cc:00:00:19 (device-0003) via 172.16.0.38 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.37 to aa:bb:cc:00:00:19 (device-0003) via 172.16.0.38 [86400] +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.39 from aa:bb:cc:00:00:1a (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.39 to aa:bb:cc:00:00:1a (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.41 from aa:bb:cc:00:00:1b (device-0013) via 10.1.0.13 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.41 to aa:bb:cc:00:00:1b (device-0013) via 10.1.0.13 [28800] +<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20: peer holds all free leases +<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1d via 10.1.0.42: peer holds all free leases +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.43 from aa:bb:cc:00:00:1e (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.43 to aa:bb:cc:00:00:1e (device-0001) via 10.1.0.3 [28800] +<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1f via 172.16.0.44: peer holds all free leases +<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:20 via 10.1.0.45: peer holds all free leases +<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:21 via 172.16.0.44: peer holds all free leases +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:22 (device-0014) via 10.1.0.46 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPOFFER on 10.1.0.47 to aa:bb:cc:00:00:22 (device-0014) via 10.1.0.46 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.48 from aa:bb:cc:00:00:23 (device-0003) via 172.16.0.49 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.48 to aa:bb:cc:00:00:23 (device-0003) via 172.16.0.49 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.47 (device-0015) from aa:bb:cc:00:00:22 (device-0014) via 10.1.0.46 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.47 to aa:bb:cc:00:00:22 (device-0014) via 10.1.0.46 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.51 from aa:bb:cc:00:00:24 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.51 to aa:bb:cc:00:00:24 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.53 from aa:bb:cc:00:00:25 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.53 to aa:bb:cc:00:00:25 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.54 from aa:bb:cc:00:00:26 (device-0003) via 172.16.0.55 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.54 to aa:bb:cc:00:00:26 (device-0003) via 172.16.0.55 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.56 from aa:bb:cc:00:00:27 (device-0016) via 172.16.0.57 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.56 to aa:bb:cc:00:00:27 (device-0016) via 172.16.0.57 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.56 from aa:bb:cc:00:00:27 (device-0016) via 172.16.0.58 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.56 to aa:bb:cc:00:00:27 (device-0016) via 172.16.0.58 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: bind update on 172.16.0.56 got ack from dhcp-server.example.net: xid mismatch. +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPOFFER on 172.16.0.59 to aa:bb:cc:00:00:0b (device-0017) via 172.16.0.16 [3599] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.60 from aa:bb:cc:00:00:28 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.60 to aa:bb:cc:00:00:28 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.61 from aa:bb:cc:00:00:29 (device-0003) via 172.16.0.62 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.61 to aa:bb:cc:00:00:29 (device-0003) via 172.16.0.62 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.63 from aa:bb:cc:00:00:2a (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.63 to aa:bb:cc:00:00:2a (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.64 from aa:bb:cc:00:00:2b (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.64 to aa:bb:cc:00:00:2b (device-0003) via 172.16.0.24 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.65 from aa:bb:cc:00:00:2c (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.65 to aa:bb:cc:00:00:2c (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.66 from aa:bb:cc:00:00:2d (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.66 to aa:bb:cc:00:00:2d (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.67 from aa:bb:cc:00:00:2e (device-0003) via 172.16.0.68 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.67 to aa:bb:cc:00:00:2e (device-0003) via 172.16.0.68 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.69 from aa:bb:cc:00:00:2f (device-0018) via 172.16.0.57 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.69 to aa:bb:cc:00:00:2f (device-0018) via 172.16.0.57 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.69 from aa:bb:cc:00:00:2f (device-0018) via 172.16.0.58 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.69 to aa:bb:cc:00:00:2f (device-0018) via 172.16.0.58 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: bind update on 172.16.0.69 got ack from dhcp-server.example.net: xid mismatch. +<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:30 via 10.1.0.70: peer holds all free leases +<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:31 via 10.1.0.71: peer holds all free leases +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.72 from aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.72 to aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.73 from aa:bb:cc:00:00:33 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.73 to aa:bb:cc:00:00:33 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.74 from aa:bb:cc:00:00:34 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.74 to aa:bb:cc:00:00:34 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.75 from aa:bb:cc:00:00:35 (device-0003) via 172.16.0.76 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.75 to aa:bb:cc:00:00:35 (device-0003) via 172.16.0.76 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.77 from aa:bb:cc:00:00:36 (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.77 to aa:bb:cc:00:00:36 (device-0003) via 172.16.0.24 [86400] +<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:37 via 10.1.0.78: peer holds all free leases +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.79 from aa:bb:cc:00:00:38 (device-0020) via 10.1.0.80 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.79 to aa:bb:cc:00:00:38 (device-0020) via 10.1.0.80 [86400] +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.81 from aa:bb:cc:00:00:39 (device-0021) via 172.16.0.82 +<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.81 to aa:bb:cc:00:00:39 (device-0021) via 172.16.0.82 [73206] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.83 from aa:bb:cc:00:00:3a (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.83 to aa:bb:cc:00:00:3a (device-0003) via 172.16.0.24 [86400] +<27>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:3b via 10.1.0.84: peer holds all free leases +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.85 from aa:bb:cc:00:00:3c (device-0003) via 172.16.0.86 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.85 to aa:bb:cc:00:00:3c (device-0003) via 172.16.0.86 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.87 from aa:bb:cc:00:00:3d (device-0003) via 172.16.0.22 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.87 to aa:bb:cc:00:00:3d (device-0003) via 172.16.0.22 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPINFORM from 10.1.0.88 via 10.1.0.89 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK to 10.1.0.88 (device-0022) via lagg1 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.90 from aa:bb:cc:00:00:3f (device-0003) via 172.16.0.55 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.90 to aa:bb:cc:00:00:3f (device-0003) via 172.16.0.55 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPINFORM from 10.1.0.27 via 10.1.0.28 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK to 10.1.0.27 (device-0023) via lagg1 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.91 from aa:bb:cc:00:00:40 (device-0003) via 172.16.0.38 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.91 to aa:bb:cc:00:00:40 (device-0003) via 172.16.0.38 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.92 from aa:bb:cc:00:00:41 (device-0024) via 10.1.0.93 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.92 to aa:bb:cc:00:00:41 (device-0024) via 10.1.0.93 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.94 from aa:bb:cc:00:00:42 (device-0003) via 172.16.0.49 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.94 to aa:bb:cc:00:00:42 (device-0003) via 172.16.0.49 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.95 from aa:bb:cc:00:00:43 (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.95 to aa:bb:cc:00:00:43 (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0b via 172.16.0.16 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPOFFER on 172.16.0.59 to aa:bb:cc:00:00:0b (device-0017) via 172.16.0.16 [3600] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.96 from aa:bb:cc:00:00:44 (device-0025) via 172.16.0.97 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.96 to aa:bb:cc:00:00:44 (device-0025) via 172.16.0.97 [28800] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.98 from aa:bb:cc:00:00:45 (device-0003) via 172.16.0.99 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.98 to aa:bb:cc:00:00:45 (device-0003) via 172.16.0.99 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.100 from aa:bb:cc:00:00:46 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.100 to aa:bb:cc:00:00:46 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.101 from aa:bb:cc:00:00:47 (device-0003) via 172.16.0.22 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.101 to aa:bb:cc:00:00:47 (device-0003) via 172.16.0.22 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.102 from aa:bb:cc:00:00:48 (device-0003) via 172.16.0.55 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.102 to aa:bb:cc:00:00:48 (device-0003) via 172.16.0.55 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPINFORM from 172.16.0.103 via 172.16.0.104 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK to 172.16.0.103 (device-0026) via lagg1 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.105 from aa:bb:cc:00:00:4a (device-0003) via 172.16.0.106 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.105 to aa:bb:cc:00:00:4a (device-0003) via 172.16.0.106 [86400] +<27>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:4b via 172.16.0.107: peer holds all free leases +<27>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:13 via 10.1.0.29: peer holds all free leases +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.108 from aa:bb:cc:00:00:4c (device-0027) via 10.1.0.109 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.108 to aa:bb:cc:00:00:4c (device-0027) via 10.1.0.109 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.110 from aa:bb:cc:00:00:4d (device-0003) via 172.16.0.55 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.110 to aa:bb:cc:00:00:4d (device-0003) via 172.16.0.55 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.111 from aa:bb:cc:00:00:4e (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.111 to aa:bb:cc:00:00:4e (device-0003) via 172.16.0.24 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.112 from aa:bb:cc:00:00:4f (device-0003) via 172.16.0.113 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.112 to aa:bb:cc:00:00:4f (device-0003) via 172.16.0.113 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPINFORM from 10.1.0.114 via 10.1.0.89 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK to 10.1.0.114 (device-0028) via lagg1 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.115 from aa:bb:cc:00:00:51 (device-0003) via 172.16.0.116 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.115 to aa:bb:cc:00:00:51 (device-0003) via 172.16.0.116 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.117 from aa:bb:cc:00:00:52 (device-0003) via 172.16.0.62 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.117 to aa:bb:cc:00:00:52 (device-0003) via 172.16.0.62 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.118 from aa:bb:cc:00:00:53 (device-0029) via 10.1.0.119 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.118 to aa:bb:cc:00:00:53 (device-0029) via 10.1.0.119 [86400] +<27>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:54 via 172.16.0.120: peer holds all free leases +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.121 from aa:bb:cc:00:00:55 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.121 to aa:bb:cc:00:00:55 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.122 from aa:bb:cc:00:00:56 (device-0003) via 172.16.0.62 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.122 to aa:bb:cc:00:00:56 (device-0003) via 172.16.0.62 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.123 from aa:bb:cc:00:00:57 (device-0003) via 172.16.0.124 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.123 to aa:bb:cc:00:00:57 (device-0003) via 172.16.0.124 [86400] +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.125 from aa:bb:cc:00:00:58 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.125 to aa:bb:cc:00:00:58 (device-0001) via 10.1.0.3 [28800] +<27>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:01 via 172.16.0.1: peer holds all free leases +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.126 from aa:bb:cc:00:00:59 (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.126 to aa:bb:cc:00:00:59 (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.127 from aa:bb:cc:00:00:5a (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.127 to aa:bb:cc:00:00:5a (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:5b via 172.16.0.124 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.128 from aa:bb:cc:00:00:5c via 10.1.0.129 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.128 to aa:bb:cc:00:00:5c via 10.1.0.129 [28800] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.130 from aa:bb:cc:00:00:5d (device-0030) via 172.16.0.131 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.130 to aa:bb:cc:00:00:5d (device-0030) via 172.16.0.131 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.72 from aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.72 to aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3 [28800] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.132 from aa:bb:cc:00:00:5e (device-0031) via 10.1.0.3 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.132 to aa:bb:cc:00:00:5e (device-0031) via 10.1.0.3 [28800] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.133 from aa:bb:cc:00:00:5f (device-0003) via 172.16.0.15 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.133 to aa:bb:cc:00:00:5f (device-0003) via 172.16.0.15 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.134 from aa:bb:cc:00:00:60 (device-0003) via 172.16.0.135 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.134 to aa:bb:cc:00:00:60 (device-0003) via 172.16.0.135 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.136 (device-0015) from aa:bb:cc:00:00:61 via 172.16.0.137: unknown lease 172.16.0.136. +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.138 from aa:bb:cc:00:00:62 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.138 to aa:bb:cc:00:00:62 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.139 from aa:bb:cc:00:00:63 (device-0032) via 10.1.0.140 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.139 to aa:bb:cc:00:00:63 (device-0032) via 10.1.0.140 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.141 from aa:bb:cc:00:00:64 (device-0003) via 172.16.0.15 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.141 to aa:bb:cc:00:00:64 (device-0003) via 172.16.0.15 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.142 from aa:bb:cc:00:00:65 (device-0033) via 10.1.0.143 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.142 to aa:bb:cc:00:00:65 (device-0033) via 10.1.0.143 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:66 via 10.1.0.3 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.144 from aa:bb:cc:00:00:67 (device-0003) via 172.16.0.145 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.144 to aa:bb:cc:00:00:67 (device-0003) via 172.16.0.145 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.146 from aa:bb:cc:00:00:68 (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.146 to aa:bb:cc:00:00:68 (device-0003) via 172.16.0.24 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.147 from aa:bb:cc:00:00:69 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.147 to aa:bb:cc:00:00:69 (device-0001) via 10.1.0.3 [28800] +<27>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0e via 10.1.0.20: peer holds all free leases +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.148 from aa:bb:cc:00:00:6a (device-0003) via 172.16.0.68 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.148 to aa:bb:cc:00:00:6a (device-0003) via 172.16.0.68 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.149 from aa:bb:cc:00:00:6b (device-0034) via 10.1.0.150 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.149 to aa:bb:cc:00:00:6b (device-0034) via 10.1.0.150 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.151 from aa:bb:cc:00:00:6c (device-0003) via 172.16.0.152 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.151 to aa:bb:cc:00:00:6c (device-0003) via 172.16.0.152 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.153 from aa:bb:cc:00:00:6d (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.153 to aa:bb:cc:00:00:6d (device-0001) via 10.1.0.3 [28800] +<27>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1d via 10.1.0.42: peer holds all free leases +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.154 from aa:bb:cc:00:00:6e (device-0003) via 172.16.0.155 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.154 to aa:bb:cc:00:00:6e (device-0003) via 172.16.0.155 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.156 from aa:bb:cc:00:00:6f (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.156 to aa:bb:cc:00:00:6f (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.157 from aa:bb:cc:00:00:70 (device-0003) via 172.16.0.135 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.157 to aa:bb:cc:00:00:70 (device-0003) via 172.16.0.135 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.158 from aa:bb:cc:00:00:71 (device-0003) via 172.16.0.152 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.158 to aa:bb:cc:00:00:71 (device-0003) via 172.16.0.152 [86400] +<27>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:20 via 10.1.0.45: peer holds all free leases +<27>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:08 via 10.1.0.11: peer holds all free leases +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.159 from aa:bb:cc:00:00:72 (device-0003) via 172.16.0.160 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.159 to aa:bb:cc:00:00:72 (device-0003) via 172.16.0.160 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.161 from aa:bb:cc:00:00:73 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.161 to aa:bb:cc:00:00:73 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.162 from aa:bb:cc:00:00:74 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.162 to aa:bb:cc:00:00:74 (device-0001) via 10.1.0.3 [28800] +<27>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:75 via 172.16.0.44: peer holds all free leases +<27>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20: peer holds all free leases +<27>Apr 17 13:07:43 dhcpd[46177]: sqlite3 [database is locked] 1253, will retry in 1s +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.163 from aa:bb:cc:00:00:76 (device-0003) via 172.16.0.164 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.163 to aa:bb:cc:00:00:76 (device-0003) via 172.16.0.164 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.165 from aa:bb:cc:00:00:77 (device-0003) via 172.16.0.68 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.165 to aa:bb:cc:00:00:77 (device-0003) via 172.16.0.68 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.166 from aa:bb:cc:00:00:78 (device-0003) via 172.16.0.6 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.166 to aa:bb:cc:00:00:78 (device-0003) via 172.16.0.6 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.167 from aa:bb:cc:00:00:79 (device-0016) via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.167 to aa:bb:cc:00:00:79 (device-0016) via 10.1.0.3 [28800] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.168 from aa:bb:cc:00:00:7a (device-0003) via 172.16.0.99 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.168 to aa:bb:cc:00:00:7a (device-0003) via 172.16.0.99 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.169 from aa:bb:cc:00:00:7b (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.169 to aa:bb:cc:00:00:7b (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPOFFER on 172.16.0.170 to aa:bb:cc:00:00:5b (device-0035) via 172.16.0.124 [3599] +<27>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1f via 172.16.0.44: peer holds all free leases +<27>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:21 via 172.16.0.44: peer holds all free leases +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.171 from aa:bb:cc:00:00:7c (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.171 to aa:bb:cc:00:00:7c (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:7d via 172.16.0.172 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.173 from aa:bb:cc:00:00:7e (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.173 to aa:bb:cc:00:00:7e (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.174 from aa:bb:cc:00:00:7f (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.174 to aa:bb:cc:00:00:7f (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.175 from aa:bb:cc:00:00:80 (device-0003) via 172.16.0.176 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.175 to aa:bb:cc:00:00:80 (device-0003) via 172.16.0.176 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.177 from aa:bb:cc:00:00:81 (device-0003) via 172.16.0.86 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.177 to aa:bb:cc:00:00:81 (device-0003) via 172.16.0.86 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.178 from aa:bb:cc:00:00:82 (device-0036) via 10.1.0.179 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.178 to aa:bb:cc:00:00:82 (device-0036) via 10.1.0.179 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.180 from aa:bb:cc:00:00:83 (device-0003) via 172.16.0.181 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.180 to aa:bb:cc:00:00:83 (device-0003) via 172.16.0.181 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.182 from aa:bb:cc:00:00:84 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.182 to aa:bb:cc:00:00:84 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.183 from aa:bb:cc:00:00:85 (device-0003) via 172.16.0.184 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.183 to aa:bb:cc:00:00:85 (device-0003) via 172.16.0.184 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.185 from aa:bb:cc:00:00:86 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.185 to aa:bb:cc:00:00:86 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.186 from aa:bb:cc:00:00:87 (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.186 to aa:bb:cc:00:00:87 (device-0003) via 172.16.0.24 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPOFFER on 10.1.0.187 to aa:bb:cc:00:00:66 (device-0037) via 10.1.0.3 [3599] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.188 from aa:bb:cc:00:00:88 (device-0003) via 172.16.0.176 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.188 to aa:bb:cc:00:00:88 (device-0003) via 172.16.0.176 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.187 (device-0015) from aa:bb:cc:00:00:66 via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.187 to aa:bb:cc:00:00:66 (device-0037) via 10.1.0.3 [3600] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.189 from aa:bb:cc:00:00:89 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.189 to aa:bb:cc:00:00:89 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.190 from aa:bb:cc:00:00:8a (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.190 to aa:bb:cc:00:00:8a (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.191 from aa:bb:cc:00:00:8b (device-0003) via 172.16.0.192 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.191 to aa:bb:cc:00:00:8b (device-0003) via 172.16.0.192 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.193 from aa:bb:cc:00:00:8c (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.193 to aa:bb:cc:00:00:8c (device-0003) via 172.16.0.24 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.194 from aa:bb:cc:00:00:8d (device-0003) via 172.16.0.176 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.194 to aa:bb:cc:00:00:8d (device-0003) via 172.16.0.176 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.195 from aa:bb:cc:00:00:8e (device-0003) via 172.16.0.196 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.195 to aa:bb:cc:00:00:8e (device-0003) via 172.16.0.196 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.197 from aa:bb:cc:00:00:8f (device-0003) via 172.16.0.68 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.197 to aa:bb:cc:00:00:8f (device-0003) via 172.16.0.68 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.198 from aa:bb:cc:00:00:90 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.198 to aa:bb:cc:00:00:90 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:91 via 172.16.0.199 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:92 via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.200 from aa:bb:cc:00:00:93 (device-0003) via 172.16.0.201 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.200 to aa:bb:cc:00:00:93 (device-0003) via 172.16.0.201 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.202 from aa:bb:cc:00:00:94 via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.202 to aa:bb:cc:00:00:94 via 10.1.0.3 [28800] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.203 from aa:bb:cc:00:00:95 (device-0003) via 172.16.0.204 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.203 to aa:bb:cc:00:00:95 (device-0003) via 172.16.0.204 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.205 from aa:bb:cc:00:00:96 (device-0003) via 172.16.0.49 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.205 to aa:bb:cc:00:00:96 (device-0003) via 172.16.0.49 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.206 from aa:bb:cc:00:00:97 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.206 to aa:bb:cc:00:00:97 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.207 from aa:bb:cc:00:00:98 (device-0003) via 172.16.0.152 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.207 to aa:bb:cc:00:00:98 (device-0003) via 172.16.0.152 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.142 from aa:bb:cc:00:00:65 (device-0033) via 10.1.0.143 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.142 to aa:bb:cc:00:00:65 (device-0033) via 10.1.0.143 [86400] +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.208 from aa:bb:cc:00:00:99 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.208 to aa:bb:cc:00:00:99 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.209 from aa:bb:cc:00:00:9a (device-0038) via 10.1.0.119 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.209 to aa:bb:cc:00:00:9a (device-0038) via 10.1.0.119 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.210 from aa:bb:cc:00:00:9b (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.210 to aa:bb:cc:00:00:9b (device-0003) via 172.16.0.40 [86400] +<27>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9c via 172.16.0.211: peer holds all free leases +<27>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:3b via 10.1.0.84: peer holds all free leases +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9d (device-0039) via 172.16.0.212 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 172.16.0.213 to aa:bb:cc:00:00:9d (device-0039) via 172.16.0.212 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.214 from aa:bb:cc:00:00:9e (device-0003) via 172.16.0.15 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.214 to aa:bb:cc:00:00:9e (device-0003) via 172.16.0.15 [86400] +<27>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9f via 172.16.0.215: peer holds all free leases +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.216 (device-0040) from aa:bb:cc:00:00:a0 (device-0041) via 10.1.0.3 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.216 to aa:bb:cc:00:00:a0 (device-0041) via 10.1.0.3 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:5b via 172.16.0.124 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 172.16.0.170 to aa:bb:cc:00:00:5b (device-0035) via 172.16.0.124 [3600] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.218 from aa:bb:cc:00:00:a1 (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.218 to aa:bb:cc:00:00:a1 (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.162 from aa:bb:cc:00:00:74 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.162 to aa:bb:cc:00:00:74 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 172.16.0.219 to aa:bb:cc:00:00:7d (device-0042) via 172.16.0.172 [3599] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.220 from aa:bb:cc:00:00:a2 (device-0003) via 172.16.0.22 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.220 to aa:bb:cc:00:00:a2 (device-0003) via 172.16.0.22 [86400] +<27>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:a3 via 172.16.0.221: peer holds all free leases +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.222 from aa:bb:cc:00:00:a4 (device-0003) via 172.16.0.55 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.222 to aa:bb:cc:00:00:a4 (device-0003) via 172.16.0.55 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.223 from aa:bb:cc:00:00:a5 (device-0043) via 10.1.0.3 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.223 to aa:bb:cc:00:00:a5 (device-0043) via 10.1.0.3 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.224 from aa:bb:cc:00:00:a6 (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.224 to aa:bb:cc:00:00:a6 (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.225 from aa:bb:cc:00:00:a7 (device-0003) via 172.16.0.226 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.225 to aa:bb:cc:00:00:a7 (device-0003) via 172.16.0.226 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.173 from aa:bb:cc:00:00:7e (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.173 to aa:bb:cc:00:00:7e (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:a8 (device-0044) via 10.1.0.227 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 10.1.0.228 to aa:bb:cc:00:00:a8 (device-0044) via 10.1.0.227 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.228 (device-0015) from aa:bb:cc:00:00:a8 (device-0044) via 10.1.0.227 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.228 to aa:bb:cc:00:00:a8 (device-0044) via 10.1.0.227 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.229 from aa:bb:cc:00:00:a9 (device-0045) via 10.1.0.230 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.229 to aa:bb:cc:00:00:a9 (device-0045) via 10.1.0.230 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.231 from aa:bb:cc:00:00:aa (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.231 to aa:bb:cc:00:00:aa (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:ab (device-0046) via 10.1.0.46 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 10.1.0.232 to aa:bb:cc:00:00:ab (device-0046) via 10.1.0.46 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.232 (device-0015) from aa:bb:cc:00:00:ab (device-0046) via 10.1.0.46 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.232 to aa:bb:cc:00:00:ab (device-0046) via 10.1.0.46 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.233 from aa:bb:cc:00:00:ac (device-0003) via 172.16.0.234 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.233 to aa:bb:cc:00:00:ac (device-0003) via 172.16.0.234 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:ad (device-0047) via 10.1.0.235 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 10.1.0.236 to aa:bb:cc:00:00:ad (device-0048) via 10.1.0.235 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.236 (device-0040) from aa:bb:cc:00:00:ad (device-0048) via 10.1.0.235 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.236 to aa:bb:cc:00:00:ad (device-0048) via 10.1.0.235 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.237 from aa:bb:cc:00:00:ae (device-0003) via 172.16.0.184 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.237 to aa:bb:cc:00:00:ae (device-0003) via 172.16.0.184 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.238 from aa:bb:cc:00:00:af (device-0049) via 10.1.0.3 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.238 to aa:bb:cc:00:00:af (device-0049) via 10.1.0.3 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 172.16.0.239 to aa:bb:cc:00:00:91 (device-0050) via 172.16.0.199 [3599] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 10.1.0.240 to aa:bb:cc:00:00:92 (device-0001) via 10.1.0.3 [3599] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.241 from aa:bb:cc:00:00:b0 (device-0003) via 172.16.0.124 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.241 to aa:bb:cc:00:00:b0 (device-0003) via 172.16.0.124 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.242 from aa:bb:cc:00:00:b1 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.242 to aa:bb:cc:00:00:b1 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.243 from aa:bb:cc:00:00:b2 (device-0051) via 10.1.0.3 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.243 to aa:bb:cc:00:00:b2 (device-0051) via 10.1.0.3 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.244 from aa:bb:cc:00:00:b3 (device-0003) via 172.16.0.116 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.244 to aa:bb:cc:00:00:b3 (device-0003) via 172.16.0.116 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.245 from aa:bb:cc:00:00:b4 (device-0003) via 172.16.0.22 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.245 to aa:bb:cc:00:00:b4 (device-0003) via 172.16.0.22 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.246 from aa:bb:cc:00:00:b5 (device-0003) via 172.16.0.247 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.246 to aa:bb:cc:00:00:b5 (device-0003) via 172.16.0.247 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.248 from aa:bb:cc:00:00:b6 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.248 to aa:bb:cc:00:00:b6 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:b7 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 10.1.0.249 to aa:bb:cc:00:00:b7 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.250 from aa:bb:cc:00:00:b8 (device-0003) via 172.16.0.135 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.250 to aa:bb:cc:00:00:b8 (device-0003) via 172.16.0.135 [86400] +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.251 from aa:bb:cc:00:00:b9 (device-0052) via 172.16.0.252 +<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.251 to aa:bb:cc:00:00:b9 (device-0052) via 172.16.0.252 [64900] +<27>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:01 via 172.16.0.1: peer holds all free leases +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.0.253 from aa:bb:cc:00:00:ba (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.0.253 to aa:bb:cc:00:00:ba (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.0.254 from aa:bb:cc:00:00:bb (device-0003) via 172.16.0.99 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.0.254 to aa:bb:cc:00:00:bb (device-0003) via 172.16.0.99 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.0.255 from aa:bb:cc:00:00:bc (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.0.255 to aa:bb:cc:00:00:bc (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.0 from aa:bb:cc:00:00:bd (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.0 to aa:bb:cc:00:00:bd (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.1 from aa:bb:cc:00:00:be (device-0053) via 10.1.0.3 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.1 to aa:bb:cc:00:00:be (device-0053) via 10.1.0.3 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.2 from aa:bb:cc:00:00:bf (device-0003) via 172.16.0.36 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.2 to aa:bb:cc:00:00:bf (device-0003) via 172.16.0.36 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.3 from aa:bb:cc:00:00:c0 (device-0003) via 172.16.0.164 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.3 to aa:bb:cc:00:00:c0 (device-0003) via 172.16.0.164 [86400] +<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:08 via 10.1.0.11: peer holds all free leases +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.4 from aa:bb:cc:00:00:c1 (device-0001) via 172.16.0.57 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.4 to aa:bb:cc:00:00:c1 (device-0001) via 172.16.0.57 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.4 from aa:bb:cc:00:00:c1 (device-0001) via 172.16.0.58 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.4 to aa:bb:cc:00:00:c1 (device-0001) via 172.16.0.58 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: bind update on 172.16.1.4 got ack from dhcp-server.example.net: xid mismatch. +<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:4b via 172.16.0.107: peer holds all free leases +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.5 from aa:bb:cc:00:00:c2 (device-0003) via 172.16.0.36 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.5 to aa:bb:cc:00:00:c2 (device-0003) via 172.16.0.36 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.0.41 from aa:bb:cc:00:00:1b (device-0013) via 10.1.0.13 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.0.41 to aa:bb:cc:00:00:1b (device-0013) via 10.1.0.13 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.6 from aa:bb:cc:00:00:c3 (device-0054) via 10.1.0.45 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.6 to aa:bb:cc:00:00:c3 (device-0054) via 10.1.0.45 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.7 from aa:bb:cc:00:00:c4 (device-0003) via 172.16.0.184 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.7 to aa:bb:cc:00:00:c4 (device-0003) via 172.16.0.184 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.8 from aa:bb:cc:00:00:c5 (device-0055) via 10.1.0.3 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.8 to aa:bb:cc:00:00:c5 (device-0055) via 10.1.0.3 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.9 from aa:bb:cc:00:00:c6 (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.9 to aa:bb:cc:00:00:c6 (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.10 from aa:bb:cc:00:00:c7 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.10 to aa:bb:cc:00:00:c7 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.0.72 from aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.0.72 to aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3 [28800] +<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0e via 10.1.0.20: peer holds all free leases +<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:75 via 172.16.0.44: peer holds all free leases +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:91 via 172.16.0.199 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPOFFER on 172.16.0.239 to aa:bb:cc:00:00:91 (device-0050) via 172.16.0.199 [3600] +<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:30 via 10.1.0.70: peer holds all free leases +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.11 from aa:bb:cc:00:00:c8 (device-0003) via 172.16.0.6 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.11 to aa:bb:cc:00:00:c8 (device-0003) via 172.16.0.6 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.0.240 (device-0015) from aa:bb:cc:00:00:92 via 10.1.0.3 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.0.240 to aa:bb:cc:00:00:92 (device-0001) via 10.1.0.3 [3600] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.12 from aa:bb:cc:00:00:c9 (device-0003) via 172.16.0.68 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.12 to aa:bb:cc:00:00:c9 (device-0003) via 172.16.0.68 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.13 from aa:bb:cc:00:00:ca (device-0001) via 172.16.0.57 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.13 to aa:bb:cc:00:00:ca (device-0001) via 172.16.0.57 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.13 from aa:bb:cc:00:00:ca (device-0001) via 172.16.0.58 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.13 to aa:bb:cc:00:00:ca (device-0001) via 172.16.0.58 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: bind update on 172.16.1.13 got ack from dhcp-server.example.net: xid mismatch. +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.14 from aa:bb:cc:00:00:cb (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.14 to aa:bb:cc:00:00:cb (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.15 from aa:bb:cc:00:00:cc (device-0003) via 172.16.0.135 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.15 to aa:bb:cc:00:00:cc (device-0003) via 172.16.0.135 [86400] +<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1d via 10.1.0.42: peer holds all free leases +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.0.249 (device-0040) from aa:bb:cc:00:00:b7 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.0.249 to aa:bb:cc:00:00:b7 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.16 from aa:bb:cc:00:00:cd (device-0056) via 10.1.0.11 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.16 to aa:bb:cc:00:00:cd (device-0056) via 10.1.0.11 [86400] +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.17 from aa:bb:cc:00:00:ce (device-0057) via 10.1.0.45 +<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.17 to aa:bb:cc:00:00:ce (device-0057) via 10.1.0.45 [86400] +<27>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20: peer holds all free leases +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.18 from aa:bb:cc:00:00:cf (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.18 to aa:bb:cc:00:00:cf (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 10.1.1.19 from aa:bb:cc:00:00:d0 via 10.1.0.129 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 10.1.1.19 to aa:bb:cc:00:00:d0 via 10.1.0.129 [28800] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.20 from aa:bb:cc:00:00:d1 (device-0058) via 172.16.1.21 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.20 to aa:bb:cc:00:00:d1 (device-0058) via 172.16.1.21 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.22 from aa:bb:cc:00:00:d2 (device-0003) via 172.16.0.176 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.22 to aa:bb:cc:00:00:d2 (device-0003) via 172.16.0.176 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.23 from aa:bb:cc:00:00:d3 (device-0003) via 172.16.0.176 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.23 to aa:bb:cc:00:00:d3 (device-0003) via 172.16.0.176 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.24 from aa:bb:cc:00:00:d4 (device-0003) via 172.16.0.22 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.24 to aa:bb:cc:00:00:d4 (device-0003) via 172.16.0.22 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:d5 (device-0059) via 10.1.0.235 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPOFFER on 10.1.1.25 to aa:bb:cc:00:00:d5 (device-0060) via 10.1.0.235 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 10.1.1.25 (device-0040) from aa:bb:cc:00:00:d5 (device-0060) via 10.1.0.235 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 10.1.1.25 to aa:bb:cc:00:00:d5 (device-0060) via 10.1.0.235 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.26 from aa:bb:cc:00:00:d6 (device-0003) via 172.16.0.38 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.26 to aa:bb:cc:00:00:d6 (device-0003) via 172.16.0.38 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.27 from aa:bb:cc:00:00:d7 (device-0003) via 172.16.0.99 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.27 to aa:bb:cc:00:00:d7 (device-0003) via 172.16.0.99 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.28 from aa:bb:cc:00:00:d8 (device-0003) via 172.16.0.152 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.28 to aa:bb:cc:00:00:d8 (device-0003) via 172.16.0.152 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.29 from aa:bb:cc:00:00:d9 (device-0003) via 172.16.1.30 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.29 to aa:bb:cc:00:00:d9 (device-0003) via 172.16.1.30 [86400] +<27>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1f via 172.16.0.44: peer holds all free leases +<27>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:da via 172.16.0.44: peer holds all free leases +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 10.1.0.253 from aa:bb:cc:00:00:ba (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 10.1.0.253 to aa:bb:cc:00:00:ba (device-0001) via 10.1.0.3 [28800] +<27>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:21 via 172.16.0.44: peer holds all free leases +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.31 from aa:bb:cc:00:00:db (device-0003) via 172.16.0.6 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.31 to aa:bb:cc:00:00:db (device-0003) via 172.16.0.6 [86400] +<27>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:31 via 10.1.0.71: peer holds all free leases +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.32 from aa:bb:cc:00:00:dc (device-0003) via 172.16.0.36 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.32 to aa:bb:cc:00:00:dc (device-0003) via 172.16.0.36 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 10.1.0.25 from aa:bb:cc:00:00:11 (device-0008) via 10.1.0.26 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 10.1.0.25 to aa:bb:cc:00:00:11 (device-0008) via 10.1.0.26 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.33 from aa:bb:cc:00:00:dd (device-0003) via 172.16.1.34 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.33 to aa:bb:cc:00:00:dd (device-0003) via 172.16.1.34 [86400] +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.35 from aa:bb:cc:00:00:de (device-0003) via 172.16.0.184 +<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.35 to aa:bb:cc:00:00:de (device-0003) via 172.16.0.184 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.36 from aa:bb:cc:00:00:df (device-0003) via 172.16.0.247 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.36 to aa:bb:cc:00:00:df (device-0003) via 172.16.0.247 [86400] +<27>Apr 17 13:07:47 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:3b via 10.1.0.84: peer holds all free leases +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.37 from aa:bb:cc:00:00:e0 (device-0003) via 172.16.0.68 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.37 to aa:bb:cc:00:00:e0 (device-0003) via 172.16.0.68 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.38 from aa:bb:cc:00:00:e1 (device-0003) via 172.16.0.49 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.38 to aa:bb:cc:00:00:e1 (device-0003) via 172.16.0.49 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 10.1.1.39 from aa:bb:cc:00:00:e2 (device-0061) via 10.1.0.3 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 10.1.1.39 to aa:bb:cc:00:00:e2 (device-0061) via 10.1.0.3 [28800] +<27>Apr 17 13:07:47 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9c via 172.16.0.211: peer holds all free leases +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.40 from aa:bb:cc:00:00:e3 (device-0003) via 172.16.0.36 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.40 to aa:bb:cc:00:00:e3 (device-0003) via 172.16.0.36 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.41 from aa:bb:cc:00:00:e4 (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.41 to aa:bb:cc:00:00:e4 (device-0003) via 172.16.0.24 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.42 from aa:bb:cc:00:00:e5 (device-0003) via 172.16.0.160 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.42 to aa:bb:cc:00:00:e5 (device-0003) via 172.16.0.160 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.43 from aa:bb:cc:00:00:e6 (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.43 to aa:bb:cc:00:00:e6 (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.44 from aa:bb:cc:00:00:e7 (device-0003) via 172.16.0.22 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.44 to aa:bb:cc:00:00:e7 (device-0003) via 172.16.0.22 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:e8 via 172.16.0.107 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.45 from aa:bb:cc:00:00:e9 (device-0003) via 172.16.0.15 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.45 to aa:bb:cc:00:00:e9 (device-0003) via 172.16.0.15 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.46 from aa:bb:cc:00:00:ea (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.46 to aa:bb:cc:00:00:ea (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 10.1.0.19 from aa:bb:cc:00:00:0d (device-0007) via 10.1.0.13 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 10.1.0.19 to aa:bb:cc:00:00:0d (device-0007) via 10.1.0.13 [28800] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.47 from aa:bb:cc:00:00:eb (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.47 to aa:bb:cc:00:00:eb (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 10.1.1.48 from aa:bb:cc:00:00:ec (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 10.1.1.48 to aa:bb:cc:00:00:ec (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.49 from aa:bb:cc:00:00:ed via 172.16.1.50 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.49 to aa:bb:cc:00:00:ed via 172.16.1.50 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.51 from aa:bb:cc:00:00:ee (device-0003) via 172.16.1.52 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.51 to aa:bb:cc:00:00:ee (device-0003) via 172.16.1.52 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.53 from aa:bb:cc:00:00:ef (device-0003) via 172.16.0.234 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.53 to aa:bb:cc:00:00:ef (device-0003) via 172.16.0.234 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 10.1.1.54 from aa:bb:cc:00:00:f0 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 10.1.1.54 to aa:bb:cc:00:00:f0 (device-0001) via 10.1.0.3 [28800] +<27>Apr 17 13:07:47 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:f1 via 172.16.1.55: peer holds all free leases +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.56 from aa:bb:cc:00:00:f2 (device-0003) via 172.16.1.34 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.56 to aa:bb:cc:00:00:f2 (device-0003) via 172.16.1.34 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.57 from aa:bb:cc:00:00:f3 (device-0062) via 172.16.0.172 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.57 to aa:bb:cc:00:00:f3 (device-0062) via 172.16.0.172 [65452] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.58 from aa:bb:cc:00:00:f4 (device-0003) via 172.16.0.145 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.58 to aa:bb:cc:00:00:f4 (device-0003) via 172.16.0.145 [86400] +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 10.1.1.59 from aa:bb:cc:00:00:f5 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 10.1.1.59 to aa:bb:cc:00:00:f5 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.60 from aa:bb:cc:00:00:f6 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.60 to aa:bb:cc:00:00:f6 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.61 from aa:bb:cc:00:00:f7 (device-0003) via 172.16.0.176 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.61 to aa:bb:cc:00:00:f7 (device-0003) via 172.16.0.176 [86400] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.62 from aa:bb:cc:00:00:f8 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.62 to aa:bb:cc:00:00:f8 (device-0003) via 172.16.0.52 [86400] +<27>Apr 17 13:07:48 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:a3 via 172.16.0.221: peer holds all free leases +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.63 from aa:bb:cc:00:00:f9 (device-0003) via 172.16.0.38 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.63 to aa:bb:cc:00:00:f9 (device-0003) via 172.16.0.38 [86400] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.0.92 from aa:bb:cc:00:00:41 (device-0024) via 10.1.0.93 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.0.92 to aa:bb:cc:00:00:41 (device-0024) via 10.1.0.93 [86400] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.64 from aa:bb:cc:00:00:fa via 10.1.1.65 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.64 to aa:bb:cc:00:00:fa via 10.1.1.65 [28800] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.66 from aa:bb:cc:00:00:fb (device-0003) via 172.16.0.116 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.66 to aa:bb:cc:00:00:fb (device-0003) via 172.16.0.116 [86400] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.67 from aa:bb:cc:00:00:fc (device-0003) via 172.16.0.49 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.67 to aa:bb:cc:00:00:fc (device-0003) via 172.16.0.49 [86400] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.68 from aa:bb:cc:00:00:fd (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.68 to aa:bb:cc:00:00:fd (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:fe via 172.16.1.69 +<27>Apr 17 13:07:48 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:ff via 10.1.1.70: peer holds all free leases +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPOFFER on 172.16.1.71 to aa:bb:cc:00:00:e8 (device-0063) via 172.16.0.107 [3599] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.72 from aa:bb:cc:00:01:00 (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.72 to aa:bb:cc:00:01:00 (device-0003) via 172.16.0.40 [86400] +<27>Apr 17 13:07:48 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:75 via 172.16.0.44: peer holds all free leases +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.73 from aa:bb:cc:00:01:01 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.73 to aa:bb:cc:00:01:01 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.74 from aa:bb:cc:00:01:02 (device-0003) via 172.16.0.86 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.74 to aa:bb:cc:00:01:02 (device-0003) via 172.16.0.86 [86400] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.75 from aa:bb:cc:00:01:03 (device-0003) via 172.16.0.17 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.75 to aa:bb:cc:00:01:03 (device-0003) via 172.16.0.17 [86400] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.76 from aa:bb:cc:00:01:04 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.76 to aa:bb:cc:00:01:04 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.77 (device-0040) from aa:bb:cc:00:00:92 via 10.1.0.3 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.77 to aa:bb:cc:00:00:92 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.78 from aa:bb:cc:00:01:05 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.78 to aa:bb:cc:00:01:05 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.0.108 from aa:bb:cc:00:00:4c (device-0027) via 10.1.0.109 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.0.108 to aa:bb:cc:00:00:4c (device-0027) via 10.1.0.109 [86400] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.79 from aa:bb:cc:00:01:06 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.79 to aa:bb:cc:00:01:06 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.80 from aa:bb:cc:00:01:07 (device-0003) via 172.16.1.81 +<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.80 to aa:bb:cc:00:01:07 (device-0003) via 172.16.1.81 [86400] +<27>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20: peer holds all free leases +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 10.1.0.118 from aa:bb:cc:00:00:53 (device-0029) via 10.1.0.119 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 10.1.0.118 to aa:bb:cc:00:00:53 (device-0029) via 10.1.0.119 [86400] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.1.82 from aa:bb:cc:00:01:08 (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.1.82 to aa:bb:cc:00:01:08 (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.1.83 from aa:bb:cc:00:01:09 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.1.83 to aa:bb:cc:00:01:09 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.1.84 from aa:bb:cc:00:01:0a (device-0003) via 172.16.1.85 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.1.84 to aa:bb:cc:00:01:0a (device-0003) via 172.16.1.85 [86400] +<27>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:01:0b via 172.16.1.86: peer holds all free leases +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.1.87 from aa:bb:cc:00:01:0c (device-0003) via 172.16.0.124 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.1.87 to aa:bb:cc:00:01:0c (device-0003) via 172.16.0.124 [86400] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.0.5 from aa:bb:cc:00:00:04 (device-0003) via 172.16.0.6 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.0.5 to aa:bb:cc:00:00:04 (device-0003) via 172.16.0.6 [86400] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 10.1.1.88 from aa:bb:cc:00:01:0d (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 10.1.1.88 to aa:bb:cc:00:01:0d (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.0.14 from aa:bb:cc:00:00:0a (device-0003) via 172.16.0.15 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.0.14 to aa:bb:cc:00:00:0a (device-0003) via 172.16.0.15 [86400] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 10.1.1.89 from aa:bb:cc:00:01:0e (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 10.1.1.89 to aa:bb:cc:00:01:0e (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPOFFER on 172.16.1.90 to aa:bb:cc:00:00:fe (device-0064) via 172.16.1.69 [3599] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:fe via 172.16.1.69 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPOFFER on 172.16.1.90 to aa:bb:cc:00:00:fe (device-0064) via 172.16.1.69 [3600] +<27>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:da via 172.16.0.44: peer holds all free leases +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.0.21 from aa:bb:cc:00:00:0f (device-0003) via 172.16.0.22 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.0.21 to aa:bb:cc:00:00:0f (device-0003) via 172.16.0.22 [86400] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 10.1.1.91 from aa:bb:cc:00:01:0f (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 10.1.1.91 to aa:bb:cc:00:01:0f (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.0.23 from aa:bb:cc:00:00:10 (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.0.23 to aa:bb:cc:00:00:10 (device-0003) via 172.16.0.24 [86400] +<27>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:01:10 via 10.1.0.129: peer holds all free leases +<27>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:4b via 172.16.0.107: peer holds all free leases +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 10.1.1.92 from aa:bb:cc:00:01:11 (device-0065) via 10.1.0.3 +<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 10.1.1.92 to aa:bb:cc:00:01:11 (device-0065) via 10.1.0.3 [28800] +<27>Apr 17 13:07:50 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9f via 172.16.0.215: peer holds all free leases +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.35 from aa:bb:cc:00:00:18 (device-0003) via 172.16.0.36 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.35 to aa:bb:cc:00:00:18 (device-0003) via 172.16.0.36 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.37 from aa:bb:cc:00:00:19 (device-0003) via 172.16.0.38 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.37 to aa:bb:cc:00:00:19 (device-0003) via 172.16.0.38 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.93 from aa:bb:cc:00:01:12 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.93 to aa:bb:cc:00:01:12 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.39 from aa:bb:cc:00:00:1a (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.39 to aa:bb:cc:00:00:1a (device-0003) via 172.16.0.40 [86400] +<27>Apr 17 13:07:50 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9c via 172.16.0.211: peer holds all free leases +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.94 from aa:bb:cc:00:01:13 (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.94 to aa:bb:cc:00:01:13 (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.136 (device-0015) from aa:bb:cc:00:00:61 via 172.16.0.137: unknown lease 172.16.0.136. +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.0.149 from aa:bb:cc:00:00:6b (device-0034) via 10.1.0.150 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.0.149 to aa:bb:cc:00:00:6b (device-0034) via 10.1.0.150 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.95 from aa:bb:cc:00:01:14 via lagg1 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.95 to aa:bb:cc:00:01:14 via lagg1 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.96 from aa:bb:cc:00:01:15 (device-0066) via lagg1 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.96 to aa:bb:cc:00:01:15 (device-0066) via lagg1 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.48 from aa:bb:cc:00:00:23 (device-0003) via 172.16.0.49 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.48 to aa:bb:cc:00:00:23 (device-0003) via 172.16.0.49 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.53 from aa:bb:cc:00:00:25 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.53 to aa:bb:cc:00:00:25 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.51 from aa:bb:cc:00:00:24 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.51 to aa:bb:cc:00:00:24 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.54 from aa:bb:cc:00:00:26 (device-0003) via 172.16.0.55 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.54 to aa:bb:cc:00:00:26 (device-0003) via 172.16.0.55 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.97 from aa:bb:cc:00:01:16 (device-0067) via 10.1.0.45 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.97 to aa:bb:cc:00:01:16 (device-0067) via 10.1.0.45 [65483] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.98 from aa:bb:cc:00:01:17 (device-0068) via lagg1 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.98 to aa:bb:cc:00:01:17 (device-0068) via lagg1 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.61 from aa:bb:cc:00:00:29 (device-0003) via 172.16.0.62 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.61 to aa:bb:cc:00:00:29 (device-0003) via 172.16.0.62 [86400] +<27>Apr 17 13:07:50 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:30 via 10.1.0.70: peer holds all free leases +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.64 from aa:bb:cc:00:00:2b (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.64 to aa:bb:cc:00:00:2b (device-0003) via 172.16.0.24 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.65 from aa:bb:cc:00:00:2c (device-0003) via 172.16.0.40 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.65 to aa:bb:cc:00:00:2c (device-0003) via 172.16.0.40 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.99 from aa:bb:cc:00:01:18 (device-0069) via 10.1.1.100 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.99 to aa:bb:cc:00:01:18 (device-0069) via 10.1.1.100 [55932] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:01:19 via 10.1.1.101 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPOFFER on 10.1.1.102 to aa:bb:cc:00:01:19 via 10.1.1.101 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.102 (device-0015) from aa:bb:cc:00:01:19 via 10.1.1.101 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.102 to aa:bb:cc:00:01:19 via 10.1.1.101 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.103 from aa:bb:cc:00:01:1a (device-0001) via 172.16.0.57 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.103 to aa:bb:cc:00:01:1a (device-0001) via 172.16.0.57 [28800] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.103 from aa:bb:cc:00:01:1a (device-0001) via 172.16.0.58 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.103 to aa:bb:cc:00:01:1a (device-0001) via 172.16.0.58 [28800] +<30>Apr 17 13:07:50 dhcpd[46177]: bind update on 172.16.1.103 got ack from dhcp-server.example.net: xid mismatch. +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.67 from aa:bb:cc:00:00:2e (device-0003) via 172.16.0.68 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.67 to aa:bb:cc:00:00:2e (device-0003) via 172.16.0.68 [86400] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.104 from aa:bb:cc:00:01:1b (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.104 to aa:bb:cc:00:01:1b (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.105 from aa:bb:cc:00:01:1c (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.105 to aa:bb:cc:00:01:1c (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.106 from aa:bb:cc:00:01:1d (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.106 to aa:bb:cc:00:01:1d (device-0001) via 10.1.0.3 [28800] +<27>Apr 17 13:07:50 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9f via 172.16.0.215: peer holds all free leases +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.107 from aa:bb:cc:00:01:1e (device-0070) via 172.16.0.57 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.107 to aa:bb:cc:00:01:1e (device-0070) via 172.16.0.57 [28800] +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.107 from aa:bb:cc:00:01:1e (device-0070) via 172.16.0.58 +<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.107 to aa:bb:cc:00:01:1e (device-0070) via 172.16.0.58 [28800] +<30>Apr 17 13:07:51 dhcpd[46177]: DHCPREQUEST for 172.16.0.73 from aa:bb:cc:00:00:33 (device-0003) via 172.16.0.52 +<30>Apr 17 13:07:51 dhcpd[46177]: DHCPACK on 172.16.0.73 to aa:bb:cc:00:00:33 (device-0003) via 172.16.0.52 [86400] +<30>Apr 17 13:07:51 dhcpd[46177]: DHCPREQUEST for 10.1.1.89 from aa:bb:cc:00:01:0e (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:51 dhcpd[46177]: DHCPACK on 10.1.1.89 to aa:bb:cc:00:01:0e (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:51 dhcpd[46177]: bind update on 172.16.1.107 got ack from dhcp-server.example.net: xid mismatch. +<30>Apr 17 13:07:51 dhcpd[46177]: DHCPREQUEST for 10.1.1.108 from aa:bb:cc:00:01:1f (device-0001) via 10.1.0.3 +<30>Apr 17 13:07:51 dhcpd[46177]: DHCPACK on 10.1.1.108 to aa:bb:cc:00:01:1f (device-0001) via 10.1.0.3 [28800] +<30>Apr 17 13:07:51 dhcpd[46177]: DHCPREQUEST for 172.16.0.75 from aa:bb:cc:00:00:35 (device-0003) via 172.16.0.76 +<30>Apr 17 13:07:51 dhcpd[46177]: DHCPACK on 172.16.0.75 to aa:bb:cc:00:00:35 (device-0003) via 172.16.0.76 [86400] +<30>Apr 17 13:07:51 dhcpd[46177]: DHCPREQUEST for 172.16.0.77 from aa:bb:cc:00:00:36 (device-0003) via 172.16.0.24 +<30>Apr 17 13:07:51 dhcpd[46177]: DHCPACK on 172.16.0.77 to aa:bb:cc:00:00:36 (device-0003) via 172.16.0.24 [86400] \ No newline at end of file diff --git a/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json b/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json new file mode 100644 index 00000000000..aa3508328e0 --- /dev/null +++ b/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dhcp.log-expected.json @@ -0,0 +1,12834 @@ +{ + "expected": [ + { + "@timestamp": "2026-04-17T13:07:38.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:01 via 172.16.0.1" + } + }, + "event": { + "created": "2026-04-17T13:07:38.000Z", + "original": "<27>Apr 17 13:07:38 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:01 via 172.16.0.1: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.2 from aa:bb:cc:00:00:02 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.2 to aa:bb:cc:00:00:02 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.4 from aa:bb:cc:00:00:03 (device-0002) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.4 to aa:bb:cc:00:00:03 (device-0002) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.5 from aa:bb:cc:00:00:04 (device-0003) via 172.16.0.6" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.5 to aa:bb:cc:00:00:04 (device-0003) via 172.16.0.6 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPINFORM from 10.1.0.7 via 10.1.0.8" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK to 10.1.0.7 (device-0004) via lagg1" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.9 from aa:bb:cc:00:00:06 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.9 to aa:bb:cc:00:00:06 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.10 from aa:bb:cc:00:00:07 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.10 to aa:bb:cc:00:00:07 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:08 via 10.1.0.11" + } + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<27>Apr 17 13:07:39 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:08 via 10.1.0.11: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.12 from aa:bb:cc:00:00:09 (device-0005) via 10.1.0.13" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.12 to aa:bb:cc:00:00:09 (device-0005) via 10.1.0.13 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.14 from aa:bb:cc:00:00:0a (device-0003) via 172.16.0.15" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.14 to aa:bb:cc:00:00:0a (device-0003) via 172.16.0.15 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0b via 172.16.0.16" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0c via 172.16.0.17" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPOFFER on 172.16.0.18 to aa:bb:cc:00:00:0c (device-0006) via 172.16.0.17 [3600]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.19 from aa:bb:cc:00:00:0d (device-0007) via 10.1.0.13" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.19 to aa:bb:cc:00:00:0d (device-0007) via 10.1.0.13 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:0e via 10.1.0.20" + } + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<27>Apr 17 13:07:39 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0e via 10.1.0.20: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.21 from aa:bb:cc:00:00:0f (device-0003) via 172.16.0.22" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.21 to aa:bb:cc:00:00:0f (device-0003) via 172.16.0.22 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.23 from aa:bb:cc:00:00:10 (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.23 to aa:bb:cc:00:00:10 (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.25 from aa:bb:cc:00:00:11 (device-0008) via 10.1.0.26" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.25 to aa:bb:cc:00:00:11 (device-0008) via 10.1.0.26 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.27 from aa:bb:cc:00:00:12 via 10.1.0.28" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.27 to aa:bb:cc:00:00:12 (device-0009) via 10.1.0.28 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:13 via 10.1.0.29" + } + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<27>Apr 17 13:07:39 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:13 via 10.1.0.29: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.30 from aa:bb:cc:00:00:14 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.30 to aa:bb:cc:00:00:14 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.31 from aa:bb:cc:00:00:15 (device-0010) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.31 to aa:bb:cc:00:00:15 (device-0010) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPINFORM from 10.1.0.32 via 10.1.0.33" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK to 10.1.0.32 (device-0011) via lagg1" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 10.1.0.34 from aa:bb:cc:00:00:17 (device-0012) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 10.1.0.34 to aa:bb:cc:00:00:17 (device-0012) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.35 from aa:bb:cc:00:00:18 (device-0003) via 172.16.0.36" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.35 to aa:bb:cc:00:00:18 (device-0003) via 172.16.0.36 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.37 from aa:bb:cc:00:00:19 (device-0003) via 172.16.0.38" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.37 to aa:bb:cc:00:00:19 (device-0003) via 172.16.0.38 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPREQUEST for 172.16.0.39 from aa:bb:cc:00:00:1a (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:39.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:39.000Z", + "original": "<30>Apr 17 13:07:39 dhcpd[46177]: DHCPACK on 172.16.0.39 to aa:bb:cc:00:00:1a (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.41 from aa:bb:cc:00:00:1b (device-0013) via 10.1.0.13" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.41 to aa:bb:cc:00:00:1b (device-0013) via 10.1.0.13 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20" + } + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:1d via 10.1.0.42" + } + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1d via 10.1.0.42: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.43 from aa:bb:cc:00:00:1e (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.43 to aa:bb:cc:00:00:1e (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:1f via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1f via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:20 via 10.1.0.45" + } + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:20 via 10.1.0.45: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:21 via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:21 via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:22 (device-0014) via 10.1.0.46" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPOFFER on 10.1.0.47 to aa:bb:cc:00:00:22 (device-0014) via 10.1.0.46 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.48 from aa:bb:cc:00:00:23 (device-0003) via 172.16.0.49" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.48 to aa:bb:cc:00:00:23 (device-0003) via 172.16.0.49 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.47 (device-0015) from aa:bb:cc:00:00:22 (device-0014) via 10.1.0.46" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.47 to aa:bb:cc:00:00:22 (device-0014) via 10.1.0.46 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.51 from aa:bb:cc:00:00:24 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.51 to aa:bb:cc:00:00:24 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.53 from aa:bb:cc:00:00:25 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.53 to aa:bb:cc:00:00:25 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.54 from aa:bb:cc:00:00:26 (device-0003) via 172.16.0.55" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.54 to aa:bb:cc:00:00:26 (device-0003) via 172.16.0.55 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.56 from aa:bb:cc:00:00:27 (device-0016) via 172.16.0.57" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.56 to aa:bb:cc:00:00:27 (device-0016) via 172.16.0.57 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.56 from aa:bb:cc:00:00:27 (device-0016) via 172.16.0.58" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.56 to aa:bb:cc:00:00:27 (device-0016) via 172.16.0.58 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "bind update on 172.16.0.56 got ack from dhcp-server.example.net" + } + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: bind update on 172.16.0.56 got ack from dhcp-server.example.net: xid mismatch." + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPOFFER on 172.16.0.59 to aa:bb:cc:00:00:0b (device-0017) via 172.16.0.16 [3599]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.60 from aa:bb:cc:00:00:28 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.60 to aa:bb:cc:00:00:28 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.61 from aa:bb:cc:00:00:29 (device-0003) via 172.16.0.62" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.61 to aa:bb:cc:00:00:29 (device-0003) via 172.16.0.62 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.63 from aa:bb:cc:00:00:2a (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.63 to aa:bb:cc:00:00:2a (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.64 from aa:bb:cc:00:00:2b (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.64 to aa:bb:cc:00:00:2b (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.65 from aa:bb:cc:00:00:2c (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.65 to aa:bb:cc:00:00:2c (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.66 from aa:bb:cc:00:00:2d (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.66 to aa:bb:cc:00:00:2d (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.67 from aa:bb:cc:00:00:2e (device-0003) via 172.16.0.68" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.67 to aa:bb:cc:00:00:2e (device-0003) via 172.16.0.68 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.69 from aa:bb:cc:00:00:2f (device-0018) via 172.16.0.57" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.69 to aa:bb:cc:00:00:2f (device-0018) via 172.16.0.57 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.69 from aa:bb:cc:00:00:2f (device-0018) via 172.16.0.58" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.69 to aa:bb:cc:00:00:2f (device-0018) via 172.16.0.58 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "bind update on 172.16.0.69 got ack from dhcp-server.example.net" + } + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: bind update on 172.16.0.69 got ack from dhcp-server.example.net: xid mismatch." + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:30 via 10.1.0.70" + } + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:30 via 10.1.0.70: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:31 via 10.1.0.71" + } + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:31 via 10.1.0.71: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.72 from aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.72 to aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.73 from aa:bb:cc:00:00:33 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.73 to aa:bb:cc:00:00:33 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.74 from aa:bb:cc:00:00:34 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.74 to aa:bb:cc:00:00:34 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.75 from aa:bb:cc:00:00:35 (device-0003) via 172.16.0.76" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.75 to aa:bb:cc:00:00:35 (device-0003) via 172.16.0.76 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.77 from aa:bb:cc:00:00:36 (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.77 to aa:bb:cc:00:00:36 (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:37 via 10.1.0.78" + } + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<27>Apr 17 13:07:40 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:37 via 10.1.0.78: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 10.1.0.79 from aa:bb:cc:00:00:38 (device-0020) via 10.1.0.80" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 10.1.0.79 to aa:bb:cc:00:00:38 (device-0020) via 10.1.0.80 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPREQUEST for 172.16.0.81 from aa:bb:cc:00:00:39 (device-0021) via 172.16.0.82" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:40.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:40.000Z", + "original": "<30>Apr 17 13:07:40 dhcpd[46177]: DHCPACK on 172.16.0.81 to aa:bb:cc:00:00:39 (device-0021) via 172.16.0.82 [73206]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.83 from aa:bb:cc:00:00:3a (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.83 to aa:bb:cc:00:00:3a (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:3b via 10.1.0.84" + } + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<27>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:3b via 10.1.0.84: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.85 from aa:bb:cc:00:00:3c (device-0003) via 172.16.0.86" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.85 to aa:bb:cc:00:00:3c (device-0003) via 172.16.0.86 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.87 from aa:bb:cc:00:00:3d (device-0003) via 172.16.0.22" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.87 to aa:bb:cc:00:00:3d (device-0003) via 172.16.0.22 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPINFORM from 10.1.0.88 via 10.1.0.89" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK to 10.1.0.88 (device-0022) via lagg1" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.90 from aa:bb:cc:00:00:3f (device-0003) via 172.16.0.55" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.90 to aa:bb:cc:00:00:3f (device-0003) via 172.16.0.55 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPINFORM from 10.1.0.27 via 10.1.0.28" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK to 10.1.0.27 (device-0023) via lagg1" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.91 from aa:bb:cc:00:00:40 (device-0003) via 172.16.0.38" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.91 to aa:bb:cc:00:00:40 (device-0003) via 172.16.0.38 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.92 from aa:bb:cc:00:00:41 (device-0024) via 10.1.0.93" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.92 to aa:bb:cc:00:00:41 (device-0024) via 10.1.0.93 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.94 from aa:bb:cc:00:00:42 (device-0003) via 172.16.0.49" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.94 to aa:bb:cc:00:00:42 (device-0003) via 172.16.0.49 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.95 from aa:bb:cc:00:00:43 (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.95 to aa:bb:cc:00:00:43 (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0b via 172.16.0.16" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPOFFER on 172.16.0.59 to aa:bb:cc:00:00:0b (device-0017) via 172.16.0.16 [3600]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.96 from aa:bb:cc:00:00:44 (device-0025) via 172.16.0.97" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.96 to aa:bb:cc:00:00:44 (device-0025) via 172.16.0.97 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.98 from aa:bb:cc:00:00:45 (device-0003) via 172.16.0.99" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.98 to aa:bb:cc:00:00:45 (device-0003) via 172.16.0.99 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.100 from aa:bb:cc:00:00:46 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.100 to aa:bb:cc:00:00:46 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.101 from aa:bb:cc:00:00:47 (device-0003) via 172.16.0.22" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.101 to aa:bb:cc:00:00:47 (device-0003) via 172.16.0.22 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.102 from aa:bb:cc:00:00:48 (device-0003) via 172.16.0.55" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.102 to aa:bb:cc:00:00:48 (device-0003) via 172.16.0.55 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPINFORM from 172.16.0.103 via 172.16.0.104" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK to 172.16.0.103 (device-0026) via lagg1" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.105 from aa:bb:cc:00:00:4a (device-0003) via 172.16.0.106" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.105 to aa:bb:cc:00:00:4a (device-0003) via 172.16.0.106 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:4b via 172.16.0.107" + } + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<27>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:4b via 172.16.0.107: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:13 via 10.1.0.29" + } + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<27>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:13 via 10.1.0.29: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.108 from aa:bb:cc:00:00:4c (device-0027) via 10.1.0.109" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.108 to aa:bb:cc:00:00:4c (device-0027) via 10.1.0.109 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.110 from aa:bb:cc:00:00:4d (device-0003) via 172.16.0.55" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.110 to aa:bb:cc:00:00:4d (device-0003) via 172.16.0.55 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.111 from aa:bb:cc:00:00:4e (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.111 to aa:bb:cc:00:00:4e (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.112 from aa:bb:cc:00:00:4f (device-0003) via 172.16.0.113" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.112 to aa:bb:cc:00:00:4f (device-0003) via 172.16.0.113 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPINFORM from 10.1.0.114 via 10.1.0.89" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK to 10.1.0.114 (device-0028) via lagg1" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.115 from aa:bb:cc:00:00:51 (device-0003) via 172.16.0.116" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.115 to aa:bb:cc:00:00:51 (device-0003) via 172.16.0.116 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.117 from aa:bb:cc:00:00:52 (device-0003) via 172.16.0.62" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.117 to aa:bb:cc:00:00:52 (device-0003) via 172.16.0.62 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.118 from aa:bb:cc:00:00:53 (device-0029) via 10.1.0.119" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.118 to aa:bb:cc:00:00:53 (device-0029) via 10.1.0.119 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:54 via 172.16.0.120" + } + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<27>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:54 via 172.16.0.120: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.121 from aa:bb:cc:00:00:55 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.121 to aa:bb:cc:00:00:55 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.122 from aa:bb:cc:00:00:56 (device-0003) via 172.16.0.62" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.122 to aa:bb:cc:00:00:56 (device-0003) via 172.16.0.62 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 172.16.0.123 from aa:bb:cc:00:00:57 (device-0003) via 172.16.0.124" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 172.16.0.123 to aa:bb:cc:00:00:57 (device-0003) via 172.16.0.124 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPREQUEST for 10.1.0.125 from aa:bb:cc:00:00:58 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<30>Apr 17 13:07:41 dhcpd[46177]: DHCPACK on 10.1.0.125 to aa:bb:cc:00:00:58 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:41.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:01 via 172.16.0.1" + } + }, + "event": { + "created": "2026-04-17T13:07:41.000Z", + "original": "<27>Apr 17 13:07:41 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:01 via 172.16.0.1: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.126 from aa:bb:cc:00:00:59 (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.126 to aa:bb:cc:00:00:59 (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.127 from aa:bb:cc:00:00:5a (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.127 to aa:bb:cc:00:00:5a (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:5b via 172.16.0.124" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.128 from aa:bb:cc:00:00:5c via 10.1.0.129" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.128 to aa:bb:cc:00:00:5c via 10.1.0.129 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.130 from aa:bb:cc:00:00:5d (device-0030) via 172.16.0.131" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.130 to aa:bb:cc:00:00:5d (device-0030) via 172.16.0.131 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.72 from aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.72 to aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.132 from aa:bb:cc:00:00:5e (device-0031) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.132 to aa:bb:cc:00:00:5e (device-0031) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.133 from aa:bb:cc:00:00:5f (device-0003) via 172.16.0.15" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.133 to aa:bb:cc:00:00:5f (device-0003) via 172.16.0.15 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.134 from aa:bb:cc:00:00:60 (device-0003) via 172.16.0.135" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.134 to aa:bb:cc:00:00:60 (device-0003) via 172.16.0.135 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPREQUEST for 172.16.0.136 (device-0015) from aa:bb:cc:00:00:61 via 172.16.0.137" + } + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.136 (device-0015) from aa:bb:cc:00:00:61 via 172.16.0.137: unknown lease 172.16.0.136." + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.138 from aa:bb:cc:00:00:62 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.138 to aa:bb:cc:00:00:62 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.139 from aa:bb:cc:00:00:63 (device-0032) via 10.1.0.140" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.139 to aa:bb:cc:00:00:63 (device-0032) via 10.1.0.140 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.141 from aa:bb:cc:00:00:64 (device-0003) via 172.16.0.15" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.141 to aa:bb:cc:00:00:64 (device-0003) via 172.16.0.15 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.142 from aa:bb:cc:00:00:65 (device-0033) via 10.1.0.143" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.142 to aa:bb:cc:00:00:65 (device-0033) via 10.1.0.143 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:66 via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.144 from aa:bb:cc:00:00:67 (device-0003) via 172.16.0.145" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.144 to aa:bb:cc:00:00:67 (device-0003) via 172.16.0.145 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.146 from aa:bb:cc:00:00:68 (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.146 to aa:bb:cc:00:00:68 (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.147 from aa:bb:cc:00:00:69 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.147 to aa:bb:cc:00:00:69 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:0e via 10.1.0.20" + } + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<27>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0e via 10.1.0.20: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.148 from aa:bb:cc:00:00:6a (device-0003) via 172.16.0.68" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.148 to aa:bb:cc:00:00:6a (device-0003) via 172.16.0.68 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.149 from aa:bb:cc:00:00:6b (device-0034) via 10.1.0.150" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.149 to aa:bb:cc:00:00:6b (device-0034) via 10.1.0.150 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.151 from aa:bb:cc:00:00:6c (device-0003) via 172.16.0.152" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.151 to aa:bb:cc:00:00:6c (device-0003) via 172.16.0.152 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.153 from aa:bb:cc:00:00:6d (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.153 to aa:bb:cc:00:00:6d (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:1d via 10.1.0.42" + } + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<27>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1d via 10.1.0.42: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.154 from aa:bb:cc:00:00:6e (device-0003) via 172.16.0.155" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.154 to aa:bb:cc:00:00:6e (device-0003) via 172.16.0.155 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.156 from aa:bb:cc:00:00:6f (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.156 to aa:bb:cc:00:00:6f (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.157 from aa:bb:cc:00:00:70 (device-0003) via 172.16.0.135" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.157 to aa:bb:cc:00:00:70 (device-0003) via 172.16.0.135 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.158 from aa:bb:cc:00:00:71 (device-0003) via 172.16.0.152" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.158 to aa:bb:cc:00:00:71 (device-0003) via 172.16.0.152 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:20 via 10.1.0.45" + } + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<27>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:20 via 10.1.0.45: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:08 via 10.1.0.11" + } + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<27>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:08 via 10.1.0.11: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.159 from aa:bb:cc:00:00:72 (device-0003) via 172.16.0.160" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.159 to aa:bb:cc:00:00:72 (device-0003) via 172.16.0.160 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 172.16.0.161 from aa:bb:cc:00:00:73 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 172.16.0.161 to aa:bb:cc:00:00:73 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPREQUEST for 10.1.0.162 from aa:bb:cc:00:00:74 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<30>Apr 17 13:07:42 dhcpd[46177]: DHCPACK on 10.1.0.162 to aa:bb:cc:00:00:74 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:42.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:75 via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:42.000Z", + "original": "<27>Apr 17 13:07:42 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:75 via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20" + } + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<27>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<27>Apr 17 13:07:43 dhcpd[46177]: sqlite3 [database is locked] 1253, will retry in 1s" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.163 from aa:bb:cc:00:00:76 (device-0003) via 172.16.0.164" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.163 to aa:bb:cc:00:00:76 (device-0003) via 172.16.0.164 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.165 from aa:bb:cc:00:00:77 (device-0003) via 172.16.0.68" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.165 to aa:bb:cc:00:00:77 (device-0003) via 172.16.0.68 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.166 from aa:bb:cc:00:00:78 (device-0003) via 172.16.0.6" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.166 to aa:bb:cc:00:00:78 (device-0003) via 172.16.0.6 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.167 from aa:bb:cc:00:00:79 (device-0016) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.167 to aa:bb:cc:00:00:79 (device-0016) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.168 from aa:bb:cc:00:00:7a (device-0003) via 172.16.0.99" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.168 to aa:bb:cc:00:00:7a (device-0003) via 172.16.0.99 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.169 from aa:bb:cc:00:00:7b (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.169 to aa:bb:cc:00:00:7b (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPOFFER on 172.16.0.170 to aa:bb:cc:00:00:5b (device-0035) via 172.16.0.124 [3599]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:1f via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<27>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1f via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:21 via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<27>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:21 via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.171 from aa:bb:cc:00:00:7c (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.171 to aa:bb:cc:00:00:7c (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:7d via 172.16.0.172" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.173 from aa:bb:cc:00:00:7e (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.173 to aa:bb:cc:00:00:7e (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.174 from aa:bb:cc:00:00:7f (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.174 to aa:bb:cc:00:00:7f (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.175 from aa:bb:cc:00:00:80 (device-0003) via 172.16.0.176" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.175 to aa:bb:cc:00:00:80 (device-0003) via 172.16.0.176 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.177 from aa:bb:cc:00:00:81 (device-0003) via 172.16.0.86" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.177 to aa:bb:cc:00:00:81 (device-0003) via 172.16.0.86 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.178 from aa:bb:cc:00:00:82 (device-0036) via 10.1.0.179" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.178 to aa:bb:cc:00:00:82 (device-0036) via 10.1.0.179 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.180 from aa:bb:cc:00:00:83 (device-0003) via 172.16.0.181" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.180 to aa:bb:cc:00:00:83 (device-0003) via 172.16.0.181 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.182 from aa:bb:cc:00:00:84 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.182 to aa:bb:cc:00:00:84 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.183 from aa:bb:cc:00:00:85 (device-0003) via 172.16.0.184" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.183 to aa:bb:cc:00:00:85 (device-0003) via 172.16.0.184 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.185 from aa:bb:cc:00:00:86 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.185 to aa:bb:cc:00:00:86 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.186 from aa:bb:cc:00:00:87 (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.186 to aa:bb:cc:00:00:87 (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPOFFER on 10.1.0.187 to aa:bb:cc:00:00:66 (device-0037) via 10.1.0.3 [3599]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.188 from aa:bb:cc:00:00:88 (device-0003) via 172.16.0.176" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.188 to aa:bb:cc:00:00:88 (device-0003) via 172.16.0.176 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.187 (device-0015) from aa:bb:cc:00:00:66 via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.187 to aa:bb:cc:00:00:66 (device-0037) via 10.1.0.3 [3600]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.189 from aa:bb:cc:00:00:89 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.189 to aa:bb:cc:00:00:89 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.190 from aa:bb:cc:00:00:8a (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.190 to aa:bb:cc:00:00:8a (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.191 from aa:bb:cc:00:00:8b (device-0003) via 172.16.0.192" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.191 to aa:bb:cc:00:00:8b (device-0003) via 172.16.0.192 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.193 from aa:bb:cc:00:00:8c (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.193 to aa:bb:cc:00:00:8c (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.194 from aa:bb:cc:00:00:8d (device-0003) via 172.16.0.176" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.194 to aa:bb:cc:00:00:8d (device-0003) via 172.16.0.176 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.195 from aa:bb:cc:00:00:8e (device-0003) via 172.16.0.196" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.195 to aa:bb:cc:00:00:8e (device-0003) via 172.16.0.196 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.197 from aa:bb:cc:00:00:8f (device-0003) via 172.16.0.68" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.197 to aa:bb:cc:00:00:8f (device-0003) via 172.16.0.68 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.198 from aa:bb:cc:00:00:90 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.198 to aa:bb:cc:00:00:90 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:91 via 172.16.0.199" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:92 via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.200 from aa:bb:cc:00:00:93 (device-0003) via 172.16.0.201" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.200 to aa:bb:cc:00:00:93 (device-0003) via 172.16.0.201 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.202 from aa:bb:cc:00:00:94 via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.202 to aa:bb:cc:00:00:94 via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.203 from aa:bb:cc:00:00:95 (device-0003) via 172.16.0.204" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.203 to aa:bb:cc:00:00:95 (device-0003) via 172.16.0.204 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.205 from aa:bb:cc:00:00:96 (device-0003) via 172.16.0.49" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.205 to aa:bb:cc:00:00:96 (device-0003) via 172.16.0.49 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.206 from aa:bb:cc:00:00:97 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.206 to aa:bb:cc:00:00:97 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 172.16.0.207 from aa:bb:cc:00:00:98 (device-0003) via 172.16.0.152" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 172.16.0.207 to aa:bb:cc:00:00:98 (device-0003) via 172.16.0.152 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.142 from aa:bb:cc:00:00:65 (device-0033) via 10.1.0.143" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.142 to aa:bb:cc:00:00:65 (device-0033) via 10.1.0.143 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPREQUEST for 10.1.0.208 from aa:bb:cc:00:00:99 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:43.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:43.000Z", + "original": "<30>Apr 17 13:07:43 dhcpd[46177]: DHCPACK on 10.1.0.208 to aa:bb:cc:00:00:99 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.209 from aa:bb:cc:00:00:9a (device-0038) via 10.1.0.119" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.209 to aa:bb:cc:00:00:9a (device-0038) via 10.1.0.119 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.210 from aa:bb:cc:00:00:9b (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.210 to aa:bb:cc:00:00:9b (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:9c via 172.16.0.211" + } + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<27>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9c via 172.16.0.211: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:3b via 10.1.0.84" + } + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<27>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:3b via 10.1.0.84: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9d (device-0039) via 172.16.0.212" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 172.16.0.213 to aa:bb:cc:00:00:9d (device-0039) via 172.16.0.212 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.214 from aa:bb:cc:00:00:9e (device-0003) via 172.16.0.15" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.214 to aa:bb:cc:00:00:9e (device-0003) via 172.16.0.15 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:9f via 172.16.0.215" + } + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<27>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9f via 172.16.0.215: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.216 (device-0040) from aa:bb:cc:00:00:a0 (device-0041) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.216 to aa:bb:cc:00:00:a0 (device-0041) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:5b via 172.16.0.124" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 172.16.0.170 to aa:bb:cc:00:00:5b (device-0035) via 172.16.0.124 [3600]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.218 from aa:bb:cc:00:00:a1 (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.218 to aa:bb:cc:00:00:a1 (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.162 from aa:bb:cc:00:00:74 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.162 to aa:bb:cc:00:00:74 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 172.16.0.219 to aa:bb:cc:00:00:7d (device-0042) via 172.16.0.172 [3599]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.220 from aa:bb:cc:00:00:a2 (device-0003) via 172.16.0.22" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.220 to aa:bb:cc:00:00:a2 (device-0003) via 172.16.0.22 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:a3 via 172.16.0.221" + } + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<27>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:a3 via 172.16.0.221: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.222 from aa:bb:cc:00:00:a4 (device-0003) via 172.16.0.55" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.222 to aa:bb:cc:00:00:a4 (device-0003) via 172.16.0.55 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.223 from aa:bb:cc:00:00:a5 (device-0043) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.223 to aa:bb:cc:00:00:a5 (device-0043) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.224 from aa:bb:cc:00:00:a6 (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.224 to aa:bb:cc:00:00:a6 (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.225 from aa:bb:cc:00:00:a7 (device-0003) via 172.16.0.226" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.225 to aa:bb:cc:00:00:a7 (device-0003) via 172.16.0.226 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.173 from aa:bb:cc:00:00:7e (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.173 to aa:bb:cc:00:00:7e (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:a8 (device-0044) via 10.1.0.227" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 10.1.0.228 to aa:bb:cc:00:00:a8 (device-0044) via 10.1.0.227 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.228 (device-0015) from aa:bb:cc:00:00:a8 (device-0044) via 10.1.0.227" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.228 to aa:bb:cc:00:00:a8 (device-0044) via 10.1.0.227 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.229 from aa:bb:cc:00:00:a9 (device-0045) via 10.1.0.230" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.229 to aa:bb:cc:00:00:a9 (device-0045) via 10.1.0.230 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.231 from aa:bb:cc:00:00:aa (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.231 to aa:bb:cc:00:00:aa (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:ab (device-0046) via 10.1.0.46" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 10.1.0.232 to aa:bb:cc:00:00:ab (device-0046) via 10.1.0.46 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.232 (device-0015) from aa:bb:cc:00:00:ab (device-0046) via 10.1.0.46" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.232 to aa:bb:cc:00:00:ab (device-0046) via 10.1.0.46 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.233 from aa:bb:cc:00:00:ac (device-0003) via 172.16.0.234" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.233 to aa:bb:cc:00:00:ac (device-0003) via 172.16.0.234 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:ad (device-0047) via 10.1.0.235" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 10.1.0.236 to aa:bb:cc:00:00:ad (device-0048) via 10.1.0.235 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.236 (device-0040) from aa:bb:cc:00:00:ad (device-0048) via 10.1.0.235" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.236 to aa:bb:cc:00:00:ad (device-0048) via 10.1.0.235 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.237 from aa:bb:cc:00:00:ae (device-0003) via 172.16.0.184" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.237 to aa:bb:cc:00:00:ae (device-0003) via 172.16.0.184 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.238 from aa:bb:cc:00:00:af (device-0049) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.238 to aa:bb:cc:00:00:af (device-0049) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 172.16.0.239 to aa:bb:cc:00:00:91 (device-0050) via 172.16.0.199 [3599]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 10.1.0.240 to aa:bb:cc:00:00:92 (device-0001) via 10.1.0.3 [3599]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.241 from aa:bb:cc:00:00:b0 (device-0003) via 172.16.0.124" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.241 to aa:bb:cc:00:00:b0 (device-0003) via 172.16.0.124 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.242 from aa:bb:cc:00:00:b1 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.242 to aa:bb:cc:00:00:b1 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.243 from aa:bb:cc:00:00:b2 (device-0051) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.243 to aa:bb:cc:00:00:b2 (device-0051) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.244 from aa:bb:cc:00:00:b3 (device-0003) via 172.16.0.116" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.244 to aa:bb:cc:00:00:b3 (device-0003) via 172.16.0.116 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.245 from aa:bb:cc:00:00:b4 (device-0003) via 172.16.0.22" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.245 to aa:bb:cc:00:00:b4 (device-0003) via 172.16.0.22 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.246 from aa:bb:cc:00:00:b5 (device-0003) via 172.16.0.247" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.246 to aa:bb:cc:00:00:b5 (device-0003) via 172.16.0.247 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 10.1.0.248 from aa:bb:cc:00:00:b6 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 10.1.0.248 to aa:bb:cc:00:00:b6 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:b7 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPOFFER on 10.1.0.249 to aa:bb:cc:00:00:b7 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.250 from aa:bb:cc:00:00:b8 (device-0003) via 172.16.0.135" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.250 to aa:bb:cc:00:00:b8 (device-0003) via 172.16.0.135 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPREQUEST for 172.16.0.251 from aa:bb:cc:00:00:b9 (device-0052) via 172.16.0.252" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<30>Apr 17 13:07:44 dhcpd[46177]: DHCPACK on 172.16.0.251 to aa:bb:cc:00:00:b9 (device-0052) via 172.16.0.252 [64900]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:44.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:01 via 172.16.0.1" + } + }, + "event": { + "created": "2026-04-17T13:07:44.000Z", + "original": "<27>Apr 17 13:07:44 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:01 via 172.16.0.1: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.0.253 from aa:bb:cc:00:00:ba (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.0.253 to aa:bb:cc:00:00:ba (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.0.254 from aa:bb:cc:00:00:bb (device-0003) via 172.16.0.99" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.0.254 to aa:bb:cc:00:00:bb (device-0003) via 172.16.0.99 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.0.255 from aa:bb:cc:00:00:bc (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.0.255 to aa:bb:cc:00:00:bc (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.0 from aa:bb:cc:00:00:bd (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.0 to aa:bb:cc:00:00:bd (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.1 from aa:bb:cc:00:00:be (device-0053) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.1 to aa:bb:cc:00:00:be (device-0053) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.2 from aa:bb:cc:00:00:bf (device-0003) via 172.16.0.36" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.2 to aa:bb:cc:00:00:bf (device-0003) via 172.16.0.36 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.3 from aa:bb:cc:00:00:c0 (device-0003) via 172.16.0.164" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.3 to aa:bb:cc:00:00:c0 (device-0003) via 172.16.0.164 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:08 via 10.1.0.11" + } + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:08 via 10.1.0.11: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.4 from aa:bb:cc:00:00:c1 (device-0001) via 172.16.0.57" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.4 to aa:bb:cc:00:00:c1 (device-0001) via 172.16.0.57 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.4 from aa:bb:cc:00:00:c1 (device-0001) via 172.16.0.58" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.4 to aa:bb:cc:00:00:c1 (device-0001) via 172.16.0.58 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "bind update on 172.16.1.4 got ack from dhcp-server.example.net" + } + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: bind update on 172.16.1.4 got ack from dhcp-server.example.net: xid mismatch." + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:4b via 172.16.0.107" + } + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:4b via 172.16.0.107: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.5 from aa:bb:cc:00:00:c2 (device-0003) via 172.16.0.36" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.5 to aa:bb:cc:00:00:c2 (device-0003) via 172.16.0.36 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.0.41 from aa:bb:cc:00:00:1b (device-0013) via 10.1.0.13" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.0.41 to aa:bb:cc:00:00:1b (device-0013) via 10.1.0.13 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.6 from aa:bb:cc:00:00:c3 (device-0054) via 10.1.0.45" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.6 to aa:bb:cc:00:00:c3 (device-0054) via 10.1.0.45 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.7 from aa:bb:cc:00:00:c4 (device-0003) via 172.16.0.184" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.7 to aa:bb:cc:00:00:c4 (device-0003) via 172.16.0.184 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.8 from aa:bb:cc:00:00:c5 (device-0055) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.8 to aa:bb:cc:00:00:c5 (device-0055) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.9 from aa:bb:cc:00:00:c6 (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.9 to aa:bb:cc:00:00:c6 (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.10 from aa:bb:cc:00:00:c7 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.10 to aa:bb:cc:00:00:c7 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.0.72 from aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.0.72 to aa:bb:cc:00:00:32 (device-0019) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:0e via 10.1.0.20" + } + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:0e via 10.1.0.20: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:75 via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:75 via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:91 via 172.16.0.199" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPOFFER on 172.16.0.239 to aa:bb:cc:00:00:91 (device-0050) via 172.16.0.199 [3600]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:30 via 10.1.0.70" + } + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:30 via 10.1.0.70: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.11 from aa:bb:cc:00:00:c8 (device-0003) via 172.16.0.6" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.11 to aa:bb:cc:00:00:c8 (device-0003) via 172.16.0.6 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.0.240 (device-0015) from aa:bb:cc:00:00:92 via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.0.240 to aa:bb:cc:00:00:92 (device-0001) via 10.1.0.3 [3600]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.12 from aa:bb:cc:00:00:c9 (device-0003) via 172.16.0.68" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.12 to aa:bb:cc:00:00:c9 (device-0003) via 172.16.0.68 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.13 from aa:bb:cc:00:00:ca (device-0001) via 172.16.0.57" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.13 to aa:bb:cc:00:00:ca (device-0001) via 172.16.0.57 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.13 from aa:bb:cc:00:00:ca (device-0001) via 172.16.0.58" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.13 to aa:bb:cc:00:00:ca (device-0001) via 172.16.0.58 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "bind update on 172.16.1.13 got ack from dhcp-server.example.net" + } + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: bind update on 172.16.1.13 got ack from dhcp-server.example.net: xid mismatch." + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.14 from aa:bb:cc:00:00:cb (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.14 to aa:bb:cc:00:00:cb (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 172.16.1.15 from aa:bb:cc:00:00:cc (device-0003) via 172.16.0.135" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 172.16.1.15 to aa:bb:cc:00:00:cc (device-0003) via 172.16.0.135 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:1d via 10.1.0.42" + } + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<27>Apr 17 13:07:45 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1d via 10.1.0.42: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.0.249 (device-0040) from aa:bb:cc:00:00:b7 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.0.249 to aa:bb:cc:00:00:b7 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.16 from aa:bb:cc:00:00:cd (device-0056) via 10.1.0.11" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.16 to aa:bb:cc:00:00:cd (device-0056) via 10.1.0.11 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPREQUEST for 10.1.1.17 from aa:bb:cc:00:00:ce (device-0057) via 10.1.0.45" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:45.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:45.000Z", + "original": "<30>Apr 17 13:07:45 dhcpd[46177]: DHCPACK on 10.1.1.17 to aa:bb:cc:00:00:ce (device-0057) via 10.1.0.45 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20" + } + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<27>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.18 from aa:bb:cc:00:00:cf (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.18 to aa:bb:cc:00:00:cf (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 10.1.1.19 from aa:bb:cc:00:00:d0 via 10.1.0.129" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 10.1.1.19 to aa:bb:cc:00:00:d0 via 10.1.0.129 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.20 from aa:bb:cc:00:00:d1 (device-0058) via 172.16.1.21" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.20 to aa:bb:cc:00:00:d1 (device-0058) via 172.16.1.21 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.22 from aa:bb:cc:00:00:d2 (device-0003) via 172.16.0.176" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.22 to aa:bb:cc:00:00:d2 (device-0003) via 172.16.0.176 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.23 from aa:bb:cc:00:00:d3 (device-0003) via 172.16.0.176" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.23 to aa:bb:cc:00:00:d3 (device-0003) via 172.16.0.176 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.24 from aa:bb:cc:00:00:d4 (device-0003) via 172.16.0.22" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.24 to aa:bb:cc:00:00:d4 (device-0003) via 172.16.0.22 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:d5 (device-0059) via 10.1.0.235" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPOFFER on 10.1.1.25 to aa:bb:cc:00:00:d5 (device-0060) via 10.1.0.235 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 10.1.1.25 (device-0040) from aa:bb:cc:00:00:d5 (device-0060) via 10.1.0.235" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 10.1.1.25 to aa:bb:cc:00:00:d5 (device-0060) via 10.1.0.235 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.26 from aa:bb:cc:00:00:d6 (device-0003) via 172.16.0.38" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.26 to aa:bb:cc:00:00:d6 (device-0003) via 172.16.0.38 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.27 from aa:bb:cc:00:00:d7 (device-0003) via 172.16.0.99" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.27 to aa:bb:cc:00:00:d7 (device-0003) via 172.16.0.99 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.28 from aa:bb:cc:00:00:d8 (device-0003) via 172.16.0.152" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.28 to aa:bb:cc:00:00:d8 (device-0003) via 172.16.0.152 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.29 from aa:bb:cc:00:00:d9 (device-0003) via 172.16.1.30" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.29 to aa:bb:cc:00:00:d9 (device-0003) via 172.16.1.30 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:1f via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<27>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1f via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:da via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<27>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:da via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 10.1.0.253 from aa:bb:cc:00:00:ba (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 10.1.0.253 to aa:bb:cc:00:00:ba (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:21 via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<27>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:21 via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.31 from aa:bb:cc:00:00:db (device-0003) via 172.16.0.6" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.31 to aa:bb:cc:00:00:db (device-0003) via 172.16.0.6 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:31 via 10.1.0.71" + } + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<27>Apr 17 13:07:46 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:31 via 10.1.0.71: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.32 from aa:bb:cc:00:00:dc (device-0003) via 172.16.0.36" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.32 to aa:bb:cc:00:00:dc (device-0003) via 172.16.0.36 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 10.1.0.25 from aa:bb:cc:00:00:11 (device-0008) via 10.1.0.26" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 10.1.0.25 to aa:bb:cc:00:00:11 (device-0008) via 10.1.0.26 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.33 from aa:bb:cc:00:00:dd (device-0003) via 172.16.1.34" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.33 to aa:bb:cc:00:00:dd (device-0003) via 172.16.1.34 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPREQUEST for 172.16.1.35 from aa:bb:cc:00:00:de (device-0003) via 172.16.0.184" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:46.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:46.000Z", + "original": "<30>Apr 17 13:07:46 dhcpd[46177]: DHCPACK on 172.16.1.35 to aa:bb:cc:00:00:de (device-0003) via 172.16.0.184 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.36 from aa:bb:cc:00:00:df (device-0003) via 172.16.0.247" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.36 to aa:bb:cc:00:00:df (device-0003) via 172.16.0.247 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:3b via 10.1.0.84" + } + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<27>Apr 17 13:07:47 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:3b via 10.1.0.84: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.37 from aa:bb:cc:00:00:e0 (device-0003) via 172.16.0.68" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.37 to aa:bb:cc:00:00:e0 (device-0003) via 172.16.0.68 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.38 from aa:bb:cc:00:00:e1 (device-0003) via 172.16.0.49" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.38 to aa:bb:cc:00:00:e1 (device-0003) via 172.16.0.49 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 10.1.1.39 from aa:bb:cc:00:00:e2 (device-0061) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 10.1.1.39 to aa:bb:cc:00:00:e2 (device-0061) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:9c via 172.16.0.211" + } + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<27>Apr 17 13:07:47 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9c via 172.16.0.211: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.40 from aa:bb:cc:00:00:e3 (device-0003) via 172.16.0.36" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.40 to aa:bb:cc:00:00:e3 (device-0003) via 172.16.0.36 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.41 from aa:bb:cc:00:00:e4 (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.41 to aa:bb:cc:00:00:e4 (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.42 from aa:bb:cc:00:00:e5 (device-0003) via 172.16.0.160" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.42 to aa:bb:cc:00:00:e5 (device-0003) via 172.16.0.160 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.43 from aa:bb:cc:00:00:e6 (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.43 to aa:bb:cc:00:00:e6 (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.44 from aa:bb:cc:00:00:e7 (device-0003) via 172.16.0.22" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.44 to aa:bb:cc:00:00:e7 (device-0003) via 172.16.0.22 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:e8 via 172.16.0.107" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.45 from aa:bb:cc:00:00:e9 (device-0003) via 172.16.0.15" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.45 to aa:bb:cc:00:00:e9 (device-0003) via 172.16.0.15 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.46 from aa:bb:cc:00:00:ea (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.46 to aa:bb:cc:00:00:ea (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 10.1.0.19 from aa:bb:cc:00:00:0d (device-0007) via 10.1.0.13" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 10.1.0.19 to aa:bb:cc:00:00:0d (device-0007) via 10.1.0.13 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.47 from aa:bb:cc:00:00:eb (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.47 to aa:bb:cc:00:00:eb (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 10.1.1.48 from aa:bb:cc:00:00:ec (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 10.1.1.48 to aa:bb:cc:00:00:ec (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.49 from aa:bb:cc:00:00:ed via 172.16.1.50" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.49 to aa:bb:cc:00:00:ed via 172.16.1.50 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.51 from aa:bb:cc:00:00:ee (device-0003) via 172.16.1.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.51 to aa:bb:cc:00:00:ee (device-0003) via 172.16.1.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.53 from aa:bb:cc:00:00:ef (device-0003) via 172.16.0.234" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.53 to aa:bb:cc:00:00:ef (device-0003) via 172.16.0.234 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 10.1.1.54 from aa:bb:cc:00:00:f0 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 10.1.1.54 to aa:bb:cc:00:00:f0 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:f1 via 172.16.1.55" + } + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<27>Apr 17 13:07:47 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:f1 via 172.16.1.55: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.56 from aa:bb:cc:00:00:f2 (device-0003) via 172.16.1.34" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.56 to aa:bb:cc:00:00:f2 (device-0003) via 172.16.1.34 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.57 from aa:bb:cc:00:00:f3 (device-0062) via 172.16.0.172" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.57 to aa:bb:cc:00:00:f3 (device-0062) via 172.16.0.172 [65452]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 172.16.1.58 from aa:bb:cc:00:00:f4 (device-0003) via 172.16.0.145" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 172.16.1.58 to aa:bb:cc:00:00:f4 (device-0003) via 172.16.0.145 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPREQUEST for 10.1.1.59 from aa:bb:cc:00:00:f5 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:47.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:47.000Z", + "original": "<30>Apr 17 13:07:47 dhcpd[46177]: DHCPACK on 10.1.1.59 to aa:bb:cc:00:00:f5 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.60 from aa:bb:cc:00:00:f6 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.60 to aa:bb:cc:00:00:f6 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.61 from aa:bb:cc:00:00:f7 (device-0003) via 172.16.0.176" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.61 to aa:bb:cc:00:00:f7 (device-0003) via 172.16.0.176 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.62 from aa:bb:cc:00:00:f8 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.62 to aa:bb:cc:00:00:f8 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:a3 via 172.16.0.221" + } + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<27>Apr 17 13:07:48 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:a3 via 172.16.0.221: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.63 from aa:bb:cc:00:00:f9 (device-0003) via 172.16.0.38" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.63 to aa:bb:cc:00:00:f9 (device-0003) via 172.16.0.38 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.0.92 from aa:bb:cc:00:00:41 (device-0024) via 10.1.0.93" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.0.92 to aa:bb:cc:00:00:41 (device-0024) via 10.1.0.93 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.64 from aa:bb:cc:00:00:fa via 10.1.1.65" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.64 to aa:bb:cc:00:00:fa via 10.1.1.65 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.66 from aa:bb:cc:00:00:fb (device-0003) via 172.16.0.116" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.66 to aa:bb:cc:00:00:fb (device-0003) via 172.16.0.116 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.67 from aa:bb:cc:00:00:fc (device-0003) via 172.16.0.49" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.67 to aa:bb:cc:00:00:fc (device-0003) via 172.16.0.49 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.68 from aa:bb:cc:00:00:fd (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.68 to aa:bb:cc:00:00:fd (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:fe via 172.16.1.69" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:ff via 10.1.1.70" + } + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<27>Apr 17 13:07:48 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:ff via 10.1.1.70: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPOFFER on 172.16.1.71 to aa:bb:cc:00:00:e8 (device-0063) via 172.16.0.107 [3599]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.72 from aa:bb:cc:00:01:00 (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.72 to aa:bb:cc:00:01:00 (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:75 via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<27>Apr 17 13:07:48 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:75 via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.73 from aa:bb:cc:00:01:01 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.73 to aa:bb:cc:00:01:01 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.74 from aa:bb:cc:00:01:02 (device-0003) via 172.16.0.86" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.74 to aa:bb:cc:00:01:02 (device-0003) via 172.16.0.86 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.75 from aa:bb:cc:00:01:03 (device-0003) via 172.16.0.17" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.75 to aa:bb:cc:00:01:03 (device-0003) via 172.16.0.17 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.76 from aa:bb:cc:00:01:04 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.76 to aa:bb:cc:00:01:04 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.77 (device-0040) from aa:bb:cc:00:00:92 via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.77 to aa:bb:cc:00:00:92 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.78 from aa:bb:cc:00:01:05 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.78 to aa:bb:cc:00:01:05 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.0.108 from aa:bb:cc:00:00:4c (device-0027) via 10.1.0.109" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.0.108 to aa:bb:cc:00:00:4c (device-0027) via 10.1.0.109 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 10.1.1.79 from aa:bb:cc:00:01:06 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 10.1.1.79 to aa:bb:cc:00:01:06 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPREQUEST for 172.16.1.80 from aa:bb:cc:00:01:07 (device-0003) via 172.16.1.81" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:48.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:48.000Z", + "original": "<30>Apr 17 13:07:48 dhcpd[46177]: DHCPACK on 172.16.1.80 to aa:bb:cc:00:01:07 (device-0003) via 172.16.1.81 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20" + } + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<27>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:1c via 10.1.0.20: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 10.1.0.118 from aa:bb:cc:00:00:53 (device-0029) via 10.1.0.119" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 10.1.0.118 to aa:bb:cc:00:00:53 (device-0029) via 10.1.0.119 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.1.82 from aa:bb:cc:00:01:08 (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.1.82 to aa:bb:cc:00:01:08 (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.1.83 from aa:bb:cc:00:01:09 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.1.83 to aa:bb:cc:00:01:09 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.1.84 from aa:bb:cc:00:01:0a (device-0003) via 172.16.1.85" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.1.84 to aa:bb:cc:00:01:0a (device-0003) via 172.16.1.85 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:01:0b via 172.16.1.86" + } + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<27>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:01:0b via 172.16.1.86: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.1.87 from aa:bb:cc:00:01:0c (device-0003) via 172.16.0.124" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.1.87 to aa:bb:cc:00:01:0c (device-0003) via 172.16.0.124 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.0.5 from aa:bb:cc:00:00:04 (device-0003) via 172.16.0.6" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.0.5 to aa:bb:cc:00:00:04 (device-0003) via 172.16.0.6 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 10.1.1.88 from aa:bb:cc:00:01:0d (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 10.1.1.88 to aa:bb:cc:00:01:0d (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.0.14 from aa:bb:cc:00:00:0a (device-0003) via 172.16.0.15" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.0.14 to aa:bb:cc:00:00:0a (device-0003) via 172.16.0.15 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 10.1.1.89 from aa:bb:cc:00:01:0e (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 10.1.1.89 to aa:bb:cc:00:01:0e (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPOFFER on 172.16.1.90 to aa:bb:cc:00:00:fe (device-0064) via 172.16.1.69 [3599]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:fe via 172.16.1.69" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPOFFER on 172.16.1.90 to aa:bb:cc:00:00:fe (device-0064) via 172.16.1.69 [3600]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:da via 172.16.0.44" + } + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<27>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:da via 172.16.0.44: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.0.21 from aa:bb:cc:00:00:0f (device-0003) via 172.16.0.22" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.0.21 to aa:bb:cc:00:00:0f (device-0003) via 172.16.0.22 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 10.1.1.91 from aa:bb:cc:00:01:0f (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 10.1.1.91 to aa:bb:cc:00:01:0f (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 172.16.0.23 from aa:bb:cc:00:00:10 (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 172.16.0.23 to aa:bb:cc:00:00:10 (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:01:10 via 10.1.0.129" + } + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<27>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:01:10 via 10.1.0.129: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:4b via 172.16.0.107" + } + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<27>Apr 17 13:07:49 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:4b via 172.16.0.107: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPREQUEST for 10.1.1.92 from aa:bb:cc:00:01:11 (device-0065) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:49.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:49.000Z", + "original": "<30>Apr 17 13:07:49 dhcpd[46177]: DHCPACK on 10.1.1.92 to aa:bb:cc:00:01:11 (device-0065) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:9f via 172.16.0.215" + } + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<27>Apr 17 13:07:50 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9f via 172.16.0.215: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.35 from aa:bb:cc:00:00:18 (device-0003) via 172.16.0.36" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.35 to aa:bb:cc:00:00:18 (device-0003) via 172.16.0.36 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.37 from aa:bb:cc:00:00:19 (device-0003) via 172.16.0.38" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.37 to aa:bb:cc:00:00:19 (device-0003) via 172.16.0.38 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.93 from aa:bb:cc:00:01:12 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.93 to aa:bb:cc:00:01:12 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.39 from aa:bb:cc:00:00:1a (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.39 to aa:bb:cc:00:00:1a (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:9c via 172.16.0.211" + } + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<27>Apr 17 13:07:50 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9c via 172.16.0.211: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.94 from aa:bb:cc:00:01:13 (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.94 to aa:bb:cc:00:01:13 (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPREQUEST for 172.16.0.136 (device-0015) from aa:bb:cc:00:00:61 via 172.16.0.137" + } + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.136 (device-0015) from aa:bb:cc:00:00:61 via 172.16.0.137: unknown lease 172.16.0.136." + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.0.149 from aa:bb:cc:00:00:6b (device-0034) via 10.1.0.150" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.0.149 to aa:bb:cc:00:00:6b (device-0034) via 10.1.0.150 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.95 from aa:bb:cc:00:01:14 via lagg1" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.95 to aa:bb:cc:00:01:14 via lagg1 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.96 from aa:bb:cc:00:01:15 (device-0066) via lagg1" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.96 to aa:bb:cc:00:01:15 (device-0066) via lagg1 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.48 from aa:bb:cc:00:00:23 (device-0003) via 172.16.0.49" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.48 to aa:bb:cc:00:00:23 (device-0003) via 172.16.0.49 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.53 from aa:bb:cc:00:00:25 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.53 to aa:bb:cc:00:00:25 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.51 from aa:bb:cc:00:00:24 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.51 to aa:bb:cc:00:00:24 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.54 from aa:bb:cc:00:00:26 (device-0003) via 172.16.0.55" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.54 to aa:bb:cc:00:00:26 (device-0003) via 172.16.0.55 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.97 from aa:bb:cc:00:01:16 (device-0067) via 10.1.0.45" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.97 to aa:bb:cc:00:01:16 (device-0067) via 10.1.0.45 [65483]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.98 from aa:bb:cc:00:01:17 (device-0068) via lagg1" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.98 to aa:bb:cc:00:01:17 (device-0068) via lagg1 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.61 from aa:bb:cc:00:00:29 (device-0003) via 172.16.0.62" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.61 to aa:bb:cc:00:00:29 (device-0003) via 172.16.0.62 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:30 via 10.1.0.70" + } + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<27>Apr 17 13:07:50 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:30 via 10.1.0.70: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.64 from aa:bb:cc:00:00:2b (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.64 to aa:bb:cc:00:00:2b (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.65 from aa:bb:cc:00:00:2c (device-0003) via 172.16.0.40" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.65 to aa:bb:cc:00:00:2c (device-0003) via 172.16.0.40 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.99 from aa:bb:cc:00:01:18 (device-0069) via 10.1.1.100" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.99 to aa:bb:cc:00:01:18 (device-0069) via 10.1.1.100 [55932]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:01:19 via 10.1.1.101" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPOFFER on 10.1.1.102 to aa:bb:cc:00:01:19 via 10.1.1.101 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.102 (device-0015) from aa:bb:cc:00:01:19 via 10.1.1.101" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.102 to aa:bb:cc:00:01:19 via 10.1.1.101 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.103 from aa:bb:cc:00:01:1a (device-0001) via 172.16.0.57" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.103 to aa:bb:cc:00:01:1a (device-0001) via 172.16.0.57 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.103 from aa:bb:cc:00:01:1a (device-0001) via 172.16.0.58" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.103 to aa:bb:cc:00:01:1a (device-0001) via 172.16.0.58 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "bind update on 172.16.1.103 got ack from dhcp-server.example.net" + } + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: bind update on 172.16.1.103 got ack from dhcp-server.example.net: xid mismatch." + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.0.67 from aa:bb:cc:00:00:2e (device-0003) via 172.16.0.68" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.0.67 to aa:bb:cc:00:00:2e (device-0003) via 172.16.0.68 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.104 from aa:bb:cc:00:01:1b (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.104 to aa:bb:cc:00:01:1b (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.105 from aa:bb:cc:00:01:1c (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.105 to aa:bb:cc:00:01:1c (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 10.1.1.106 from aa:bb:cc:00:01:1d (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 10.1.1.106 to aa:bb:cc:00:01:1d (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "DHCPDISCOVER from aa:bb:cc:00:00:9f via 172.16.0.215" + } + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<27>Apr 17 13:07:50 dhcpd[46177]: DHCPDISCOVER from aa:bb:cc:00:00:9f via 172.16.0.215: peer holds all free leases" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 27 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.107 from aa:bb:cc:00:01:1e (device-0070) via 172.16.0.57" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.107 to aa:bb:cc:00:01:1e (device-0070) via 172.16.0.57 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPREQUEST for 172.16.1.107 from aa:bb:cc:00:01:1e (device-0070) via 172.16.0.58" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:50.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:50.000Z", + "original": "<30>Apr 17 13:07:50 dhcpd[46177]: DHCPACK on 172.16.1.107 to aa:bb:cc:00:01:1e (device-0070) via 172.16.0.58 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: DHCPREQUEST for 172.16.0.73 from aa:bb:cc:00:00:33 (device-0003) via 172.16.0.52" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: DHCPACK on 172.16.0.73 to aa:bb:cc:00:00:33 (device-0003) via 172.16.0.52 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: DHCPREQUEST for 10.1.1.89 from aa:bb:cc:00:01:0e (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: DHCPACK on 10.1.1.89 to aa:bb:cc:00:01:0e (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "service_name": "bind update on 172.16.1.107 got ack from dhcp-server.example.net" + } + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: bind update on 172.16.1.107 got ack from dhcp-server.example.net: xid mismatch." + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: DHCPREQUEST for 10.1.1.108 from aa:bb:cc:00:01:1f (device-0001) via 10.1.0.3" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: DHCPACK on 10.1.1.108 to aa:bb:cc:00:01:1f (device-0001) via 10.1.0.3 [28800]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: DHCPREQUEST for 172.16.0.75 from aa:bb:cc:00:00:35 (device-0003) via 172.16.0.76" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: DHCPACK on 172.16.0.75 to aa:bb:cc:00:00:35 (device-0003) via 172.16.0.76 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: DHCPREQUEST for 172.16.0.77 from aa:bb:cc:00:00:36 (device-0003) via 172.16.0.24" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + }, + { + "@timestamp": "2026-04-17T13:07:51.000Z", + "ecs": { + "version": "8.11.0" + }, + "event": { + "created": "2026-04-17T13:07:51.000Z", + "original": "<30>Apr 17 13:07:51 dhcpd[46177]: DHCPACK on 172.16.0.77 to aa:bb:cc:00:00:36 (device-0003) via 172.16.0.24 [86400]" + }, + "host": { + "name": "dhcpd[46177]:" + }, + "log": { + "syslog": { + "priority": 30 + } + } + } + ] +} diff --git a/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dns.log b/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dns.log new file mode 100644 index 00000000000..1121e13b74e --- /dev/null +++ b/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dns.log @@ -0,0 +1,2000 @@ +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.42#56474: query: euc-common.online.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.42#56474 (euc-common.online.office.com.): answer: euc-common.online.office.com. IN A (10.100.0.1) -> NOERROR 258 CNAME euc-common-geo.wac.trafficmanager.net. 5 CNAME euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 35 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.235 18 A 198.51.100.236 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.165#59650: query: login.microsoftonline.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.165#59650 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.64#50108: query: dns.msftncsi.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.64#50108 (dns.msftncsi.com.): answer: dns.msftncsi.com. IN A (10.100.0.1) -> NOERROR 8 A 198.51.100.215 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.74#62956: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.74#62956 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.105#56853: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.105#56853 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.168#63721: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.168#63721 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56127: query: www.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56127 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.248 115 A 198.51.100.244 115 A 198.51.100.249 115 A 198.51.100.246 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52551: query: z-p42-instagram.c10r.instagram.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#53130: query: z-p42-instagram.c10r.instagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#53130 (z-p42-instagram.c10r.instagram.com.): answer: z-p42-instagram.c10r.instagram.com. IN A (10.100.0.1) -> NOERROR 41 A 198.51.100.29 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#53312: query: app-measurement.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#53312 (app-measurement.com.): answer: app-measurement.com. IN A (10.100.0.1) -> NOERROR 177 A 198.51.100.253 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.95#63787: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.95#63787 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.75#60720: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.75#60720 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.75#59046: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.75#59046 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#56258: query: view.adjust.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52551 (z-p42-instagram.c10r.instagram.com.): answer: z-p42-instagram.c10r.instagram.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.26#50433: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.26#50433 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.101#51741: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.101#51741 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#49021: query: pub-ent-frce-03-t.trouter.teams.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#49021 (pub-ent-frce-03-t.trouter.teams.microsoft.com.): answer: pub-ent-frce-03-t.trouter.teams.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 678 CNAME partition-cname-trouter.pub-ent-frce-03.ic3-edf-trouter.francecentral-prod.cosmic.office.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#37741: query: pub-ent-frce-03-t.trouter.teams.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#37741 (pub-ent-frce-03-t.trouter.teams.microsoft.com.): answer: pub-ent-frce-03-t.trouter.teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 679 CNAME partition-cname-trouter.pub-ent-frce-03.ic3-edf-trouter.francecentral-prod.cosmic.office.net. 16 CNAME cosmic-francecentral-ns-e44da0a10bd2.trafficmanager.net. 7 CNAME partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#56258 (view.adjust.com.): answer: view.adjust.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.213#56340: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.213#56340 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.179#50604: query: connect.epicgames.dev IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.86#58372: query: login.microsoftonline.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.86#58372 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.140#64819: query: rr1---sn-4g5lznsl.googlevideo.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.140#64819 (rr1---sn-4g5lznsl.googlevideo.com.): answer: rr1---sn-4g5lznsl.googlevideo.com. IN A (10.100.0.1) -> NOERROR 1658 CNAME rr1.sn-4g5lznsl.googlevideo.com. 1658 A 198.51.100.78 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.148#43768: query: www.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.148#43768 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.246 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 115 A 198.51.100.248 115 A 198.51.100.244 115 A 198.51.100.249 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.118#39600: query: connectivitycheck.gstatic.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.118#39600 (connectivitycheck.gstatic.com.): answer: connectivitycheck.gstatic.com. IN A (10.100.0.1) -> NOERROR 84 A 198.51.100.239 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.118#39600: query: connectivitycheck.gstatic.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.118#39600 (connectivitycheck.gstatic.com.): answer: connectivitycheck.gstatic.com. IN AAAA (10.100.0.1) -> NOERROR 84 AAAA fd12:3456:789a::1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#59895: query: teams.cloud.microsoft IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#59895 (teams.cloud.microsoft.): answer: teams.cloud.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR 70 CNAME teams-cloud-microsoft.s-0005.dual-s-msedge.net. 18 CNAME s-0005.dual-s-msedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#64296: query: teams.cloud.microsoft IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#64296 (teams.cloud.microsoft.): answer: teams.cloud.microsoft. IN A (10.100.0.1) -> NOERROR 69 CNAME teams-cloud-microsoft.s-0005.dual-s-msedge.net. 17 CNAME s-0005.dual-s-msedge.net. 24 A 198.51.100.251 24 A 198.51.100.252 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.58#59666: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.58#59666 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.58#50350: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.58#50350 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.73#52430: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.73#52430 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397: query: host002.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.237#62629: query: host003.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.237#62629 (host003.example.net.): answer: host003.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.236 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#52405: query: mask.icloud.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#52405 (mask.icloud.com.): answer: mask.icloud.com. IN TYPE65 (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.79#58430: query: host004.host004.host004.host004.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.79#58430 (host004.host004.host004.host004.example.net.): answer: host004.host004.host004.host004.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host005.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#60314: query: mask.icloud.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#60314 (mask.icloud.com.): answer: mask.icloud.com. IN A (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. 3 A 198.51.100.43 3 A 198.51.100.44 3 A 198.51.100.40 3 A 198.51.100.47 3 A 198.51.100.42 3 A 198.51.100.41 3 A 198.51.100.45 3 A 198.51.100.46 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56616: query: host006.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56616 (host006.example.net.): answer: host006.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#60173: query: host007.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#60173: query: host007.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#60173 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#60173 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397 (host002.example.net.): answer: host002.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#54708: query: 198.51.100.39.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#54708 (198.51.100.39.in-addr.arpa.): answer: 198.51.100.39.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host009.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.181#59494: query: res.public.onecdn.static.microsoft IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.181#59494 (res.public.onecdn.static.microsoft.): answer: res.public.onecdn.static.microsoft. IN A (10.100.0.1) -> NOERROR 282 CNAME res-ocdi-public.trafficmanager.net. 87 CNAME res-1.public.onecdn.static.microsoft. 19 CNAME res-ocdi-stls-prod.edgesuite.net. 119 CNAME a434.dscd.akamai.net. 14 A 198.51.100.76 14 A 198.51.100.69 14 A 198.51.100.74 14 A 198.51.100.64 14 A 198.51.100.70 14 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.122#49665: query: stream-production.avcdn.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.22#54200: query: host010.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.22#54200 (host010.example.net.): answer: host010.example.net. IN A (10.100.0.1) -> NOERROR 900 A 10.1.1.7 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066: query: host011.host011.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#52650: query: refinery2fa.afaspocket.nl IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#52650 (refinery2fa.afaspocket.nl.): answer: refinery2fa.afaspocket.nl. IN TYPE65 (10.100.0.1) -> NOERROR 2562 CNAME refinery2fa-afaspocket-nl.trafficmanager.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#50566: query: refinery2fa.afaspocket.nl IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#61113: query: mask.apple-dns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#61113 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.182#61204: query: graph.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.182#61204 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 122 A 198.51.100.141 122 A 198.51.100.210 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.33#64388: query: eu-teams.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.33#64388 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.33#52928: query: eu-teams.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.33#52928 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.56#52730: query: edge.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.56#52730 (edge.microsoft.com.): answer: edge.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.92#57947: query: host010.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.92#57947 (host010.example.net.): answer: host010.example.net. IN A (10.100.0.1) -> NOERROR 900 A 10.1.1.7 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.56#56409: query: edge.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.56#56409 (edge.microsoft.com.): answer: edge.microsoft.com. IN A (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. 80 CNAME ax-0002.ax-dc-msedge.net. 5 A 198.51.100.4 5 A 198.51.100.3 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.197#56096: query: host012.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.197#33276: query: host012.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.197#33276 (host012.example.net.): answer: host012.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.197#56096 (host012.example.net.): answer: host012.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.196 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#56832: query: play.playr.biz IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#56832 (play.playr.biz.): answer: play.playr.biz. IN A (10.100.0.1) -> NOERROR 1517 A 198.51.100.21 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#57258: query: host013.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#57258 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#57258: query: host013.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#57258 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.179#50604 (connect.epicgames.dev.): answer: connect.epicgames.dev. IN A (10.100.0.1) -> NOERROR 241 CNAME weighted-epic-connect-manager-prod.epicgames.dev. 60 A 198.51.100.13 60 A 198.51.100.82 60 A 198.51.100.3 60 A 198.51.100.22 60 A 198.51.100.187 60 A 198.51.100.186 60 A 198.51.100.15 60 A 198.51.100.19 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#64939: query: play.playr.biz IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#64939 (play.playr.biz.): answer: play.playr.biz. IN A (10.100.0.1) -> NOERROR 1517 A 198.51.100.21 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#50161: query: cdn.jsdelivr.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#50161 (cdn.jsdelivr.net.): answer: cdn.jsdelivr.net. IN A (10.100.0.1) -> NOERROR 263 CNAME cdn.jsdelivr.net.cdn.cloudflare.net. 196 A 198.51.100.201 196 A 198.51.100.200 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#53178: query: cdn.jsdelivr.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#53178 (cdn.jsdelivr.net.): answer: cdn.jsdelivr.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#57252: query: host014.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#57252 (host014.example.net.): answer: host014.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.251 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#49550: query: host014.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#49550 (host014.example.net.): answer: host014.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.83#50183: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.83#50183 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.28#58990: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.28#58990 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.122#49665 (stream-production.avcdn.net.): answer: stream-production.avcdn.net. IN A (10.100.0.1) -> NOERROR 181 CNAME stream-production.avcdn.net.akamaized.net. 5470 CNAME a6143.dscd.akamai.net. 20 A 198.51.100.58 20 A 198.51.100.74 20 A 198.51.100.67 20 A 198.51.100.60 20 A 198.51.100.75 20 A 198.51.100.66 20 A 198.51.100.72 20 A 198.51.100.77 20 A 198.51.100.62 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.133#58488: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.133#58488 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.97#58799: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.97#58799 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.208#57653: query: example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.177#63489: query: gew4-spclient.spotify.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.177#63489 (gew4-spclient.spotify.com.): answer: gew4-spclient.spotify.com. IN A (10.100.0.1) -> NOERROR 138 CNAME edge-web-gew4.dual-gslb.spotify.com. 37 A 198.51.100.202 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.208#57653 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.177#51056: query: gew4-spclient.spotify.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.177#51056 (gew4-spclient.spotify.com.): answer: gew4-spclient.spotify.com. IN TYPE65 (10.100.0.1) -> NOERROR 139 CNAME edge-web-gew4.dual-gslb.spotify.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#43650: query: host016.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#43650 (host016.example.net.): answer: host016.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066 (host011.host011.example.net.): answer: host011.host011.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#51709: query: host016.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#51709 (host016.example.net.): answer: host016.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.252 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59119: query: host017.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.251#31139: query: 198.51.100.79.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59119 (host017.example.net.): answer: host017.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#58215: query: gateway.facebook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#58215 (gateway.facebook.com.): answer: gateway.facebook.com. IN A (10.100.0.1) -> NOERROR 1121 CNAME dgw.c10r.facebook.com. 33 A 198.51.100.26 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.251#31139 (198.51.100.79.in-addr.arpa.): answer: 198.51.100.79.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host018.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#65408: query: edge-mqtt.facebook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#65408 (edge-mqtt.facebook.com.): answer: edge-mqtt.facebook.com. IN A (10.100.0.1) -> NOERROR 44 CNAME mqtt.c10r.facebook.com. 1 A 198.51.100.25 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.78#59607: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.78#59607 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#58225: query: europe.smartscreen.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#58225 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#50093: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#50093 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#49228: query: refinery2fa-afaspocket-nl.trafficmanager.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.72#62166: query: default._dante-ddm-d._udp IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.72#62166 (default._dante-ddm-d._udp.): answer: default._dante-ddm-d._udp. IN SRV (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.84#51692: query: host019.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.84#51692 (host019.example.net.): answer: host019.example.net. IN A (10.100.0.1) -> NOERROR 180 A 10.1.1.8 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56703: query: host020.host020.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56703 (host020.host020.example.net.): answer: host020.host020.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.252#42821: query: 198.51.100.79.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.252#42821 (198.51.100.79.in-addr.arpa.): answer: 198.51.100.79.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host018.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#56402: query: mask.apple-dns.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#56402 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN A (10.100.0.1) -> NOERROR 3 A 198.51.100.41 3 A 198.51.100.47 3 A 198.51.100.44 3 A 198.51.100.40 3 A 198.51.100.42 3 A 198.51.100.43 3 A 198.51.100.46 3 A 198.51.100.45 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#63701: query: mask.apple-dns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#63701 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.71#65086: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.71#65086 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#49348: query: lb._dns-sd._udp.198.51.100.113.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#49348 (lb._dns-sd._udp.198.51.100.113.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.113.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#53868: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#55797: query: host021.host021.host021.example.net IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#53868 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#55797 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.181#63814: query: cctypekit.adobe.io IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.84#51692: query: host022.host022.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.84#51692 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397: query: host024.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397 (host024.example.net.): answer: host024.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#50566 (refinery2fa.afaspocket.nl.): answer: refinery2fa.afaspocket.nl. IN A (10.100.0.1) -> NOERROR 2563 CNAME refinery2fa-afaspocket-nl.trafficmanager.net. 60 CNAME pocketapi2fa.azurewebsites.net. 30 CNAME waws-prod-am2-025a.sip.azurewebsites.windows.net. 2653 CNAME waws-prod-am2-025.westeurope.cloudapp.azure.com. 4 A 198.51.100.207 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.181#63814 (cctypekit.adobe.io.): answer: cctypekit.adobe.io. IN A (10.100.0.1) -> NOERROR 16 CNAME cctypekit.adobe.io.edgekey.net. 7530 CNAME e364363.dscg.akamaiedge.net. 20 A 198.51.100.124 20 A 198.51.100.128 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.68#58264: query: metadata.google.internal IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.68#58264 (metadata.google.internal.): answer: metadata.google.internal. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.143#50982: query: contacts.fe2.apple-dns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.143#50982 (contacts.fe2.apple-dns.net.): answer: contacts.fe2.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.143#60326: query: contacts.fe2.apple-dns.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.143#60326 (contacts.fe2.apple-dns.net.): answer: contacts.fe2.apple-dns.net. IN A (10.100.0.1) -> NOERROR 66 A 198.51.100.50 66 A 198.51.100.49 66 A 198.51.100.48 66 A 198.51.100.51 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#56323: query: 198.51.100.0.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#56323 (198.51.100.0.in-addr.arpa.): answer: 198.51.100.0.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 1800 PTR host025.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#52617: query: 198.51.100.0.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066: query: host026.host026.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#52617 (198.51.100.0.in-addr.arpa.): answer: 198.51.100.0.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 1800 PTR host025.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#52256: query: messaging.engagement.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#52256 (messaging.engagement.office.com.): answer: messaging.engagement.office.com. IN A (10.100.0.1) -> NOERROR 121 CNAME prod-campaignaggregator.omexexternallfb.office.net.akadns.net. 7 A 198.51.100.250 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#60503: query: lb._dns-sd._udp.198.51.100.47.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#52052: query: host021.host021.host021.example.net IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#59573: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#60503 (lb._dns-sd._udp.198.51.100.47.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.47.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#52052 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#59573 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#56353: query: lb._dns-sd._udp.198.51.100.37.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#56353 (lb._dns-sd._udp.198.51.100.37.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.37.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#58516: query: lb._dns-sd._udp.198.51.100.180.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#58516 (lb._dns-sd._udp.198.51.100.180.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.180.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#62521: query: eu-office.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#62521 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#52556: query: eu-office.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#52556 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066 (host026.host026.example.net.): answer: host026.host026.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#44471: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#44471 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#49228 (refinery2fa-afaspocket-nl.trafficmanager.net.): answer: refinery2fa-afaspocket-nl.trafficmanager.net. IN TYPE65 (10.100.0.1) -> NOERROR 60 CNAME pocketapi2fa.azurewebsites.net. 30 CNAME waws-prod-am2-025a.sip.azurewebsites.windows.net. 2653 CNAME waws-prod-am2-025.westeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.232#65045: query: host027.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.232#65045: query: host027.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.232#65045 (host027.example.net.): answer: host027.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.0 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.232#65045 (host027.example.net.): answer: host027.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.203#56268: query: example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.82#64639: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.203#56268 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.82#64639 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.123#56811: query: v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.123#56811 (v20.events.data.microsoft.com.): answer: v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 13 CNAME win-global-asimov-leafs-events-data.trafficmanager.net. 6 CNAME onedscolprdeus11.eastus.cloudapp.azure.com. 5 A 198.51.100.154 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56703: query: host028.host028.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.157#63185: query: auth.deepl.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.157#63185 (auth.deepl.com.): answer: auth.deepl.com. IN A (10.100.0.1) -> NOERROR 36 CNAME fal-lb.deepl.com. 13 A 198.51.100.110 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.179#61269: query: ssl.gstatic.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.147#64393: query: aws-proxy-gcp.api.sc-gw.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.147#64393 (aws-proxy-gcp.api.sc-gw.com.): answer: aws-proxy-gcp.api.sc-gw.com. IN A (10.100.0.1) -> NOERROR 42 A 198.51.100.204 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.172#51399: query: login.microsoftonline.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.172#51399 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 99 A 198.51.100.145 99 A 198.51.100.147 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.85#49803: query: oauth.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.85#49803 (oauth.officeapps.live.com.): answer: oauth.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 52 CNAME oauth-geo.wac.trafficmanager.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.59#63597: query: pneumandit.azure-devices.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.85#52241: query: oauth.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.85#52241 (oauth.officeapps.live.com.): answer: oauth.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 52 CNAME oauth-geo.wac.trafficmanager.net. 57 CNAME oauth.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 12 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.235 18 A 198.51.100.236 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.117#59549: query: mask.apple-dns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.117#59549 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.117#56472: query: mask.apple-dns.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.117#56472 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN A (10.100.0.1) -> NOERROR 3 A 198.51.100.40 3 A 198.51.100.42 3 A 198.51.100.43 3 A 198.51.100.46 3 A 198.51.100.45 3 A 198.51.100.41 3 A 198.51.100.47 3 A 198.51.100.44 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.109#56557: query: cc-api-data.adobe.io IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.109#56557 (cc-api-data.adobe.io.): answer: cc-api-data.adobe.io. IN A (10.100.0.1) -> NOERROR 48 CNAME cc-api-data-ew1.adobe.io. 10 CNAME ethos.dunamis.ethos508-prod-va6.ethos.adobe.net. 56 CNAME dunamis-ethos508-prod-va6-856defacfb833db1.elb.us-east-1.amazonaws.com. 7 A 198.51.100.2 7 A 198.51.100.196 7 A 198.51.100.5 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#37155: query: host007.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#37155 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56703 (host028.host028.example.net.): answer: host028.host028.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.215#54418: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.215#54418 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.179#61269 (ssl.gstatic.com.): answer: ssl.gstatic.com. IN AAAA (10.100.0.1) -> NOERROR 116 AAAA fd12:3456:789a::1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.59#63597 (pneumandit.azure-devices.net.): answer: pneumandit.azure-devices.net. IN A (10.100.0.1) -> NOERROR 598 CNAME gateway-prod-gw-westeurope-5-g2.westeurope.cloudapp.azure.com. 8 A 198.51.100.0 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#36016: query: host008.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#36016 (host008.example.net.): answer: host008.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.164#56989: query: host029.host029.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.164#56989 (host029.host029.example.net.): answer: host029.host029.example.net. IN A (10.100.0.1) -> NOERROR 0 A 10.1.1.29 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397: query: host030.host030.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.99#64841: query: host022.host022.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.99#64841 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066: query: wpad.canbus.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#60425: query: dms.licdn.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#60425 (dms.licdn.com.): answer: dms.licdn.com. IN TYPE65 (10.100.0.1) -> NOERROR 2 CNAME dms.cm.licdn.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#51660: query: dms.licdn.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#51660 (dms.licdn.com.): answer: dms.licdn.com. IN A (10.100.0.1) -> NOERROR 2 CNAME dms.cm.licdn.com. 94 CNAME dms-fsly.sb.lnkdns.net. 96 CNAME fs-ak-cf.dms.sb.lnkdns.net. 292 CNAME linkedin.map.fastly.net. 40 A 198.51.100.10 40 A 198.51.100.15 40 A 198.51.100.12 40 A 198.51.100.7 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.76#52973: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.76#52973 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.16#38153: query: host031.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.16#38153 (host031.example.net.): answer: host031.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.16#46520: query: host031.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.16#46520 (host031.example.net.): answer: host031.example.net. IN A (10.100.0.1) -> NOERROR 300 A 10.1.1.134 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#36261: query: host007.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#36261 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.37#60273: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.37#60273 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397 (host030.host030.example.net.): answer: host030.host030.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#61978: query: eas.outlook.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#61978 (eas.outlook.com.): answer: eas.outlook.com. IN TYPE65 (10.100.0.1) -> NOERROR 117 CNAME outlook.office365.com. 220 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#62797: query: eas.outlook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#62797 (eas.outlook.com.): answer: eas.outlook.com. IN A (10.100.0.1) -> NOERROR 117 CNAME outlook.office365.com. 220 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.10 7 A 198.51.100.6 7 A 198.51.100.218 7 A 198.51.100.11 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.36#55473: query: host032.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.36#55473 (host032.example.net.): answer: host032.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.6 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#63421: query: graph-fallback.facebook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#64289: query: graph.facebook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#64289 (graph.facebook.com.): answer: graph.facebook.com. IN A (10.100.0.1) -> NOERROR 266 CNAME star.c10r.facebook.com. 56 A 198.51.100.24 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55485: query: host033.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55485 (host033.example.net.): answer: host033.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.240 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55485: query: host033.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55485 (host033.example.net.): answer: host033.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.73#52850: query: host034.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.73#52850 (host034.example.net.): answer: host034.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50211: query: host035.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50211: query: host035.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50211 (host035.example.net.): answer: host035.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.241 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50211 (host035.example.net.): answer: host035.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#55948: query: i-fallback.instagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#55948 (i-fallback.instagram.com.): answer: i-fallback.instagram.com. IN A (10.100.0.1) -> NOERROR 2008 CNAME star.fallback.c10r.instagram.com. 8 A 198.51.100.20 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#63421 (graph-fallback.facebook.com.): answer: graph-fallback.facebook.com. IN A (10.100.0.1) -> NOERROR 3182 CNAME star.fallback.c10r.facebook.com. 22 A 198.51.100.19 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#55066: query: dms.cm.licdn.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#55066 (dms.cm.licdn.com.): answer: dms.cm.licdn.com. IN TYPE65 (10.100.0.1) -> NOERROR 94 CNAME dms-fsly.sb.lnkdns.net. 96 CNAME fs-ak-cf.dms.sb.lnkdns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.163#61047: query: mail.ofcggz.nl IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#35774: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#35774 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64710: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64710 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64711: query: host036.host036.host036.host036.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64711 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040: query: host037.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040 (host037.example.net.): answer: host037.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64712: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64712 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#54535: query: graph.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#54535 (graph.microsoft.com.): answer: graph.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1054 CNAME ags.privatelink.msidentity.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#59928: query: graph.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#59928 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.141 122 A 198.51.100.210 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64713: query: host038.host038.host038.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64713 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#60306: query: i.instagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#60306 (i.instagram.com.): answer: i.instagram.com. IN A (10.100.0.1) -> NOERROR 1961 CNAME instagram.c10r.instagram.com. 36 A 198.51.100.27 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64714: query: host038.host038.host038.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64714 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64715: query: host039.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64715 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#50146: query: res.public.onecdn.static.microsoft IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#50146 (res.public.onecdn.static.microsoft.): answer: res.public.onecdn.static.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR 281 CNAME res-ocdi-public.trafficmanager.net. 86 CNAME res-1.public.onecdn.static.microsoft. 18 CNAME res-ocdi-stls-prod.edgesuite.net. 118 CNAME a434.dscd.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#55040: query: res.public.onecdn.static.microsoft IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#55040 (res.public.onecdn.static.microsoft.): answer: res.public.onecdn.static.microsoft. IN A (10.100.0.1) -> NOERROR 282 CNAME res-ocdi-public.trafficmanager.net. 87 CNAME res-1.public.onecdn.static.microsoft. 19 CNAME res-ocdi-stls-prod.edgesuite.net. 119 CNAME a434.dscd.akamai.net. 14 A 198.51.100.74 14 A 198.51.100.64 14 A 198.51.100.70 14 A 198.51.100.63 14 A 198.51.100.67 14 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64716: query: host039.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64716 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#53714: query: play.google.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#56170: query: play.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#53714 (play.google.com.): answer: play.google.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#56170 (play.google.com.): answer: play.google.com. IN A (10.100.0.1) -> NOERROR 296 A 198.51.100.253 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.116#52260: query: host040.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.116#52260 (host040.example.net.): answer: host040.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.233 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040: query: host037.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040 (host037.example.net.): answer: host037.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.14 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#56090: query: graph-fallback.instagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#56090 (graph-fallback.instagram.com.): answer: graph-fallback.instagram.com. IN A (10.100.0.1) -> NOERROR 949 CNAME star.fallback.c10r.instagram.com. 8 A 198.51.100.20 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#60503: query: graph.instagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#60503 (graph.instagram.com.): answer: graph.instagram.com. IN A (10.100.0.1) -> NOERROR 2153 CNAME instagram.c10r.instagram.com. 36 A 198.51.100.27 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#57911: query: host007.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#57911: query: host007.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#57911 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#57911 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.163#61047 (mail.ofcggz.nl.): answer: mail.ofcggz.nl. IN A (10.100.0.1) -> NOERROR 60 A 198.51.100.108 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066 (wpad.canbus.net.): answer: wpad.canbus.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.96#50532: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.96#50532 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.76#65177: query: outlook.office365.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.76#65177 (outlook.office365.com.): answer: outlook.office365.com. IN A (10.100.0.1) -> NOERROR 220 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.10 7 A 198.51.100.11 7 A 198.51.100.218 7 A 198.51.100.6 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#57935: query: obseu.seroundprince.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#60255: query: obseu.seroundprince.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61325: query: gsp85-ssl.ls.apple.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61325 (gsp85-ssl.ls.apple.com.): answer: gsp85-ssl.ls.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 1017 CNAME gsp85-ssl.ls2-apple.com.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.88#59888: query: europe.smartscreen.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.88#59888 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.88#58317: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.88#58317 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.93#59023: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.93#59023 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#49899: query: gsp85-ssl.ls.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#49899 (gsp85-ssl.ls.apple.com.): answer: gsp85-ssl.ls.apple.com. IN A (10.100.0.1) -> NOERROR 1017 CNAME gsp85-ssl.ls2-apple.com.akadns.net. 27 A 198.51.100.23 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#53662: query: logs.eu-west-1.amazonaws.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#53662 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040: query: host041.host041.host041.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040 (host041.host041.host041.example.net.): answer: host041.host041.host041.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#33835: query: logs.eu-west-1.amazonaws.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#33835 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN A (10.100.0.1) -> NOERROR 12 A 198.51.100.189 12 A 198.51.100.191 12 A 198.51.100.194 12 A 198.51.100.187 12 A 198.51.100.188 12 A 198.51.100.192 12 A 198.51.100.193 12 A 198.51.100.190 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56970: query: _dns.resolver.arpa IN TYPE64 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56970 (_dns.resolver.arpa.): answer: _dns.resolver.arpa. IN TYPE64 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#35084: query: logs.eu-west-1.amazonaws.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#35084 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#41572: query: logs.eu-west-1.amazonaws.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#41572 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN A (10.100.0.1) -> NOERROR 12 A 198.51.100.190 12 A 198.51.100.189 12 A 198.51.100.191 12 A 198.51.100.194 12 A 198.51.100.187 12 A 198.51.100.188 12 A 198.51.100.192 12 A 198.51.100.193 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#50279: query: logs.eu-west-1.amazonaws.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#50279 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#41251: query: logs.eu-west-1.amazonaws.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#41251 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN A (10.100.0.1) -> NOERROR 12 A 198.51.100.188 12 A 198.51.100.192 12 A 198.51.100.193 12 A 198.51.100.190 12 A 198.51.100.189 12 A 198.51.100.191 12 A 198.51.100.194 12 A 198.51.100.187 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#38988: query: logs.eu-west-1.amazonaws.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#38988 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN A (10.100.0.1) -> NOERROR 12 A 198.51.100.189 12 A 198.51.100.191 12 A 198.51.100.194 12 A 198.51.100.187 12 A 198.51.100.188 12 A 198.51.100.192 12 A 198.51.100.193 12 A 198.51.100.190 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#36750: query: logs.eu-west-1.amazonaws.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#36750 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#60255 (obseu.seroundprince.com.): answer: obseu.seroundprince.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.106#62425: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.106#62425 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.19#55292: query: ctldl.windowsupdate.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.19#55292 (ctldl.windowsupdate.com.): answer: ctldl.windowsupdate.com. IN A (10.100.0.1) -> NOERROR 2379 CNAME ctldl.windowsupdate.com.delivery.microsoft.com. 2350 CNAME wu-b-net.trafficmanager.net. 247 CNAME bg.microsoft.map.fastly.net. 19 A 198.51.100.111 19 A 198.51.100.112 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56900: query: gsp85-ssl.ls2-apple.com.akadns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56900 (gsp85-ssl.ls2-apple.com.akadns.net.): answer: gsp85-ssl.ls2-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.126#61396: query: outlook.office365.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.126#61396 (outlook.office365.com.): answer: outlook.office365.com. IN A (10.100.0.1) -> NOERROR 220 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.6 7 A 198.51.100.10 7 A 198.51.100.11 7 A 198.51.100.218 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#52542: query: 198.51.100.0.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#52542 (198.51.100.0.in-addr.arpa.): answer: 198.51.100.0.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 1800 PTR host025.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54963: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54963 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.92#51600: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.92#51600 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54964: query: host036.host036.host036.host036.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54964 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.49#49918: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.49#49918 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54965: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54965 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54966: query: host038.host038.host038.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54966 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54967: query: host038.host038.host038.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54967 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54968: query: host039.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54968 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54969: query: host039.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54969 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#47598: query: 198.51.100.57.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#47598 (198.51.100.57.in-addr.arpa.): answer: 198.51.100.57.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host042.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.34#59472: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.34#59472 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53419: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53419 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.51#57571: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53420: query: host036.host036.host036.host036.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.51#57571 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53420 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53421: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53421 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53422: query: host038.host038.host038.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53422 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.175#52298: query: config.teams.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.175#52298 (config.teams.microsoft.com.): answer: config.teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 3013 CNAME config.teams.trafficmanager.net. 47 CNAME dual-s-0005-teams.config.skype.com. 5719 CNAME config-teams.s-0005.dual-s-msedge.net. 92 CNAME s-0005.dual-s-msedge.net. 25 A 198.51.100.251 25 A 198.51.100.252 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53423: query: host038.host038.host038.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53423 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53424: query: host039.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53424 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53425: query: host039.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53425 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.135#63065: query: ctldl.windowsupdate.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.135#63065 (ctldl.windowsupdate.com.): answer: ctldl.windowsupdate.com. IN A (10.100.0.1) -> NOERROR 2379 CNAME ctldl.windowsupdate.com.delivery.microsoft.com. 2350 CNAME wu-b-net.trafficmanager.net. 247 CNAME bg.microsoft.map.fastly.net. 19 A 198.51.100.111 19 A 198.51.100.112 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#49392: query: cl3.apple.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.23#49927: query: outlook.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.23#49927 (outlook.office.com.): answer: outlook.office.com. IN A (10.100.0.1) -> NOERROR 31 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.6 7 A 198.51.100.218 7 A 198.51.100.11 7 A 198.51.100.10 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.61#57029: query: www.snsbank.nl IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.61#54387: query: www.snsbank.nl IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.239#59161: query: example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.239#59161 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#65237: query: cl3.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.76#50409: query: sn.webrootcloudav.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.76#50409 (sn.webrootcloudav.com.): answer: sn.webrootcloudav.com. IN A (10.100.0.1) -> NOERROR 40 A 198.51.100.20 40 A 198.51.100.225 40 A 198.51.100.21 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043: query: host037.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043 (host037.example.net.): answer: host037.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043: query: host037.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043 (host037.example.net.): answer: host037.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.14 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043: query: host041.host041.host041.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043 (host041.host041.host041.example.net.): answer: host041.host041.host041.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#49392 (cl3.apple.com.): answer: cl3.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.16#57345: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.16#57345 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.61#57029 (www.snsbank.nl.): answer: www.snsbank.nl. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#49940: query: host043.host043.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#49940 (host043.host043.example.net.): answer: host043.host043.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.216 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.35#65420: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.35#65420 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#57935 (obseu.seroundprince.com.): answer: obseu.seroundprince.com. IN A (10.100.0.1) -> NOERROR 60 CNAME master.eu-west-1.prod.engine-nlb.cheqzone.com. 17 A 198.51.100.198 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.78#59789: query: enterpriseregistration.windows.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.78#59789 (enterpriseregistration.windows.net.): answer: enterpriseregistration.windows.net. IN A (10.100.0.1) -> NOERROR 1792 CNAME na.privatelink.msidentity.com. 129 CNAME prdf.aadg.msidentity.com. 21 CNAME www.tm.f.prd.aadg.akadns.net. 291 A 198.51.100.213 291 A 198.51.100.150 291 A 198.51.100.215 291 A 198.51.100.152 291 A 198.51.100.151 291 A 198.51.100.214 291 A 198.51.100.211 291 A 40.12 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.225#60834: query: host044.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.225#60834 (host044.example.net.): answer: host044.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#39477: query: 198.51.100.81.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#39477 (198.51.100.81.in-addr.arpa.): answer: 198.51.100.81.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host045.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#7122: query: eu-mobile.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#7122 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#65237 (cl3.apple.com.): answer: cl3.apple.com. IN A (10.100.0.1) -> NOERROR 508 CNAME cl3-cdn.origin-apple.com.akadns.net. 340 CNAME cl3.g.aaplimg.com. 15 A 198.51.100.57 15 A 198.51.100.52 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#65019: query: dns.opendns.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#65019 (dns.opendns.com.): answer: dns.opendns.com. IN A (10.100.0.1) -> NOERROR 2380 A 198.51.100.161 2380 A 198.51.100.160 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046: query: host037.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046 (host037.example.net.): answer: host037.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046: query: host037.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046 (host037.example.net.): answer: host037.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.14 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.64#64508: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.64#64508 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#54799: query: doh.umbrella.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#54799 (doh.umbrella.com.): answer: doh.umbrella.com. IN A (10.100.0.1) -> NOERROR 1 A 198.51.100.255 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56344: query: doh.umbrella.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56344 (doh.umbrella.com.): answer: doh.umbrella.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#53419: query: host046.host046.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#63373: query: _dns.resolver.arpa IN TYPE64 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#63373 (_dns.resolver.arpa.): answer: _dns.resolver.arpa. IN TYPE64 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#49553: query: doh.opendns.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#49553 (doh.opendns.com.): answer: doh.opendns.com. IN A (10.100.0.1) -> NOERROR 114 A 198.51.100.254 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#53419 (host047.host047.example.net.): answer: host047.host047.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046: query: host041.host041.host041.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#51160: query: doh.opendns.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#51160 (doh.opendns.com.): answer: doh.opendns.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046 (host041.host041.host041.example.net.): answer: host041.host041.host041.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#57116: query: dns.umbrella.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#57116 (dns.umbrella.com.): answer: dns.umbrella.com. IN A (10.100.0.1) -> NOERROR 376 A 198.51.100.161 376 A 198.51.100.160 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#62393: query: dns.umbrella.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#62393 (dns.umbrella.com.): answer: dns.umbrella.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63904: query: master.eu-west-1.prod.engine-nlb.cheqzone.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61835: query: dns.opendns.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61835 (dns.opendns.com.): answer: dns.opendns.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#64184: query: host048.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#64184 (host049.example.net.): answer: host049.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#51884: query: host200.internal.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#51884 (host200.internal.net.): answer: host200.internal.net. IN A (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.64#53265: query: turbo.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.64#53265 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.85#61721: query: www.googletagmanager.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.85#61721 (www.googletagmanager.com.): answer: www.googletagmanager.com. IN A (10.100.0.1) -> NOERROR 201 A 198.51.100.252 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.129#61233: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.129#61233 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.64#51746: query: turbo.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.64#51746 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN A (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. 5 CNAME mr-b01.tm-azurefd.net. 28 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.210 35 A 198.51.100.211 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.85#65484: query: www.googletagmanager.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.85#65484 (www.googletagmanager.com.): answer: www.googletagmanager.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.227#55240: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.227#55240 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.11#54043: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.11#54043 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63904 (master.eu-west-1.prod.engine-nlb.cheqzone.com.): answer: master.eu-west-1.prod.engine-nlb.cheqzone.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.221#59759: query: host050.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.221#59759: query: host050.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.61#54387 (www.snsbank.nl.): answer: www.snsbank.nl. IN A (10.100.0.1) -> NOERROR 20 A 198.51.100.126 20 A 198.51.100.129 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.221#59759 (host051.example.net.): answer: host051.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 172.16.2.65 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.221#59759 (host051.example.net.): answer: host051.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.82#49540: query: host034.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.82#49540 (host034.example.net.): answer: host034.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#54808: query: cl3.g.aaplimg.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#54808 (cl3.g.aaplimg.com.): answer: cl3.g.aaplimg.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#50405: query: test-gateway.instagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#50405 (test-gateway.instagram.com.): answer: test-gateway.instagram.com. IN A (10.100.0.1) -> NOERROR 2033 CNAME dgw-ig.c10r.facebook.com. 8 A 198.51.100.28 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#65533: query: lb._dns-sd._udp.198.51.100.113.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#65533 (lb._dns-sd._udp.198.51.100.113.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.113.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#64242: query: gateway.instagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#64242 (gateway.instagram.com.): answer: gateway.instagram.com. IN A (10.100.0.1) -> NOERROR 1212 CNAME dgw.c10r.facebook.com. 33 A 198.51.100.26 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#58930: query: host021.host021.host021.example.net IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#58930 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#49738: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#49738 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.176#62054: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.176#62054 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.184#53303: query: ecs.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.184#53303 (ecs.office.com.): answer: ecs.office.com. IN A (10.100.0.1) -> NOERROR 78 CNAME ecs.office.trafficmanager.net. 7 CNAME dual-s-0005-office.config.skype.com. 8549 CNAME ecs-office.s-0005.dual-s-msedge.net. 40 CNAME s-0005.dual-s-msedge.net. 25 A 198.51.100.252 25 A 198.51.100.251 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#26652: query: api-emea.flightproxy.teams.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.66#55371: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.66#55371 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.75#60078: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.75#60078 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#45361: query: host045.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#45361 (host045.example.net.): answer: host045.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.191 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.130#55301: query: v10.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.130#55301 (v10.events.data.microsoft.com.): answer: v10.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 22 CNAME win-global-asimov-leafs-events-data.trafficmanager.net. 6 CNAME onedscolprdeus11.eastus.cloudapp.azure.com. 5 A 198.51.100.154 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.15#45859: query: host031.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.15#45859: query: host031.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.15#45859 (host031.example.net.): answer: host031.example.net. IN A (10.100.0.1) -> NOERROR 300 A 10.1.1.134 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.15#45859 (host031.example.net.): answer: host031.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.24#50529: query: euc-word-edit.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.24#50529 (euc-word-edit.officeapps.live.com.): answer: euc-word-edit.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 3 CNAME euc-word-edit-geo.wac.trafficmanager.net. 14 CNAME euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 20 CNAME wac-0003.wac-msedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.24#52993: query: euc-word-edit.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.24#52993 (euc-word-edit.officeapps.live.com.): answer: euc-word-edit.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 3 CNAME euc-word-edit-geo.wac.trafficmanager.net. 14 CNAME euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 20 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.235 18 A 198.51.100.236 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#48503: query: www.tizen.org IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#48503 (www.tizen.org.): answer: www.tizen.org. IN A (10.100.0.1) -> NOERROR 12 A 198.51.100.97 12 A 198.51.100.96 12 A 198.51.100.98 12 A 198.51.100.99 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#15232: query: host052.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#15232 (host052.example.net.): answer: host052.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.2 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#46339: query: host052.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#46339 (host052.example.net.): answer: host052.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.101#58858: query: outlook.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.101#58858 (outlook.office.com.): answer: outlook.office.com. IN A (10.100.0.1) -> NOERROR 31 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.218 7 A 198.51.100.11 7 A 198.51.100.10 7 A 198.51.100.6 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.200#56508: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.200#56508: query: eu-v20.events.endpoint.security.microsoft.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.200#56508 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.200#56508 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#49921: query: host045.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#58342: query: host053.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#49921 (host045.example.net.): answer: host045.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.191 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#58342 (host053.example.net.): answer: host053.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#57464: query: host045.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#57464 (host045.example.net.): answer: host045.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.191 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#61891: query: host054.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#61891 (host054.example.net.): answer: host054.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#54295: query: host054.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#54295 (host054.example.net.): answer: host054.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.52#58462: query: turbo.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.52#58462 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN A (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. 5 CNAME mr-b01.tm-azurefd.net. 28 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.211 35 A 198.51.100.210 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.30#54389: query: edge.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.30#54389 (edge.microsoft.com.): answer: edge.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.30#49206: query: edge.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.30#49206 (edge.microsoft.com.): answer: edge.microsoft.com. IN A (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. 80 CNAME ax-0002.ax-dc-msedge.net. 5 A 198.51.100.4 5 A 198.51.100.3 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#26652 (api-emea.flightproxy.teams.microsoft.com.): answer: api-emea.flightproxy.teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 43017 CNAME flightproxy-emea-teams.trafficmanager.net. 19 CNAME ep-frce-02-prod-aks.flightproxy.teams.microsoft.com. 10202 CNAME epx.frce-02.ic3-calling-enterpriseproxy.francecentral-prod.cosmic.office.net. 4 CNAME cosmic-francecentral-ns-9ecb4f6d7 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.48#52031: query: r4.res.office365.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.48#52031 (r4.res.office365.com.): answer: r4.res.office365.com. IN A (10.100.0.1) -> NOERROR 219 CNAME r4.res.office365.com.edgekey.net. 9 CNAME e40491.dscg.akamaiedge.net. 12 A 198.51.100.125 12 A 198.51.100.131 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.27#55201: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.27#55201 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.50#49235: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.50#49235 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.66#57679: query: eu-teams.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.66#57679 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.2#63480: query: 198.51.100.35.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.2#63480 (198.51.100.35.in-addr.arpa.): answer: 198.51.100.35.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host055.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.231#62453: query: example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.66#50834: query: eu-teams.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.66#50834 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.231#62453 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.162#55408: query: web.whatsapp.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.162#55408 (web.whatsapp.com.): answer: web.whatsapp.com. IN TYPE65 (10.100.0.1) -> NOERROR 3419 CNAME mmx-ds.cdn.whatsapp.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.162#56602: query: web.whatsapp.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.162#56602 (web.whatsapp.com.): answer: web.whatsapp.com. IN A (10.100.0.1) -> NOERROR 3419 CNAME mmx-ds.cdn.whatsapp.net. 2 A 198.51.100.32 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.91#54359: query: nexusrules.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.91#54359 (nexusrules.officeapps.live.com.): answer: nexusrules.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 2687 CNAME prod.nexusrules.live.com.akadns.net. 23 A 198.51.100.249 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#47173: query: host013.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#47173: query: host013.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#47173 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#47173 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.32#52762: query: enterpriseregistration.windows.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.32#52762 (enterpriseregistration.windows.net.): answer: enterpriseregistration.windows.net. IN A (10.100.0.1) -> NOERROR 1792 CNAME na.privatelink.msidentity.com. 129 CNAME prdf.aadg.msidentity.com. 21 CNAME www.tm.f.prd.aadg.akadns.net. 291 A 198.51.100.152 291 A 198.51.100.151 291 A 198.51.100.214 291 A 198.51.100.211 291 A 198.51.100.212 291 A 198.51.100.213 291 A 198.51.100.150 291 A 40.12 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#62034: query: login.microsoftonline.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#62034 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 99 A 198.51.100.145 99 A 198.51.100.147 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.140#61255: query: host004.host004.host004.host004.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.140#61255 (host004.host004.host004.host004.example.net.): answer: host004.host004.host004.host004.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host005.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#40005: query: 198.51.100.209.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#40005 (198.51.100.209.in-addr.arpa.): answer: 198.51.100.209.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host056.host056.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.140#61255: query: host005.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.140#61255 (host005.example.net.): answer: host005.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.228 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#31651: query: go-eu.trouter.teams.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#31651 (go-eu.trouter.teams.microsoft.com.): answer: go-eu.trouter.teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 1421 CNAME trouter-atm-pub-ent-emea.trafficmanager.net. 7 CNAME pub-ent-euwe-07-t.trouter.teams.microsoft.com. 2072 CNAME partition-cname-trouter.pub-ent-euwe-07.ic3-edf-trouter.westeurope-prod.cosmic.office.net. 9 CNAME cosmic-westeurope-ns-b80c4716b71c.traffic +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#57103: query: eu.recent.svc.cloud.microsoft IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#57103 (eu.recent.svc.cloud.microsoft.): answer: eu.recent.svc.cloud.microsoft. IN A (10.100.0.1) -> NOERROR 337 CNAME eudb.ocws1.live.com.akadns.net. 49 CNAME recent-prod-weightedww.trafficmanager.net. 30 CNAME atm.office.mira.tm.svc.cloud.microsoft. 9 A 198.51.100.241 9 A 198.51.100.237 9 A 198.51.100.239 9 A 198.51.100.240 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.1#48515: query: 198.51.100.35.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.1#48515 (198.51.100.35.in-addr.arpa.): answer: 198.51.100.35.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host055.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.30#54545: query: js.monitor.azure.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.30#54545 (js.monitor.azure.com.): answer: js.monitor.azure.com. IN A (10.100.0.1) -> NOERROR 21 CNAME aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net. 44 CNAME mr-z01.tm-azurefd.net. 40 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.211 35 A 198.51.100.210 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.30#56147: query: js.monitor.azure.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.30#56147 (js.monitor.azure.com.): answer: js.monitor.azure.com. IN TYPE65 (10.100.0.1) -> NOERROR 52 CNAME aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.63#56741: query: geover.prod.do.dsp.mp.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.63#56741 (geover.prod.do.dsp.mp.microsoft.com.): answer: geover.prod.do.dsp.mp.microsoft.com. IN A (10.100.0.1) -> NOERROR 3565 CNAME geover.prod.do.dsp.mp.microsoft.com.edgekey.net. 5363 CNAME e10370.d.akamaiedge.net. 20 A 198.51.100.182 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.7#51716: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.7#51716 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#53510: query: api-emea.flightproxy.teams.microsoft.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#51443: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#51443 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#51443: query: eu-v20.events.endpoint.security.microsoft.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#51443 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#49738: query: edge.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#49738 (edge.microsoft.com.): answer: edge.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.77#53488: query: host019.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.77#53488 (host019.example.net.): answer: host019.example.net. IN A (10.100.0.1) -> NOERROR 180 A 10.1.1.8 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#62995: query: edge.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#62995 (edge.microsoft.com.): answer: edge.microsoft.com. IN A (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. 80 CNAME ax-0002.ax-dc-msedge.net. 5 A 198.51.100.3 5 A 198.51.100.4 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.145#58032: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.145#58032 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.41#56120: query: v10.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.41#56120 (v10.events.data.microsoft.com.): answer: v10.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 22 CNAME win-global-asimov-leafs-events-data.trafficmanager.net. 6 CNAME onedscolprdeus11.eastus.cloudapp.azure.com. 5 A 198.51.100.154 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.27#58099: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.27#58099 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.77#55627: query: host022.host022.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.77#55627 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#53510 (api-emea.flightproxy.teams.microsoft.com.): answer: api-emea.flightproxy.teams.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 43017 CNAME flightproxy-emea-teams.trafficmanager.net. 19 CNAME ep-frce-02-prod-aks.flightproxy.teams.microsoft.com. 10202 CNAME epx.frce-02.ic3-calling-enterpriseproxy.francecentral-prod.cosmic.office.net. 4 CNAME cosmic-francecentral-ns-9ecb4f +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.214#62206: query: testorg.service-now.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.214#62206 (testorg.service-now.com.): answer: testorg.service-now.com. IN A (10.100.0.1) -> NOERROR 1 A 198.51.100.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.67#52009: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.67#52009 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50858: query: host057.host057.host057.host057.host057.host057.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50731: query: host058.host058.host058.host058.host058.host058.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#56071: query: host057.host057.host057.host057.host057.host057.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50858 (_kerberos._tcp.Centrum-Locatie._sites.dc._msdcs.EXAMPLE.NET.): answer: _kerberos._tcp.Centrum-Locatie._sites.dc._msdcs.EXAMPLE.NET. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 88 host034.example.net. 600 SRV 0 100 88 host059.example.net. 600 SRV 0 100 88 host005.example.net. 600 SRV 0 100 88 host060.example.net. 600 SRV 0 100 88 host061.example.net. 600 SRV 0 100 88 dc5.example.ne +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50731 (host062.host062.host062.host062.host062.host062.example.net.): answer: host062.host062.host062.host062.host062.host062.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host063.example.net. 600 SRV 0 100 389 host059.example.net. 600 SRV 0 100 389 host060.example.net. 600 SRV 0 100 389 host005.example.net. 600 SRV 0 100 389 host061.example.net. 600 SRV 0 100 389 host034.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#56071 (host064.host064.host064.host064.host064.host064.example.net.): answer: host064.host064.host064.host064.host064.host064.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 88 host060.example.net. 600 SRV 0 100 88 host005.example.net. 600 SRV 0 100 88 host063.example.net. 600 SRV 0 100 88 host034.example.net. 600 SRV 0 100 88 host059.example.net. 600 SRV 0 100 88 dc4.example.ne +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#3264: query: go-eu.trouter.teams.microsoft.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#3264 (go-eu.trouter.teams.microsoft.com.): answer: go-eu.trouter.teams.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 1421 CNAME trouter-atm-pub-ent-emea.trafficmanager.net. 7 CNAME pub-ent-euwe-07-t.trouter.teams.microsoft.com. 2072 CNAME partition-cname-trouter.pub-ent-euwe-07.ic3-edf-trouter.westeurope-prod.cosmic.office.net. 9 CNAME cosmic-westeurope-ns-b80c4716b71c.traff +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.40#58484: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.40#58484 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.40#55140: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.40#55140 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.128#60586: query: wise-m.public.cdn.office.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.128#60586 (wise-m.public.cdn.office.net.): answer: wise-m.public.cdn.office.net. IN TYPE65 (10.100.0.1) -> NOERROR 172 CNAME res-prod.trafficmanager.net. 103 CNAME res-1.cdn.office.net. 96 CNAME res-stls-prod.edgesuite.net. 221 CNAME a726.dscd.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.25#58988: query: cmp.nu.nl IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.25#58988 (cmp.nu.nl.): answer: cmp.nu.nl. IN A (10.100.0.1) -> NXDOMAIN 211 CNAME cdn-1294-2.privacy-mgmt.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.128#57141: query: wise-m.public.cdn.office.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.128#57141 (wise-m.public.cdn.office.net.): answer: wise-m.public.cdn.office.net. IN A (10.100.0.1) -> NOERROR 171 CNAME res-prod.trafficmanager.net. 102 CNAME res-1.cdn.office.net. 95 CNAME res-stls-prod.edgesuite.net. 220 CNAME a726.dscd.akamai.net. 9 A 198.51.100.68 9 A 198.51.100.65 9 A 198.51.100.75 9 A 198.51.100.71 9 A 198.51.100.73 9 A 198.51.100.70 9 A 198.51.100.67 9 A 198.51.100.59 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.53#55065: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.53#55065 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.93#57169: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.93#57169 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.106#56240: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.106#50850: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.106#56240 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.106#50850 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#31030: query: emea.cc.skype.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#53010: query: www.zorgdoc.nl IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#53010 (www.zorgdoc.nl.): answer: www.zorgdoc.nl. IN A (10.100.0.1) -> NOERROR 23 A 198.51.100.205 23 A 198.51.100.206 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#55250: query: www.zorgdoc.nl IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#55250 (www.zorgdoc.nl.): answer: www.zorgdoc.nl. IN A (10.100.0.1) -> NOERROR 23 A 198.51.100.206 23 A 198.51.100.205 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.48#53231: query: f58cbbd478574eb99f3a5435625ea88f.fp.measure.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#51520: query: www.zorgdoc.nl IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.115#54066: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.115#54066 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55442: query: host033.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55442: query: host033.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55442 (host033.example.net.): answer: host033.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.240 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55442 (host033.example.net.): answer: host033.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#65503: query: www.zorgdoc.nl IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#65503 (www.zorgdoc.nl.): answer: www.zorgdoc.nl. IN A (10.100.0.1) -> NOERROR 23 A 198.51.100.206 23 A 198.51.100.205 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#22708: query: emea.cc.skype.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#22708 (emea.cc.skype.com.): answer: emea.cc.skype.com. IN AAAA (10.100.0.1) -> NOERROR 70345 CNAME cc-emea-skype.trafficmanager.net. 1 CNAME cc-euno-03-prod-aks.cc.skype.com. 775 CNAME callcontroller.euno-03.ic3-calling-callcontroller.northeurope-prod.cosmic.office.net. 2 CNAME cosmic-northeurope-ns-896c43260b21.trafficmanager.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.209#53657: query: example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.209#53657 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50998: query: host035.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50998 (host035.example.net.): answer: host035.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.241 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50998: query: host035.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50998 (host035.example.net.): answer: host035.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.206#49233: query: mdav.eu.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.206#49233 (mdav.eu.endpoint.security.microsoft.com.): answer: mdav.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 106 CNAME md-prod-simcon-atm-epp-eu.trafficmanager.net. 269 CNAME md-prod-simcon-ip0.westeurope.cloudapp.azure.com. 1 A 198.51.100.157 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50858: query: host005.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50858 (host005.example.net.): answer: host005.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.228 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#56071: query: host034.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#56071 (host034.example.net.): answer: host034.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#31030 (emea.cc.skype.com.): answer: emea.cc.skype.com. IN A (10.100.0.1) -> NOERROR 70345 CNAME cc-emea-skype.trafficmanager.net. 1 CNAME cc-euno-03-prod-aks.cc.skype.com. 775 CNAME callcontroller.euno-03.ic3-calling-callcontroller.northeurope-prod.cosmic.office.net. 2 CNAME cosmic-northeurope-ns-896c43260b21.trafficmanager.net. 10 A 198.51.100.254 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.168#53265: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.168#53265 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.10#58615: query: host029.host029.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.10#58615 (host029.host029.example.net.): answer: host029.host029.example.net. IN A (10.100.0.1) -> NOERROR 0 A 10.1.1.29 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#51520 (www.zorgdoc.nl.): answer: www.zorgdoc.nl. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.63#61608: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.63#61608 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.48#53231 (f58cbbd478574eb99f3a5435625ea88f.fp.measure.office.com.): answer: f58cbbd478574eb99f3a5435625ea88f.fp.measure.office.com. IN A (10.100.0.1) -> NOERROR 10 A 198.51.100.8 10 A 198.51.100.217 10 A 198.51.100.219 10 A 198.51.100.221 10 A 198.51.100.220 10 A 198.51.100.9 10 A 198.51.100.222 10 A 198.51.100.7 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.145#58539: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58080: query: host046.host046.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.145#58539 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58080 (host047.host047.example.net.): answer: host047.host047.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.166#59261: query: ecs.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.166#59261 (ecs.office.com.): answer: ecs.office.com. IN A (10.100.0.1) -> NOERROR 78 CNAME ecs.office.trafficmanager.net. 7 CNAME dual-s-0005-office.config.skype.com. 8549 CNAME ecs-office.s-0005.dual-s-msedge.net. 40 CNAME s-0005.dual-s-msedge.net. 25 A 198.51.100.252 25 A 198.51.100.251 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58046: query: host048.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58046 (host049.example.net.): answer: host049.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.153#51183: query: host065.host065.host065.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.153#51183 (host065.host065.host065.example.net.): answer: host065.host065.host065.example.net. IN SRV (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58556: query: host200.internal.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58556 (host200.internal.net.): answer: host200.internal.net. IN A (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.109#47787: query: v2.api.relayrobotics.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.109#47787 (v2.api.relayrobotics.com.): answer: v2.api.relayrobotics.com. IN A (10.100.0.1) -> NOERROR 85 CNAME ghs.googlehosted.com. 38 A 198.51.100.237 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.102#57705: query: 198.51.100.17.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.102#57705 (198.51.100.17.in-addr.arpa.): answer: 198.51.100.17.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 600 PTR host066.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#47132: query: host067.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#51746: query: host068.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#18582: query: host067.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#33065: query: host068.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#47132 (host067.example.net.): answer: host067.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#51746 (host068.example.net.): answer: host068.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#33065 (host068.example.net.): answer: host068.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.248 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#18582 (host067.example.net.): answer: host067.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.247 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.147#61653: query: substrate.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.147#61653 (substrate.office.com.): answer: substrate.office.com. IN A (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.218 7 A 198.51.100.6 7 A 198.51.100.11 7 A 198.51.100.10 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.31#59583: query: graph.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.31#59583 (graph.microsoft.com.): answer: graph.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1054 CNAME ags.privatelink.msidentity.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.31#58527: query: graph.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.31#58527 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.210 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 122 A 198.51.100.141 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.147#53202: query: substrate.office.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.147#53202 (substrate.office.com.): answer: substrate.office.com. IN TYPE65 (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.192#42720: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.192#42720: query: edr-weu.eu.endpoint.security.microsoft.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.192#42720 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.192#42720 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 177 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#60631: query: ams-efz.ms-acdc.office.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#60631 (ams-efz.ms-acdc.office.com.): answer: ams-efz.ms-acdc.office.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#55919: query: iphone-ld.v.aaplimg.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#55919 (iphone-ld.v.aaplimg.com.): answer: iphone-ld.v.aaplimg.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.81#57911: query: outlook.office365.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.81#57911 (outlook.office365.com.): answer: outlook.office365.com. IN A (10.100.0.1) -> NOERROR 220 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.218 7 A 198.51.100.6 7 A 198.51.100.10 7 A 198.51.100.11 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#32109: query: www.acm.org IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#32109 (www.acm.org.): answer: www.acm.org. IN A (10.100.0.1) -> NOERROR 0 A 198.51.100.202 0 A 198.51.100.203 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.248#59653: query: 198.51.100.38.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.248#59653 (198.51.100.38.in-addr.arpa.): answer: 198.51.100.38.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host069.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.129#65483: query: officeclient.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.129#65483 (officeclient.microsoft.com.): answer: officeclient.microsoft.com. IN A (10.100.0.1) -> NOERROR 858 CNAME config.officeapps.live.com. 903 CNAME prod.configsvc1.live.com.akadns.net. 11 CNAME europe.configsvc1.live.com.akadns.net. 249 CNAME config-prod-weightedww.trafficmanager.net. 54 CNAME atm.office.mira.tm.svc.cloud.microsoft. 9 A 198.51.100.239 9 A 198.51.100.240 9 A 52 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.247#16032: query: 198.51.100.38.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.247#16032 (198.51.100.38.in-addr.arpa.): answer: 198.51.100.38.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host069.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.119#64021: query: exo.nel.measure.office.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#58298: query: host013.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#58298: query: host013.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.119#64021 (exo.nel.measure.office.net.): answer: exo.nel.measure.office.net. IN TYPE65 (10.100.0.1) -> NOERROR 26 CNAME nel.measure.office.net.edgesuite.net. 5050 CNAME a1894.dscb.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#58298 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#58298 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.119#55172: query: exo.nel.measure.office.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.119#55172 (exo.nel.measure.office.net.): answer: exo.nel.measure.office.net. IN A (10.100.0.1) -> NOERROR 26 CNAME nel.measure.office.net.edgesuite.net. 5050 CNAME a1894.dscb.akamai.net. 15 A 198.51.100.114 15 A 198.51.100.116 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.51#52406: query: testorg.service-now.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.51#52406 (testorg.service-now.com.): answer: testorg.service-now.com. IN A (10.100.0.1) -> NOERROR 1 A 198.51.100.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.12#41022: query: 192.0.2.3.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.12#41022 (192.0.2.3.in-addr.arpa.): answer: 192.0.2.3.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 142247 PTR localhost. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.154#14516: query: www.gtv-fleks.nl IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#10011: query: graph.facebook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#10011 (graph.facebook.com.): answer: graph.facebook.com. IN A (10.100.0.1) -> NOERROR 266 CNAME star.c10r.facebook.com. 56 A 198.51.100.24 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.80#51202: query: studio-playerapi.competence.biz IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.201#33202: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.201#33202: query: edr-weu.eu.endpoint.security.microsoft.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.201#33202 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.201#33202 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 177 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#49472: query: b._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#49472 (b._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: b._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#60209: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#61189: query: e6858.dsce9.akamaiedge.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#61189 (e6858.dsce9.akamaiedge.net.): answer: e6858.dsce9.akamaiedge.net. IN A (10.100.0.1) -> NOERROR 13 A 198.51.100.181 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#52790: query: www.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#52790 (www.apple.com.): answer: www.apple.com. IN A (10.100.0.1) -> NOERROR 222 CNAME www-apple-com.v.aaplimg.com. 119 CNAME www.apple.com.edgekey.net. 157 CNAME e6858.dsce9.akamaiedge.net. 13 A 198.51.100.181 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#65351: query: host070.host070.host070.example.net IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#60209 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64543: query: api.apple-cloudkit.fe2.apple-dns.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64543 (api.apple-cloudkit.fe2.apple-dns.net.): answer: api.apple-cloudkit.fe2.apple-dns.net. IN A (10.100.0.1) -> NOERROR 87 A 198.51.100.50 87 A 198.51.100.49 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#65351 (host070.host070.host070.example.net.): answer: host070.host070.host070.example.net. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#55941: query: atc.spotify.map.fastly.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#55941 (atc.spotify.map.fastly.net.): answer: atc.spotify.map.fastly.net. IN A (10.100.0.1) -> NOERROR 0 A 198.51.100.7 0 A 198.51.100.10 0 A 198.51.100.12 0 A 198.51.100.15 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#60701: query: host071.host071.host071.example.net IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#60701 (host071.host071.host071.example.net.): answer: host071.host071.host071.example.net. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#65313: query: us-sandbox-courier-4.push-apple.com.akadns.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#65313 (us-sandbox-courier-4.push-apple.com.akadns.net.): answer: us-sandbox-courier-4.push-apple.com.akadns.net. IN A (10.100.0.1) -> NOERROR 23 A 198.51.100.29 23 A 198.51.100.25 23 A 198.51.100.26 23 A 198.51.100.28 23 A 198.51.100.24 23 A 198.51.100.27 23 A 198.51.100.31 23 A 198.51.100.30 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64776: query: e6858.dsce9.akamaiedge.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64776 (e6858.dsce9.akamaiedge.net.): answer: e6858.dsce9.akamaiedge.net. IN A (10.100.0.1) -> NOERROR 13 A 198.51.100.181 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64431: query: db._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64431 (db._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: db._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#58042: query: 1.courier-push-apple.com.akadns.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#58042 (1.courier-push-apple.com.akadns.net.): answer: 1.courier-push-apple.com.akadns.net. IN A (10.100.0.1) -> NOERROR 4 CNAME eu-nw-courier-4.push-apple.com.akadns.net. 22 A 198.51.100.33 22 A 198.51.100.38 22 A 198.51.100.37 22 A 198.51.100.34 22 A 198.51.100.36 22 A 198.51.100.35 22 A 198.51.100.32 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#55795: query: host021.host021.host021.example.net IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#59833: query: gew4-dealer.g2.spotify.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#59833 (gew4-dealer.g2.spotify.com.): answer: gew4-dealer.g2.spotify.com. IN TYPE65 (10.100.0.1) -> NOERROR 64 CNAME gew4-dealer-ssl.spotify.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.80#51202 (studio-playerapi.competence.biz.): answer: studio-playerapi.competence.biz. IN A (10.100.0.1) -> NOERROR 10 CNAME app-studio-playerapi-prod.azurewebsites.net. 10 CNAME waws-prod-am2-719.sip.azurewebsites.windows.net. 10 CNAME waws-prod-am2-719-c1d4.westeurope.cloudapp.azure.com. 2 A 198.51.100.136 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#55795 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#53056: query: gew4-dealer.g2.spotify.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#53056 (gew4-dealer.g2.spotify.com.): answer: gew4-dealer.g2.spotify.com. IN A (10.100.0.1) -> NOERROR 63 CNAME gew4-dealer-ssl.spotify.com. 26 A 198.51.100.203 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.160#63912: query: dns.weixin.qq.com.cn IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.160#63912 (dns.weixin.qq.com.cn.): answer: dns.weixin.qq.com.cn. IN A (10.100.0.1) -> NOERROR 106 A 198.51.100.224 106 A 198.51.100.223 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.142#64168: query: europe.cp.wd.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.142#64168 (europe.cp.wd.microsoft.com.): answer: europe.cp.wd.microsoft.com. IN A (10.100.0.1) -> NOERROR 982 CNAME wd-prod-cp-eu.trafficmanager.net. 208 CNAME wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com. 5 A 198.51.100.227 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#60866: query: dgw.c10r.facebook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#60866 (dgw.c10r.facebook.com.): answer: dgw.c10r.facebook.com. IN A (10.100.0.1) -> NOERROR 32 A 198.51.100.26 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56846: query: mqtt.c10r.facebook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56846 (mqtt.c10r.facebook.com.): answer: mqtt.c10r.facebook.com. IN A (10.100.0.1) -> NOERROR 1 A 198.51.100.25 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.154#1878: query: eur.loki.delve.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.154#1878 (eur.loki.delve.office.com.): answer: eur.loki.delve.office.com. IN A (10.100.0.1) -> NOERROR 74 CNAME loki-atm-prod-eur.trafficmanager.net. 13 CNAME eur.fxgateway.svc.cloud.microsoft. 76 CNAME mira-cmn.tm-4.office.com. 0 A 198.51.100.166 0 A 198.51.100.174 0 A 198.51.100.172 0 A 198.51.100.171 0 A 198.51.100.167 0 A 198.51.100.168 0 A 198.51.100.176 0 A 198.51.100.177 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.49#56058: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.49#56058 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#22877: query: host072.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.34#59946: query: eu-mobile.events.data.microsoft.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#22877 (host072.example.net.): answer: host072.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.34#59946 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731: query: host002.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731 (host002.example.net.): answer: host002.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#41595: query: host072.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#41595 (host072.example.net.): answer: host072.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.254 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.34#63717: query: eu-mobile.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.34#63717 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#45026: query: host073.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#45026 (host073.example.net.): answer: host073.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52316: query: star.c10r.facebook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52316 (star.c10r.facebook.com.): answer: star.c10r.facebook.com. IN A (10.100.0.1) -> NOERROR 55 A 198.51.100.24 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.56#56153: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.56#56153 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#36524: query: host074.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#62532: query: ocsp2.apple.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#62532 (ocsp2.apple.com.): answer: ocsp2.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 313 CNAME ocsp2.g.aaplimg.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#36524 (host074.example.net.): answer: host074.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#50127: query: ocsp2.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#50127 (ocsp2.apple.com.): answer: ocsp2.apple.com. IN A (10.100.0.1) -> NOERROR 313 CNAME ocsp2.g.aaplimg.com. 13 A 198.51.100.57 13 A 198.51.100.52 13 A 198.51.100.56 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#33233: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#33233 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#43494: query: host075.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#43494 (host075.example.net.): answer: host075.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#33029: query: host008.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#33029 (host008.example.net.): answer: host008.example.net. IN A (10.100.0.1) -> NOERROR 3600 A 10.100.0.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#53960: query: host076.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.137#61593: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.137#61593 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#53960 (host076.example.net.): answer: host076.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#52213: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#52213 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#57423: query: host021.host021.host021.example.net IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#44765: query: host077.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#57423 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#37392: query: host077.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#44765 (host077.example.net.): answer: host077.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.253 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#65048: query: app-analytics-services.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#65048 (app-analytics-services.com.): answer: app-analytics-services.com. IN A (10.100.0.1) -> NOERROR 201 A 198.51.100.109 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#58370: query: lb._dns-sd._udp.198.51.100.113.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#58370 (lb._dns-sd._udp.198.51.100.113.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.113.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#37392 (host077.example.net.): answer: host077.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#57750: query: host078.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#57750 (host078.example.net.): answer: host078.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#38698: query: host079.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#38698 (host079.example.net.): answer: host079.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59608: query: host080.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59608 (host080.example.net.): answer: host080.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.95#61842: query: eu-office.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.95#61842 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#57340: query: host081.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#57340 (host081.example.net.): answer: host081.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.225#62845: query: host082.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.225#62845 (host082.example.net.): answer: host082.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669: query: host011.host011.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669 (host011.host011.example.net.): answer: host011.host011.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#50368: query: wise-m.public.cdn.office.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#50368 (wise-m.public.cdn.office.net.): answer: wise-m.public.cdn.office.net. IN TYPE65 (10.100.0.1) -> NOERROR 172 CNAME res-prod.trafficmanager.net. 103 CNAME res-1.cdn.office.net. 96 CNAME res-stls-prod.edgesuite.net. 221 CNAME a726.dscd.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#60819: query: wise-m.public.cdn.office.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#60819 (wise-m.public.cdn.office.net.): answer: wise-m.public.cdn.office.net. IN A (10.100.0.1) -> NOERROR 171 CNAME res-prod.trafficmanager.net. 102 CNAME res-1.cdn.office.net. 95 CNAME res-stls-prod.edgesuite.net. 220 CNAME a726.dscd.akamai.net. 9 A 198.51.100.75 9 A 198.51.100.71 9 A 198.51.100.73 9 A 198.51.100.70 9 A 198.51.100.67 9 A 198.51.100.61 9 A 198.51.100.63 9 A 198.51.100.68 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#48250: query: host083.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#48250 (host083.example.net.): answer: host083.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#48825: query: host084.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#60330: query: euc-excel.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#51758: query: euc-excel.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#60330 (euc-excel.officeapps.live.com.): answer: euc-excel.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 49 CNAME euc-excel-geo.wac.trafficmanager.net. 55 CNAME euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 44 CNAME wac-0003.wac-msedge.net. 17 A 198.51.100.235 17 A 198.51.100.236 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#51758 (euc-excel.officeapps.live.com.): answer: euc-excel.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 50 CNAME euc-excel-geo.wac.trafficmanager.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#48825 (host084.example.net.): answer: host084.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#50987: query: gew4-dealer-ssl.spotify.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#50987 (gew4-dealer-ssl.spotify.com.): answer: gew4-dealer-ssl.spotify.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56510: query: host085.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56510 (host085.example.net.): answer: host085.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#48620: query: 198.51.100.23.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#48620 (198.51.100.23.in-addr.arpa.): answer: 198.51.100.23.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host077.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#40677: query: host086.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#40677 (host086.example.net.): answer: host086.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#52044: query: host087.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#52044 (host087.example.net.): answer: host087.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56682: query: host088.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#53596: query: host021.host021.host021.example.net IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#45525: query: host087.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56682 (host088.example.net.): answer: host088.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#53596 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#45525 (host087.example.net.): answer: host087.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.255 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#56221: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#64124: query: lb._dns-sd._udp.198.51.100.113.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#64124 (lb._dns-sd._udp.198.51.100.113.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.113.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#56221 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59798: query: host089.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59798 (host089.example.net.): answer: host089.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#41456: query: host090.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#41456 (host090.example.net.): answer: host090.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#41941: query: host091.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#41941 (host091.example.net.): answer: host091.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#58281: query: host092.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#58281 (host092.example.net.): answer: host092.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#53919: query: host087.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#35807: query: host087.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#53919 (host087.example.net.): answer: host087.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.255 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#35807 (host087.example.net.): answer: host087.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#59556: query: ocsp2.g.aaplimg.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#59556 (ocsp2.g.aaplimg.com.): answer: ocsp2.g.aaplimg.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#33174: query: host093.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#33174 (host093.example.net.): answer: host093.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731: query: host020.host020.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731 (host020.host020.example.net.): answer: host020.host020.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.154#14516 (www.gtv-fleks.nl.): answer: www.gtv-fleks.nl. IN A (10.100.0.1) -> NOERROR 60 CNAME gtv-fleks.nl. 60 A 198.51.100.56 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.43#60529: query: ctldl.windowsupdate.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.43#60529 (ctldl.windowsupdate.com.): answer: ctldl.windowsupdate.com. IN A (10.100.0.1) -> NOERROR 2379 CNAME ctldl.windowsupdate.com.delivery.microsoft.com. 2350 CNAME wu-b-net.trafficmanager.net. 247 CNAME bg.microsoft.map.fastly.net. 19 A 198.51.100.112 19 A 198.51.100.111 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#47471: query: host094.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#47471 (host094.example.net.): answer: host094.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#34785: query: host095.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#34785 (host095.example.net.): answer: host095.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#23764: query: 198.51.100.36.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#23764 (198.51.100.36.in-addr.arpa.): answer: 198.51.100.36.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host072.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#55384: query: ipagave.azurewebsites.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#55384 (ipagave.azurewebsites.net.): answer: ipagave.azurewebsites.net. IN TYPE65 (10.100.0.1) -> NOERROR 1017 CNAME waws-prod-dm1-013.vip.azurewebsites.windows.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#57943: query: ipagave.azurewebsites.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#57943 (ipagave.azurewebsites.net.): answer: ipagave.azurewebsites.net. IN A (10.100.0.1) -> NOERROR 1017 CNAME waws-prod-dm1-013.vip.azurewebsites.windows.net. 21 CNAME waws-prod-dm1-013.centralus.cloudapp.azure.com. 1 A 198.51.100.216 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#54097: query: host096.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#53931: query: addin.insights.static.microsoft IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#53931 (addin.insights.static.microsoft.): answer: addin.insights.static.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR 157 CNAME agave-prod-afd-d5fmb2bnhpffbrbu.b01.azurefd.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.111#60952: query: dns.msftncsi.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.111#60952 (dns.msftncsi.com.): answer: dns.msftncsi.com. IN A (10.100.0.1) -> NOERROR 8 A 198.51.100.215 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#54097 (host096.example.net.): answer: host096.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#37600: query: host097.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#49224: query: addin.insights.static.microsoft IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#49224 (addin.insights.static.microsoft.): answer: addin.insights.static.microsoft. IN A (10.100.0.1) -> NOERROR 157 CNAME agave-prod-afd-d5fmb2bnhpffbrbu.b01.azurefd.net. 25 CNAME mr-b01.tm-azurefd.net. 28 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.210 35 A 198.51.100.211 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#37600 (host097.example.net.): answer: host097.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#47390: query: host098.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#47390 (host098.example.net.): answer: host098.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#55646: query: host099.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#55646 (host099.example.net.): answer: host099.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#35632: query: host100.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#35632 (host100.example.net.): answer: host100.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#52494: query: host101.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#52494 (host101.example.net.): answer: host101.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#43828: query: host102.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.255#36019: query: 198.51.100.36.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#43828 (host102.example.net.): answer: host102.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.255#36019 (198.51.100.36.in-addr.arpa.): answer: 198.51.100.36.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host072.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669: query: host024.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669 (host024.example.net.): answer: host024.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.69#53821: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.69#53821 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.159#61850: query: a1854.casalemedia.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.255#17520: query: 198.51.100.23.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.98#52482: query: europe.cp.wd.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.98#52482 (europe.cp.wd.microsoft.com.): answer: europe.cp.wd.microsoft.com. IN A (10.100.0.1) -> NOERROR 982 CNAME wd-prod-cp-eu.trafficmanager.net. 208 CNAME wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com. 5 A 198.51.100.227 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.255#17520 (198.51.100.23.in-addr.arpa.): answer: 198.51.100.23.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host077.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.159#59616: query: a1854.casalemedia.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.25#57594: query: host103.host103.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.25#57594 (host103.host103.example.net.): answer: host103.host103.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.26 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731: query: host026.host026.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731 (host026.host026.example.net.): answer: host026.host026.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.70#57664: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.159#61850 (a1854.casalemedia.com.): answer: a1854.casalemedia.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.70#57664 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56130: query: star.fallback.c10r.instagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56130 (star.fallback.c10r.instagram.com.): answer: star.fallback.c10r.instagram.com. IN A (10.100.0.1) -> NOERROR 8 A 198.51.100.20 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.159#59616 (a1854.casalemedia.com.): answer: a1854.casalemedia.com. IN A (10.100.0.1) -> NOERROR 2554 A 198.51.100.53 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.188#27352: query: www.google.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.188#27352 (www.google.com.): answer: www.google.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.119#56834: query: 27-courier.push.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.119#56834 (27-courier.push.apple.com.): answer: 27-courier.push.apple.com. IN A (10.100.0.1) -> NOERROR 6530 CNAME 27.courier-push-apple.com.akadns.net. 51 CNAME eu-nw-courier-4.push-apple.com.akadns.net. 22 A 198.51.100.35 22 A 198.51.100.38 22 A 198.51.100.32 22 A 198.51.100.37 22 A 198.51.100.36 22 A 198.51.100.33 22 A 198.51.100.34 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.108#63521: query: eu-office.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.108#63521 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.113#52557: query: settings-win.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.113#52557 (settings-win.data.microsoft.com.): answer: settings-win.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 454 CNAME atm-settingsfe-prod-geo2.trafficmanager.net. 1 CNAME settings-prod-weu-1.westeurope.cloudapp.azure.com. 2 A 198.51.100.231 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.188#22173: query: www.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.188#22173 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.244 115 A 198.51.100.249 115 A 198.51.100.246 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 115 A 198.51.100.248 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#53568: query: cdns.eu1.gigya.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#62386: query: www.tui.nl IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#62386 (www.tui.nl.): answer: www.tui.nl. IN A (10.100.0.1) -> NOERROR 49 CNAME www.tui.nl-v1.edgekey.net. 645 CNAME e116189.dsca.akamaiedge.net. 0 A 198.51.100.130 0 A 198.51.100.127 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#62730: query: z-p42-chat-e2ee-ig.facebook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#62730 (z-p42-chat-e2ee-ig.facebook.com.): answer: z-p42-chat-e2ee-ig.facebook.com. IN A (10.100.0.1) -> NOERROR 2994 CNAME chat-e2ee-ig-p42.c10r.facebook.com. 36 A 198.51.100.30 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#54985: query: benelph.de IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.13#65356: query: eu-office.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#54084: query: mask.icloud.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.13#65356 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#54084 (mask.icloud.com.): answer: mask.icloud.com. IN TYPE65 (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#64991: query: mask.icloud.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#64991 (mask.icloud.com.): answer: mask.icloud.com. IN A (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. 3 A 198.51.100.42 3 A 198.51.100.41 3 A 198.51.100.45 3 A 198.51.100.46 3 A 198.51.100.43 3 A 198.51.100.44 3 A 198.51.100.40 3 A 198.51.100.47 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.13#51416: query: eu-office.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.13#51416 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49816: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49816 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.55#60563: query: pages.plasticsurgery.org IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63448: query: benelph.de IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669: query: host028.host028.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669 (host028.host028.example.net.): answer: host028.host028.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.5#61023: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.5#61023 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#54985 (benelph.de.): answer: benelph.de. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49196: query: europe.smartscreen.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49196 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56229: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56229 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63331: query: brwsrfrm.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51967: query: clients.config.office.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51967 (clients.config.office.net.): answer: clients.config.office.net. IN TYPE65 (10.100.0.1) -> NOERROR 205 CNAME cloudpolicyclientsconfig.originmira.tm.svc.cloud.microsoft. 14 CNAME atm.common.mira.tm.svc.cloud.microsoft. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#64591: query: clients.config.office.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#64591 (clients.config.office.net.): answer: clients.config.office.net. IN A (10.100.0.1) -> NOERROR 205 CNAME cloudpolicyclientsconfig.originmira.tm.svc.cloud.microsoft. 14 CNAME atm.common.mira.tm.svc.cloud.microsoft. 3 A 198.51.100.175 3 A 198.51.100.169 3 A 198.51.100.170 3 A 198.51.100.173 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63448 (benelph.de.): answer: benelph.de. IN A (10.100.0.1) -> NOERROR 264 A 198.51.100.232 264 A 198.51.100.222 264 A 198.51.100.226 264 A 198.51.100.229 264 A 198.51.100.234 264 A 198.51.100.225 264 A 198.51.100.235 264 A 198.51.100.223 264 A 198.51.100.217 264 A 198.51.100.219 264 A 198.51.100.221 264 A 198.51.100.218 264 A 198.51.100.224 264 A 198.51.100.227 264 A 198.51.100.216 264 A +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#55028: query: edge.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52867: query: edge.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#55028 (edge.microsoft.com.): answer: edge.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52867 (edge.microsoft.com.): answer: edge.microsoft.com. IN A (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. 80 CNAME ax-0002.ax-dc-msedge.net. 5 A 198.51.100.3 5 A 198.51.100.4 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#53035: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.96#59390: query: teams.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.96#59390 (teams.microsoft.com.): answer: teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 95863 CNAME teams.office.com. 29 CNAME tmc-g2.tm-4.office.com. 22 CNAME teams-office-com.s-0005.dual-s-msedge.net. 101 CNAME s-0005.dual-s-msedge.net. 25 A 198.51.100.252 25 A 198.51.100.251 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#53035 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.96#51074: query: teams.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.96#51074 (teams.microsoft.com.): answer: teams.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 95863 CNAME teams.office.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731: query: host030.host030.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731 (host030.host030.example.net.): answer: host030.host030.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#60016: query: bag.itunes.apple.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#60016 (bag.itunes.apple.com.): answer: bag.itunes.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 3189 CNAME bag-cdn.itunes-apple.com.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#49940: query: configuration.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#52786: query: configuration.apple.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#52786 (configuration.apple.com.): answer: configuration.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 38606 CNAME configuration.apple.com.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.38#62332: query: api2.cursor.sh IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#55554: query: brwsrfrm.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#50952: query: bag.itunes.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#50952 (bag.itunes.apple.com.): answer: bag.itunes.apple.com. IN A (10.100.0.1) -> NOERROR 3190 CNAME bag-cdn.itunes-apple.com.akadns.net. 518 CNAME bag-cdn-lb.itunes-apple.com.akadns.net. 134 CNAME h3.apis.apple.map.fastly.net. 30 A 198.51.100.11 30 A 198.51.100.13 30 A 198.51.100.16 30 A 198.51.100.8 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.60#53347: query: eu-mobile.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#61139: query: mask.apple-dns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.60#53347 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#61139 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.235#43542: query: hbase-rs.node6.isieca.eca.local IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.235#43542 (hbase-rs.node6.isieca.eca.local.): answer: hbase-rs.node6.isieca.eca.local. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63331 (brwsrfrm.com.): answer: brwsrfrm.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.86#58372: query: enterpriseregistration.windows.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.86#58372 (enterpriseregistration.windows.net.): answer: enterpriseregistration.windows.net. IN A (10.100.0.1) -> NOERROR 1792 CNAME na.privatelink.msidentity.com. 129 CNAME prdf.aadg.msidentity.com. 21 CNAME www.tm.f.prd.aadg.akadns.net. 291 A 198.51.100.212 291 A 198.51.100.213 291 A 198.51.100.150 291 A 198.51.100.215 291 A 198.51.100.152 291 A 198.51.100.151 291 A 198.51.100.214 291 A 40.126. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52932: query: testorg.sharepoint.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52932 (testorg.sharepoint.com.): answer: testorg.sharepoint.com. IN TYPE65 (10.100.0.1) -> NOERROR 3484 CNAME 1271-ipv4v6s.clump.dprodmgd104.aa-rt.sharepoint.com. 22 CNAME 189376-ipv4v6s.farm.dprodmgd104.aa-rt.sharepoint.com. 3 CNAME 189376-ipv4v6g.farm.dprodmgd104.sharepointonline.com.akadns.net. 260 CNAME 189376-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spo-0005.sp +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.12#63585: query: example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.12#63585 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58829: query: testorg.sharepoint.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58829 (testorg.sharepoint.com.): answer: testorg.sharepoint.com. IN A (10.100.0.1) -> NOERROR 3484 CNAME 1271-ipv4v6s.clump.dprodmgd104.aa-rt.sharepoint.com. 22 CNAME 189376-ipv4v6s.farm.dprodmgd104.aa-rt.sharepoint.com. 3 CNAME 189376-ipv4v6g.farm.dprodmgd104.sharepointonline.com.akadns.net. 260 CNAME 189376-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spo-0005.spo-mse +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669: query: wpad.canbus.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669 (wpad.canbus.net.): answer: wpad.canbus.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#55554 (brwsrfrm.com.): answer: brwsrfrm.com. IN A (10.100.0.1) -> NOERROR 104 A 198.51.100.218 104 A 198.51.100.224 104 A 198.51.100.225 104 A 198.51.100.222 104 A 198.51.100.234 104 A 198.51.100.216 104 A 198.51.100.217 104 A 198.51.100.233 104 A 198.51.100.231 104 A 198.51.100.235 104 A 198.51.100.227 104 A 198.51.100.230 104 A 198.51.100.229 104 A 198.51.100.228 104 A 198.51.100.220 10 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689: query: host037.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689 (host037.example.net.): answer: host037.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689: query: host037.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689 (host037.example.net.): answer: host037.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.14 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689: query: host041.host041.host041.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.176#50469: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.176#50469 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689 (host041.host041.host041.example.net.): answer: host041.host041.host041.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731: query: wpad.acds.canon-europe.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.6#60085: query: host019.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.6#60085 (host019.example.net.): answer: host019.example.net. IN A (10.100.0.1) -> NOERROR 180 A 10.1.1.8 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.124#57628: query: host019.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.124#57628 (host019.example.net.): answer: host019.example.net. IN A (10.100.0.1) -> NOERROR 180 A 10.1.1.8 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.62#1026: query: host104.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.62#1026 (host105.example.net.): answer: host105.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 172.16.2.61 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#53568 (cdns.eu1.gigya.com.): answer: cdns.eu1.gigya.com. IN A (10.100.0.1) -> NOERROR 46 CNAME d18uol17ln7pq5.cloudfront.net. 2 A 198.51.100.101 2 A 198.51.100.103 2 A 198.51.100.102 2 A 198.51.100.100 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#53142: query: configuration.apple.com.akadns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#53142 (configuration.apple.com.akadns.net.): answer: configuration.apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 13 CNAME configuration-row-lb.apple.com.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.124#63372: query: officeclient.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.124#63372 (officeclient.microsoft.com.): answer: officeclient.microsoft.com. IN A (10.100.0.1) -> NOERROR 858 CNAME config.officeapps.live.com. 903 CNAME prod.configsvc1.live.com.akadns.net. 11 CNAME europe.configsvc1.live.com.akadns.net. 249 CNAME config-prod-weightedww.trafficmanager.net. 54 CNAME atm.office.mira.tm.svc.cloud.microsoft. 9 A 198.51.100.237 9 A 198.51.100.239 9 A 52.11 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#52968: query: bag-cdn.itunes-apple.com.akadns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#52968 (bag-cdn.itunes-apple.com.akadns.net.): answer: bag-cdn.itunes-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 517 CNAME bag-cdn-lb.itunes-apple.com.akadns.net. 133 CNAME h3.apis.apple.map.fastly.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.6#51330: query: host022.host022.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.6#51330 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#56033: query: host007.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#56033: query: host007.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#56033 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#56033 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#58919: query: mask.icloud.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#58919 (mask.icloud.com.): answer: mask.icloud.com. IN TYPE65 (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.33#54504: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.33#54504 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#50582: query: mask.icloud.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#50582 (mask.icloud.com.): answer: mask.icloud.com. IN A (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. 3 A 198.51.100.47 3 A 198.51.100.42 3 A 198.51.100.41 3 A 198.51.100.45 3 A 198.51.100.46 3 A 198.51.100.43 3 A 198.51.100.44 3 A 198.51.100.40 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.40#56746: query: msedge.b.tlu.dl.delivery.mp.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.40#56746 (msedge.b.tlu.dl.delivery.mp.microsoft.com.): answer: msedge.b.tlu.dl.delivery.mp.microsoft.com. IN A (10.100.0.1) -> NOERROR 167 CNAME star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com. 5168 CNAME cdp-f-tlu-net.trafficmanager.net. 51 CNAME wildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.net. 3735 CNAME a1847.dscd.akamai.net. 2 A 198.51.100.69 2 A 96.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#55168: query: edge.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#55168 (edge.microsoft.com.): answer: edge.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58590: query: edge.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58590 (edge.microsoft.com.): answer: edge.microsoft.com. IN A (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. 80 CNAME ax-0002.ax-dc-msedge.net. 5 A 198.51.100.3 5 A 198.51.100.4 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#50468: query: instagram.c10r.instagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#50468 (instagram.c10r.instagram.com.): answer: instagram.c10r.instagram.com. IN A (10.100.0.1) -> NOERROR 36 A 198.51.100.27 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731 (wpad.acds.canon-europe.com.): answer: wpad.acds.canon-europe.com. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.171#49449: query: captive-cidr.origin-apple.com.akadns.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.171#49449 (captive-cidr.origin-apple.com.akadns.net.): answer: captive-cidr.origin-apple.com.akadns.net. IN A (10.100.0.1) -> NOERROR 281 CNAME captive-geo.origin-apple.com.akadns.net. 52 CNAME captive.g.aaplimg.com. 5 A 198.51.100.52 5 A 198.51.100.57 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.171#64568: query: captive-cidr.origin-apple.com.akadns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.159#56013: query: eu-teams.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.159#56013 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.75#64780: query: ps.pndsn.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.75#64780 (ps.pndsn.com.): answer: ps.pndsn.com. IN A (10.100.0.1) -> NOERROR 275 A 198.51.100.199 275 A 198.51.100.200 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.79#61599: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.79#61599 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.80#59144: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.80#59144 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.15#53168: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.15#53168 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#49940 (configuration.apple.com.): answer: configuration.apple.com. IN A (10.100.0.1) -> NOERROR 38606 CNAME configuration.apple.com.akadns.net. 13 CNAME configuration-row-lb.apple.com.akadns.net. 30 CNAME configuration.v.aaplimg.com. 15 A 198.51.100.57 15 A 198.51.100.52 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.171#64568 (captive-cidr.origin-apple.com.akadns.net.): answer: captive-cidr.origin-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 281 CNAME captive-geo.origin-apple.com.akadns.net. 52 CNAME captive.g.aaplimg.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.124#54829: query: host022.host022.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.124#54829 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61703: query: mask.apple-dns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61703 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#54005: query: configuration-row-lb.apple.com.akadns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.57#60230: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.57#60230 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.156#62018: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.156#62018 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.57#50177: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.57#50177 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.83#59693: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.83#59693 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.38#62332 (api2.cursor.sh.): answer: api2.cursor.sh. IN A (10.100.0.1) -> NOERROR 300 CNAME api2geo.cursor.sh. 300 CNAME api2direct.cursor.sh. 12 A 198.51.100.195 12 A 198.51.100.14 12 A 198.51.100.186 12 A 198.51.100.4 12 A 198.51.100.185 12 A 198.51.100.83 12 A 198.51.100.178 12 A 198.51.100.185 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669: query: host106.host106.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48380: query: 198.51.100.236.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48380 (198.51.100.236.in-addr.arpa.): answer: 198.51.100.236.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host107.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.131#63891: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.131#63891 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#64788: query: forum.viva.nl IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#63931: query: forum.viva.nl IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#50878: query: test-gateway.instagram.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#50878 (test-gateway.instagram.com.): answer: test-gateway.instagram.com. IN TYPE65 (10.100.0.1) -> NOERROR 2033 CNAME dgw-ig.c10r.facebook.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#53836: query: host007.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#53836 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#59915: query: test-gateway.instagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#59915 (test-gateway.instagram.com.): answer: test-gateway.instagram.com. IN A (10.100.0.1) -> NOERROR 2033 CNAME dgw-ig.c10r.facebook.com. 8 A 198.51.100.28 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.62#51018: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.62#51018 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.182#60559: query: browser.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.182#60559 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.243#63757: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.243#63757 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#54005 (configuration-row-lb.apple.com.akadns.net.): answer: configuration-row-lb.apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 30 CNAME configuration.v.aaplimg.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692: query: host037.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692 (host037.example.net.): answer: host037.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692: query: host037.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692 (host037.example.net.): answer: host037.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.14 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692: query: host041.host041.host041.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692 (host041.host041.host041.example.net.): answer: host041.host041.host041.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.136#51314: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.136#51314 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#64788 (forum.viva.nl.): answer: forum.viva.nl. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.136#65429: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.136#65429 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#59089: query: host008.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#59089 (host008.example.net.): answer: host008.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.37#58764: query: euc-powerpoint.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.37#58764 (euc-powerpoint.officeapps.live.com.): answer: euc-powerpoint.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 2 CNAME euc-powerpoint-geo.wac.trafficmanager.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669 (host106.host106.example.net.): answer: host106.host106.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.37#58331: query: euc-powerpoint.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.37#58331 (euc-powerpoint.officeapps.live.com.): answer: euc-powerpoint.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 2 CNAME euc-powerpoint-geo.wac.trafficmanager.net. 18 CNAME euc-powerpoint.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 27 CNAME euc-powerpoint.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net. 24 CNAME wac-0003.wac-dc-msedge.net +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#44847: query: www.python.org IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.198#38176: query: host012.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.198#58554: query: host012.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.198#38176 (host012.example.net.): answer: host012.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.198#58554 (host012.example.net.): answer: host012.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.196 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#50782: query: ingestion.smartocto.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#50782 (ingestion.smartocto.com.): answer: ingestion.smartocto.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.182#56844: query: browser.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.182#56844 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. 5 A 198.51.100.214 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#63224: query: browser.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#63224 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#51861: query: ingestion.smartocto.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#62435: query: browser.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#62435 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. 5 A 198.51.100.214 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55500: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55500 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#46710: query: host007.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#46710 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55501: query: host036.host036.host036.host036.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55501 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55502: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.47#53436: query: mail.yahoo.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.47#53436 (mail.yahoo.com.): answer: mail.yahoo.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME edge.gycpi.b.yahoodns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55502 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.47#59981: query: mail.yahoo.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.47#59981 (mail.yahoo.com.): answer: mail.yahoo.com. IN A (10.100.0.1) -> NOERROR 48 CNAME edge.gycpi.b.yahoodns.net. 17 A 198.51.100.55 17 A 198.51.100.54 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.166#63308: query: host108.host108.host108.host108.host108.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.166#63308 (host109.host109.host109.host109.host109.example.net.): answer: host109.host109.host109.host109.host109.example.net. IN SRV (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55503: query: host038.host038.host038.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55503 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55504: query: host038.host038.host038.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#44847 (www.python.org.): answer: www.python.org. IN A (10.100.0.1) -> NOERROR 260276 CNAME dualstack.python.map.fastly.net. 60 A 198.51.100.14 60 A 198.51.100.6 60 A 198.51.100.9 60 A 198.51.100.5 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55504 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55505: query: host039.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55505 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55506: query: host039.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55506 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.166#63308: query: host110.host110.host110.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#51861 (ingestion.smartocto.com.): answer: ingestion.smartocto.com. IN A (10.100.0.1) -> NOERROR 57 A 198.51.100.18 57 A 198.51.100.16 57 A 198.51.100.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.166#63308 (host110.host110.host110.example.net.): answer: host110.host110.host110.example.net. IN SRV (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#50204: query: graph.whatsapp.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#50204 (graph.whatsapp.com.): answer: graph.whatsapp.com. IN TYPE65 (10.100.0.1) -> NOERROR 780 CNAME whatsapp.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#53023: query: graph.whatsapp.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.125#56738: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#53023 (graph.whatsapp.com.): answer: graph.whatsapp.com. IN A (10.100.0.1) -> NOERROR 780 CNAME whatsapp.com. 22 A 198.51.100.32 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.125#56738 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.155#54459: query: gateway.fe2.apple-dns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.18#50345: query: api.flightproxy.teams.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.155#54459 (gateway.fe2.apple-dns.net.): answer: gateway.fe2.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.18#50345 (api.flightproxy.teams.microsoft.com.): answer: api.flightproxy.teams.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 546 CNAME api.flightproxy.teams.trafficmanager.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.18#60063: query: api.flightproxy.teams.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.18#60063 (api.flightproxy.teams.microsoft.com.): answer: api.flightproxy.teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 545 CNAME api.flightproxy.teams.trafficmanager.net. 6 CNAME ep-euwe-02-prod-aks.flightproxy.teams.microsoft.com. 1468 CNAME epx.euwe-02.ic3-calling-enterpriseproxy.westeurope-prod.cosmic.office.net. 3 CNAME cosmic-westeurope-ns-018d0b8c6998.trafficmanager.net +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52413: query: dgw-ig.c10r.facebook.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52413 (dgw-ig.c10r.facebook.com.): answer: dgw-ig.c10r.facebook.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#33649: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#33649 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#45654: query: host111.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#33638: query: host111.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#33638 (host111.example.net.): answer: host111.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#45654 (host111.example.net.): answer: host111.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.246 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.58#58734: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.58#58734 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#54182: query: whatsapp.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#54182 (whatsapp.com.): answer: whatsapp.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#56996: query: _dns.resolver.arpa IN TYPE64 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#56996 (_dns.resolver.arpa.): answer: _dns.resolver.arpa. IN TYPE64 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#56638: query: euc-common.online.office.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#56638 (euc-common.online.office.com.): answer: euc-common.online.office.com. IN TYPE65 (10.100.0.1) -> NOERROR 258 CNAME euc-common-geo.wac.trafficmanager.net. 5 CNAME euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 35 CNAME wac-0003.wac-msedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#49889: query: gsp85-ssl.ls.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#49889 (gsp85-ssl.ls.apple.com.): answer: gsp85-ssl.ls.apple.com. IN A (10.100.0.1) -> NOERROR 1017 CNAME gsp85-ssl.ls2-apple.com.akadns.net. 27 A 198.51.100.23 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#50672: query: euc-common.online.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#50672 (euc-common.online.office.com.): answer: euc-common.online.office.com. IN A (10.100.0.1) -> NOERROR 258 CNAME euc-common-geo.wac.trafficmanager.net. 5 CNAME euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 35 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.235 18 A 198.51.100.236 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#64577: query: mask.icloud.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#64577 (mask.icloud.com.): answer: mask.icloud.com. IN TYPE65 (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#57496: query: gsp85-ssl.ls.apple.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#57496 (gsp85-ssl.ls.apple.com.): answer: gsp85-ssl.ls.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 1017 CNAME gsp85-ssl.ls2-apple.com.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#50637: query: mask.icloud.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#50637 (mask.icloud.com.): answer: mask.icloud.com. IN A (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. 3 A 198.51.100.44 3 A 198.51.100.40 3 A 198.51.100.47 3 A 198.51.100.42 3 A 198.51.100.41 3 A 198.51.100.45 3 A 198.51.100.46 3 A 198.51.100.43 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64717: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.234#56863: query: hbase-rs.node4.isieca.eca.local IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.234#56863 (hbase-rs.node4.isieca.eca.local.): answer: hbase-rs.node4.isieca.eca.local. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64717 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.234#44647: query: hbase-rs.node6.isieca.eca.local IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.234#44647 (hbase-rs.node6.isieca.eca.local.): answer: hbase-rs.node6.isieca.eca.local. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.246#47119: query: 172.16.2.74.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.246#47119 (172.16.2.74.in-addr.arpa.): answer: 172.16.2.74.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host112.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64718: query: host036.host036.host036.host036.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64718 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64719: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64719 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64720: query: host038.host038.host038.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64720 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64721: query: host038.host038.host038.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64721 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64722: query: host039.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64722 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.44#59426: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.44#59426 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.183#50218: query: oneocsp.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.183#50218 (oneocsp.microsoft.com.): answer: oneocsp.microsoft.com. IN A (10.100.0.1) -> NOERROR 2284 CNAME oneocsp-microsoft-com.a-0003.a-msedge.net. 165 CNAME a-0003.a-msedge.net. 136 A 198.51.100.159 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.160#63010: query: mediacloud.xiaohongshu.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55581: query: host113.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#53076: query: oauth.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#53076 (oauth.officeapps.live.com.): answer: oauth.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 52 CNAME oauth-geo.wac.trafficmanager.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55581 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64723: query: host039.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64723 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#50047: query: oauth.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#50047 (oauth.officeapps.live.com.): answer: oauth.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 52 CNAME oauth-geo.wac.trafficmanager.net. 57 CNAME oauth.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 12 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.235 18 A 198.51.100.236 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.226#64052: query: example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#59527: query: host113.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.226#64052 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#59527 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.39#57805: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.39#57805 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.199#39324: query: host114.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.199#39324 (host114.example.net.): answer: host114.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.199 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.199#39324: query: host114.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.199#39324 (host114.example.net.): answer: host114.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#38653: query: host115.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#38653 (HIxComeZmm-p.EXAMPLE.NET.): answer: HIxComeZmm-p.EXAMPLE.NET. IN AAAA (10.100.0.1) -> NOERROR 28800 CNAME host116.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55708: query: host113.example.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55708 (host113.example.net.): answer: host113.example.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#65129: query: host113.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#65129 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#38406: query: host117.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#38406 (host117.example.net.): answer: host117.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#47531: query: host117.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#47531 (host117.example.net.): answer: host117.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.245 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#53138: query: host013.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#53138: query: host013.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#53138 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#53138 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61661: query: sstats.adobe.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61661 (sstats.adobe.com.): answer: sstats.adobe.com. IN TYPE65 (10.100.0.1) -> NOERROR 470 CNAME adobe.com.ssl.d1.sc.omtrdc.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#62336: query: sstats.adobe.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#62336 (sstats.adobe.com.): answer: sstats.adobe.com. IN A (10.100.0.1) -> NOERROR 470 CNAME adobe.com.ssl.d1.sc.omtrdc.net. 374 A 198.51.100.45 374 A 198.51.100.40 374 A 198.51.100.44 374 A 198.51.100.42 374 A 198.51.100.43 374 A 198.51.100.41 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54970: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54970 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54971: query: host036.host036.host036.host036.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54971 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54972: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#50988: query: acrobat.adobe.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#50988 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN TYPE65 (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54972 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#59257: query: acrobat.adobe.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54973: query: host038.host038.host038.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54973 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51802: query: www.bing.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51802 (www.bing.com.): answer: www.bing.com. IN TYPE65 (10.100.0.1) -> NOERROR 1256 CNAME www-www.bing.com.trafficmanager.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54974: query: host038.host038.host038.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58772: query: www.bing.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58772 (www.bing.com.): answer: www.bing.com. IN A (10.100.0.1) -> NOERROR 1256 CNAME www-www.bing.com.trafficmanager.net. 22 CNAME www.bing.com.edgekey.net. 9122 CNAME e86303.dscx.akamaiedge.net. 3 A 198.51.100.120 3 A 198.51.100.119 3 A 198.51.100.117 3 A 198.51.100.121 3 A 198.51.100.118 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54974 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55257: query: europe.smartscreen.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55257 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54975: query: host039.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54975 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.245#10038: query: 172.16.2.74.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.245#10038 (172.16.2.74.in-addr.arpa.): answer: 172.16.2.74.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host112.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#59984: query: graph.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#59984 (graph.microsoft.com.): answer: graph.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1054 CNAME ags.privatelink.msidentity.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#62382: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#62382 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54976: query: host039.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54976 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56397: query: graph.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56397 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 122 A 198.51.100.141 122 A 198.51.100.210 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.135#50811: query: host031.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.135#50811 (host031.example.net.): answer: host031.example.net. IN A (10.100.0.1) -> NOERROR 300 A 10.1.1.134 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.135#50811: query: host031.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.135#50811 (host031.example.net.): answer: host031.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#60667: query: mask.apple-dns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#60667 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#54966: query: gsp85-ssl.ls2-apple.com.akadns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50731: query: host058.host058.host058.host058.host058.host058.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#54966 (gsp85-ssl.ls2-apple.com.akadns.net.): answer: gsp85-ssl.ls2-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50731 (host062.host062.host062.host062.host062.host062.example.net.): answer: host062.host062.host062.host062.host062.host062.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host034.example.net. 600 SRV 0 100 389 host005.example.net. 600 SRV 0 100 389 host061.example.net. 600 SRV 0 100 389 host059.example.net. 600 SRV 0 100 389 host060.example.net. 600 SRV 0 100 389 host063.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#50318: query: euc-collabrtc.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#50318 (euc-collabrtc.officeapps.live.com.): answer: euc-collabrtc.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#65416: query: euc-collabrtc.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#65416 (euc-collabrtc.officeapps.live.com.): answer: euc-collabrtc.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 258 CNAME euc-collabrtc-geo.rtc.trafficmanager.net. 31 CNAME euc-collabrtc.rtc.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 4 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.236 18 A 198.51.100.235 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.160#63010 (mediacloud.xiaohongshu.com.): answer: mediacloud.xiaohongshu.com. IN A (10.100.0.1) -> NOERROR 488 CNAME mediacloud.xiaohongshu.com.edgesuite.net. 17503 CNAME a1674.dscb.akamai.net. 20 A 198.51.100.123 20 A 198.51.100.115 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#56684: query: host118.host118.example.net IN TXT (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#56684 (host118.host118.example.net.): answer: host118.host118.example.net. IN TXT (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#51473: query: host119.host119.example.net IN TXT (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#51473 (host119.host119.example.net.): answer: host119.host119.example.net. IN TXT (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#54165: query: host120.host120.example.net IN TXT (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#54165 (host120.host120.example.net.): answer: host120.host120.example.net. IN TXT (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#62819: query: host121.host121.example.net IN TXT (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#62819 (host121.host121.example.net.): answer: host121.host121.example.net. IN TXT (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#51755: query: browser.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#51755 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#64640: query: browser.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#64640 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. 5 A 198.51.100.214 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#52485: query: host122.host122.example.net IN TXT (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#52485 (host122.host122.example.net.): answer: host122.host122.example.net. IN TXT (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.9#63494: query: euc-excel-telemetry.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#63344: query: host007.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#63344: query: host007.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.9#63494 (euc-excel-telemetry.officeapps.live.com.): answer: euc-excel-telemetry.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 236 CNAME euc-excel-telemetry.wac.trafficmanager.net. 240 CNAME pgteu4-excel-telemetry-vip.officeapps.live.com. 222 A 198.51.100.232 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#63344 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#63344 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.9#63929: query: euc-excel-telemetry.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.9#63929 (euc-excel-telemetry.officeapps.live.com.): answer: euc-excel-telemetry.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 236 CNAME euc-excel-telemetry.wac.trafficmanager.net. 240 CNAME pgteu4-excel-telemetry-vip.officeapps.live.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#59257 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN A (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. 20 A 198.51.100.124 20 A 198.51.100.128 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.59#55236: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.59#55236 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.20#52539: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.20#52539 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#63085: query: host021.host021.host021.example.net IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#63085 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#51750: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#56037: query: lb._dns-sd._udp.198.51.100.184.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#59909: query: lb._dns-sd._udp.192.0.2.1.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#51750 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#56037 (lb._dns-sd._udp.198.51.100.184.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.184.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#59909 (lb._dns-sd._udp.192.0.2.1.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.1.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#49417: query: lb._dns-sd._udp.198.51.100.18.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#49417 (lb._dns-sd._udp.198.51.100.18.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.18.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.53#51166: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.53#51166 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.67#50697: query: www.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.67#50697 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.248 115 A 198.51.100.244 115 A 198.51.100.249 115 A 198.51.100.246 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#39781: query: host123.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#39781: query: host123.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#39781 (host123.example.net.): answer: host123.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.97 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#39781 (host123.example.net.): answer: host123.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#44984: query: host124.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#50542: query: host125.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#44984: query: host124.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#50542: query: host125.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#44984 (host124.example.net.): answer: host124.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.238 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#44984 (host124.example.net.): answer: host124.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#50542 (host125.example.net.): answer: host125.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.70 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#50542 (host125.example.net.): answer: host125.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#44266: query: host126.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#44266: query: host126.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#44266 (host126.example.net.): answer: host126.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.103 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#44266 (host126.example.net.): answer: host126.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#51387: query: www.linkedin.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#51387 (www.linkedin.com.): answer: www.linkedin.com. IN TYPE65 (10.100.0.1) -> NOERROR 111 CNAME cf-afd.www.linkedin.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43261: query: host127.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43261: query: host127.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43261 (host127.example.net.): answer: host127.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.17 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43261 (host127.example.net.): answer: host127.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#56951: query: media.licdn.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#56951 (media.licdn.com.): answer: media.licdn.com. IN TYPE65 (10.100.0.1) -> NOERROR 227 CNAME media.cm.licdn.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#60501: query: media.licdn.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#60501 (media.licdn.com.): answer: media.licdn.com. IN A (10.100.0.1) -> NOERROR 227 CNAME media.cm.licdn.com. 83 CNAME media-fsly.sb.lnkdns.net. 1563 CNAME fs-ak-cf.media.sb.lnkdns.net. 110 CNAME linkedin.map.fastly.net. 40 A 198.51.100.7 40 A 198.51.100.12 40 A 198.51.100.15 40 A 198.51.100.10 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#58534: query: graph-fallback.facebook.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#58534 (graph-fallback.facebook.com.): answer: graph-fallback.facebook.com. IN A (10.100.0.1) -> NOERROR 3182 CNAME star.fallback.c10r.facebook.com. 22 A 198.51.100.19 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#53509: query: www.linkedin.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36049: query: host128.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36049: query: host128.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#53509 (www.linkedin.com.): answer: www.linkedin.com. IN A (10.100.0.1) -> NOERROR 111 CNAME cf-afd.www.linkedin.com. 48 CNAME www.linkedin.com.cdn.cloudflare.net. 107 A 198.51.100.204 107 A 172.16.2.77 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36049 (host128.example.net.): answer: host128.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.49 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36049 (host128.example.net.): answer: host128.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#60817: query: host129.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#60817: query: host129.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#60817 (host129.example.net.): answer: host129.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.72 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#60817 (host129.example.net.): answer: host129.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48201: query: host130.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48201: query: host130.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48201 (host130.example.net.): answer: host130.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.1.136 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48201 (host130.example.net.): answer: host130.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#51196: query: host131.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#51196: query: host131.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#51196 (host131.example.net.): answer: host131.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.1.139 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#51196 (host131.example.net.): answer: host131.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.188#45272: query: host132.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.188#45272 (host132.example.net.): answer: host132.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.224 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52227: query: acrobat.adobe.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52227 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN A (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. 20 A 198.51.100.124 20 A 198.51.100.128 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#33656: query: host133.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#33656: query: host133.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#33656 (host133.example.net.): answer: host133.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.1.103 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#33656 (host133.example.net.): answer: host133.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36788: query: host134.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36788: query: host134.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36788 (host134.example.net.): answer: host134.example.net. IN A (10.100.0.1) -> NOERROR 3600 A 10.1.0.57 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36788 (host134.example.net.): answer: host134.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53681: query: host135.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53681: query: host135.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53681 (host135.example.net.): answer: host135.example.net. IN A (10.100.0.1) -> NOERROR 600 A 10.1.0.98 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53681 (host135.example.net.): answer: host135.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.188#45272: query: host132.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.188#45272 (host132.example.net.): answer: host132.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#55918: query: www.youtube.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#55918 (www.youtube.com.): answer: www.youtube.com. IN TYPE65 (10.100.0.1) -> NOERROR 256 CNAME youtube-ui.l.google.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#63506: query: www.youtube.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#63506 (www.youtube.com.): answer: www.youtube.com. IN A (10.100.0.1) -> NOERROR 256 CNAME youtube-ui.l.google.com. 92 A 198.51.100.251 92 A 198.51.100.109 92 A 198.51.100.253 92 A 198.51.100.238 92 A 172.16.2.68 92 A 198.51.100.241 92 A 172.16.2.70 92 A 172.16.2.71 92 A 198.51.100.164 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53418: query: host136.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53418: query: host136.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53418 (host136.example.net.): answer: host136.example.net. IN A (10.100.0.1) -> NOERROR 3600 A 10.1.1.111 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53418 (host136.example.net.): answer: host136.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.108#58804: query: graph.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.108#58804 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 122 A 198.51.100.141 122 A 198.51.100.210 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#50880: query: ipv6.msftconnecttest.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#50880 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.78#60581: query: login.microsoftonline.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.78#60581 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#49940: query: ipv6.msftconnecttest.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#49940 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.170#51917: query: trk.pinterest.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.170#51917 (trk.pinterest.com.): answer: trk.pinterest.com. IN A (10.100.0.1) -> NOERROR 6 CNAME vpc-trk-10d1b1f8032805fc.elb.us-east-1.amazonaws.com. 11 A 198.51.100.228 11 A 198.51.100.12 11 A 198.51.100.179 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.59#58408: query: host034.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.59#58408 (host034.example.net.): answer: host034.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.91#59678: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.91#59678 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.178#50620: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.178#50620 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.102#57874: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.102#57874 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.142#55587: query: euc-onenote.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.142#55587 (euc-onenote.officeapps.live.com.): answer: euc-onenote.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 23 CNAME euc-onenote-geo.wac.trafficmanager.net. 2 CNAME euc-onenote.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 33 CNAME wac-0003.wac-msedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.185#56945: query: host004.host004.host004.host004.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.185#56945 (host004.host004.host004.host004.example.net.): answer: host004.host004.host004.host004.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host005.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#63775: query: ipv6.msftconnecttest.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#63775 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#60908: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#60908 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.60#54515: query: euro03.azure-devices.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#50308: query: ipv6.msftconnecttest.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#50308 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.142#62302: query: euc-onenote.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.142#62302 (euc-onenote.officeapps.live.com.): answer: euc-onenote.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 22 CNAME euc-onenote-geo.wac.trafficmanager.net. 1 CNAME euc-onenote.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 32 CNAME wac-0003.wac-msedge.net. 17 A 198.51.100.235 17 A 198.51.100.236 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#44483: query: edr-weu.eu.endpoint.security.microsoft.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#44483 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 177 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.58#62896: query: eu-office.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.58#62896 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#63775: query: ipv6.msftconnecttest.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#63775 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#62119: query: ipv6.msftconnecttest.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#62119 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#52258: query: md-prod-simcon-ip128.westeurope.cloudapp.azure.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#52258 (md-prod-simcon-ip128.westeurope.cloudapp.azure.com.): answer: md-prod-simcon-ip128.westeurope.cloudapp.azure.com. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.170#51218: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.170#51218 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.149#61768: query: outlook.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.149#61768 (outlook.office.com.): answer: outlook.office.com. IN A (10.100.0.1) -> NOERROR 31 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.6 7 A 198.51.100.218 7 A 198.51.100.11 7 A 198.51.100.10 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.185#51248: query: host005.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.185#51248 (host005.example.net.): answer: host005.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.228 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.14#50334: query: europe.cp.wd.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.14#50334 (europe.cp.wd.microsoft.com.): answer: europe.cp.wd.microsoft.com. IN A (10.100.0.1) -> NOERROR 982 CNAME wd-prod-cp-eu.trafficmanager.net. 208 CNAME wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com. 5 A 198.51.100.227 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.174#51527: query: msedge.api.cdp.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.174#51527 (msedge.api.cdp.microsoft.com.): answer: msedge.api.cdp.microsoft.com. IN A (10.100.0.1) -> NOERROR 180 CNAME api.cdp.microsoft.com. 3078 CNAME glb.api.prod.dcat.dsp.trafficmanager.net. 43 A 198.51.100.51 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.60#54515 (EURO03.azure-devices.net.): answer: EURO03.azure-devices.net. IN A (10.100.0.1) -> NOERROR 95 CNAME gateway-prod-gw-uksouth-3-tls10-g2.uksouth.cloudapp.azure.com. 10 A 198.51.100.229 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51568: query: acrobat.adobe.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51568 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN A (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. 20 A 198.51.100.128 20 A 198.51.100.124 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56743: query: acrobat.adobe.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56743 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN TYPE65 (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#56053: query: lcdn-locator.apple.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#56053 (lcdn-locator.apple.com.): answer: lcdn-locator.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 27514 CNAME lcdn-locator.apple.com.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#44665: query: host137.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#44665: query: host137.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#44665 (host137.example.net.): answer: host137.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.210 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#44665 (host137.example.net.): answer: host137.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#64579: query: dns.umbrella.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#64579 (dns.umbrella.com.): answer: dns.umbrella.com. IN A (10.100.0.1) -> NOERROR 376 A 198.51.100.161 376 A 198.51.100.160 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.45#51416: query: host059.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.190#63182: query: host138.host138.example.net IN A (10.1.0.189) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.45#51416 (host059.example.net.): answer: host059.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.227 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#57694: query: dns.opendns.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#57694 (dns.opendns.com.): answer: dns.opendns.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#50294: query: _dns.resolver.arpa IN TYPE64 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#50294 (_dns.resolver.arpa.): answer: _dns.resolver.arpa. IN TYPE64 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#50260: query: lcdn-locator.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#50260 (lcdn-locator.apple.com.): answer: lcdn-locator.apple.com. IN A (10.100.0.1) -> NOERROR 27514 CNAME lcdn-locator.apple.com.akadns.net. 15 CNAME lcdn-locator-usuqo.apple.com.akadns.net. 38 A 198.51.100.22 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#61200: query: dns.opendns.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#61200 (dns.opendns.com.): answer: dns.opendns.com. IN A (10.100.0.1) -> NOERROR 2380 A 198.51.100.160 2380 A 198.51.100.161 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#60709: query: mira-ofc.tm-4.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#60709 (mira-ofc.tm-4.office.com.): answer: mira-ofc.tm-4.office.com. IN A (10.100.0.1) -> NOERROR 6 A 198.51.100.248 6 A 198.51.100.247 6 A 198.51.100.245 6 A 198.51.100.238 6 A 198.51.100.242 6 A 198.51.100.246 6 A 198.51.100.243 6 A 198.51.100.244 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#55760: query: doh.umbrella.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#55760 (doh.umbrella.com.): answer: doh.umbrella.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#62432: query: doh.opendns.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#62432 (doh.opendns.com.): answer: doh.opendns.com. IN A (10.100.0.1) -> NOERROR 114 A 198.51.100.254 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#65243: query: doh.umbrella.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#65243 (doh.umbrella.com.): answer: doh.umbrella.com. IN A (10.100.0.1) -> NOERROR 1 A 198.51.100.255 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#49322: query: doh.opendns.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#49322 (doh.opendns.com.): answer: doh.opendns.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.84#62056: query: euc-word-telemetry.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.84#62056 (euc-word-telemetry.officeapps.live.com.): answer: euc-word-telemetry.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 5 CNAME euc-word-telemetry.wac.trafficmanager.net. 1 CNAME pgteu5-word-telemetry-vip.officeapps.live.com. 5 A 198.51.100.233 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.84#63242: query: euc-word-telemetry.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.84#63242 (euc-word-telemetry.officeapps.live.com.): answer: euc-word-telemetry.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 5 CNAME euc-word-telemetry.wac.trafficmanager.net. 1 CNAME pgteu5-word-telemetry-vip.officeapps.live.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.150#59826: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.150#59826 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.193#46619: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.193#46619 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.193#46619: query: edr-weu.eu.endpoint.security.microsoft.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.193#46619 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 177 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#63557: query: substrate.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#63557 (substrate.office.com.): answer: substrate.office.com. IN A (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.11 7 A 198.51.100.10 7 A 198.51.100.218 7 A 198.51.100.6 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.152#56843: query: host139.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.152#56843 (host140.example.net.): answer: host140.example.net. IN A (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.152#55122: query: host141.host141.host141.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.152#55122 (host142.host142.host142.example.net.): answer: host142.host142.host142.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.131#65073: query: euc-word-edit.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.131#65073 (euc-word-edit.officeapps.live.com.): answer: euc-word-edit.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 3 CNAME euc-word-edit-geo.wac.trafficmanager.net. 14 CNAME euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 20 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.236 18 A 198.51.100.235 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.87#50122: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.87#50122 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.177#57792: query: array514.prod.do.dsp.mp.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.177#57792 (array514.prod.do.dsp.mp.microsoft.com.): answer: array514.prod.do.dsp.mp.microsoft.com. IN A (10.100.0.1) -> NOERROR 2679 A 198.51.100.50 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.99#58671: query: features.netscalergateway.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.99#58671 (features.netscalergateway.net.): answer: features.netscalergateway.net. IN A (10.100.0.1) -> NOERROR 21 CNAME features.netscalergateway.net.akadns.net. 13 CNAME az-eu-w-features.netscalergateway.net. 1 CNAME lb-traefik-ngs-production-client.westeurope.cloudapp.azure.com. 3 A 198.51.100.34 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.67#53210: query: host004.host004.host004.host004.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.67#53210 (host004.host004.host004.host004.example.net.): answer: host004.host004.host004.host004.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host005.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#56173: query: dns.umbrella.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#56173 (dns.umbrella.com.): answer: dns.umbrella.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.151#50235: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.151#50235 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.19#62903: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.19#62903 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#53256: query: partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.116#57937: query: login.microsoftonline.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.116#57937 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.208 99 A 198.51.100.148 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.90#49563: query: host004.host004.host004.host004.example.net IN SRV (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.90#49563 (host004.host004.host004.host004.example.net.): answer: host004.host004.host004.host004.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host005.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#50843: query: www.booking.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#50843 (www.booking.com.): answer: www.booking.com. IN A (10.100.0.1) -> NOERROR 467 CNAME d1of1hbywxxm65.cloudfront.net. 24 A 198.51.100.107 24 A 198.51.100.104 24 A 198.51.100.106 24 A 198.51.100.105 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#55015: query: host132.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#55015: query: host132.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#55015 (host132.example.net.): answer: host132.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.224 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#55015 (host132.example.net.): answer: host132.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#51053: query: partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.67#53210: query: host005.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.67#53210 (host005.example.net.): answer: host005.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.228 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.21#60618: query: config.edge.skype.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.21#60618 (config.edge.skype.com.): answer: config.edge.skype.com. IN TYPE65 (10.100.0.1) -> NOERROR 7182 CNAME config.edge.skype.com.trafficmanager.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.21#58136: query: config.edge.skype.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.21#58136 (config.edge.skype.com.): answer: config.edge.skype.com. IN A (10.100.0.1) -> NOERROR 7182 CNAME config.edge.skype.com.trafficmanager.net. 37 CNAME ln-0007.config.skype.com. 2449 CNAME config-edge-skype.ln-0007.ln-msedge.net. 207 CNAME ln-0007.ln-msedge.net. 108 A 198.51.100.2 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#51564: query: substrate.office.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#51564 (substrate.office.com.): answer: substrate.office.com. IN TYPE65 (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#53605: query: substrate.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#53605 (substrate.office.com.): answer: substrate.office.com. IN A (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.11 7 A 198.51.100.10 7 A 198.51.100.218 7 A 198.51.100.6 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#60953: query: lcdn-locator.apple.com.akadns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#60953 (lcdn-locator.apple.com.akadns.net.): answer: lcdn-locator.apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#53256 (partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net.): answer: partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net. IN AAAA (10.100.0.1) -> NOERROR 6 CNAME cosmic-northeurope-ns-5ad59b4881b2.trafficmanager.net. 18 CNAME partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.121#65384: query: gew4-spclient.spotify.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.121#65384 (gew4-spclient.spotify.com.): answer: gew4-spclient.spotify.com. IN TYPE65 (10.100.0.1) -> NOERROR 139 CNAME edge-web-gew4.dual-gslb.spotify.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.121#55641: query: gew4-spclient.spotify.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.121#55641 (gew4-spclient.spotify.com.): answer: gew4-spclient.spotify.com. IN A (10.100.0.1) -> NOERROR 138 CNAME edge-web-gew4.dual-gslb.spotify.com. 37 A 198.51.100.202 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#62386: query: cdn.cookielaw.org IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#62386 (cdn.cookielaw.org.): answer: cdn.cookielaw.org. IN A (10.100.0.1) -> NOERROR 207 A 198.51.100.206 207 A 198.51.100.205 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43628: query: 198.51.100.80.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43628 (198.51.100.80.in-addr.arpa.): answer: 198.51.100.80.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host143.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.220#51327: query: example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.220#51327 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#51053 (partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net.): answer: partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net. IN A (10.100.0.1) -> NOERROR 6 CNAME cosmic-northeurope-ns-5ad59b4881b2.trafficmanager.net. 15 CNAME partition-cname-trouter-ic3-edf-trouter-service-trouter-2.d02-027.ic3-edf-tr +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#53568: query: t-cf.bstatic.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#53568 (t-cf.bstatic.com.): answer: t-cf.bstatic.com. IN A (10.100.0.1) -> NOERROR 1668 CNAME d2i5gg36g14bzn.cloudfront.net. 11 A 198.51.100.85 11 A 198.51.100.86 11 A 198.51.100.91 11 A 198.51.100.88 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#42167: query: host144.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#42167: query: host144.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#42167 (host144.example.net.): answer: host144.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.211 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#42167 (host144.example.net.): answer: host144.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#57886: query: weatherkit.apple.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#57886 (weatherkit.apple.com.): answer: weatherkit.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 2881 CNAME weatherkit.apple.com.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.169#56746: query: host145.example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.169#56746 (host146.example.net.): answer: host146.example.net. IN SOA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.190#57427: query: 182.10.in-addr.arpa IN SOA (10.1.0.189) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#58840: query: weatherkit.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#58840 (weatherkit.apple.com.): answer: weatherkit.apple.com. IN A (10.100.0.1) -> NOERROR 2881 CNAME weatherkit.apple.com.akadns.net. 52 CNAME weather-data.apple.com.akamaized.net. 9385 CNAME a2047.dscapi9.akamai.net. 5 A 198.51.100.195 5 A 198.51.100.194 5 A 198.51.100.192 5 A 198.51.100.199 5 A 198.51.100.198 5 A 198.51.100.196 5 A 198.51.100.193 5 A 198.51.100.197 5 A 104.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#35013: query: host147.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#35013: query: host147.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#35013 (host147.example.net.): answer: host147.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.212 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#35013 (host147.example.net.): answer: host147.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#52456: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#52456 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#63628: query: host021.host021.host021.example.net IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#63628 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.87#62518: query: host022.host022.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#60235: query: lb._dns-sd._udp.198.51.100.162.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#60235 (lb._dns-sd._udp.198.51.100.162.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.162.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.87#62518 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.29#56153: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.29#56153 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.71#60092: query: self.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.71#60092 (self.events.data.microsoft.com.): answer: self.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 37 CNAME self-events-data.trafficmanager.net. 7 CNAME onedscolprdweu03.westeurope.cloudapp.azure.com. 0 A 198.51.100.213 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.169#56746: query: host015.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.169#56746 (host015.example.net.): answer: host015.example.net. IN A (10.100.0.1) -> NOERROR 600 A 10.1.0.189 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.65#52118: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.65#52118 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#51428: query: weatherkit.apple.com.akadns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#51428 (weatherkit.apple.com.akadns.net.): answer: weatherkit.apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 10 CNAME weather-data.apple.com.akamaized.net. 9385 CNAME a2047.dscapi9.akamai.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.104#57182: query: browser.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.104#57182 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.104#51027: query: browser.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.104#51027 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. 5 A 198.51.100.214 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#64835: query: turbo.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#64835 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.107#51019: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.107#51019 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#60279: query: turbo.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#60279 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN A (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. 5 CNAME mr-b01.tm-azurefd.net. 28 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.211 35 A 198.51.100.210 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#60989: query: partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic.office.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.52#58498: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.52#58498 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.18#51279: query: host148.example.net IN SOA (10.1.0.189) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.18#51279 (host148.example.net.): answer: host148.example.net. IN SOA (10.1.0.189) -> SERVFAIL +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#63962: query: signaler-pa.clients6.google.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#63962 (signaler-pa.clients6.google.com.): answer: signaler-pa.clients6.google.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#55732: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#55732 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#60989 (partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic.office.net.): answer: partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic.office.net. IN A (10.100.0.1) -> NOERROR 18 A 198.51.100.253 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#64836: query: www.linkedin.com.cdn.cloudflare.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#64836 (www.linkedin.com.cdn.cloudflare.net.): answer: www.linkedin.com.cdn.cloudflare.net. IN TYPE65 (10.100.0.1) -> NOERROR +<27>Apr 17 12:39:52 eip-dns-test01 named[38626]: client @0x22b4a6b66d10 10.1.1.169#60715: update 'example.net/IN' denied +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#53686: query: signaler-pa.clients6.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#53686 (signaler-pa.clients6.google.com.): answer: signaler-pa.clients6.google.com. IN A (10.100.0.1) -> NOERROR 196 A 172.16.2.69 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.144#57844: query: login.microsoftonline.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.144#57844 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.181#63814: query: faster.typekit.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.150#61251: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.150#61251 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#53617: query: eu-office.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#53617 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.180#57956: query: self.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.180#57956 (self.events.data.microsoft.com.): answer: self.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 37 CNAME self-events-data.trafficmanager.net. 7 CNAME onedscolprdweu03.westeurope.cloudapp.azure.com. 0 A 198.51.100.213 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.170#56918: query: notify.bugsnag.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.170#56918 (notify.bugsnag.com.): answer: notify.bugsnag.com. IN A (10.100.0.1) -> NOERROR 9 A 198.51.100.201 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.10#55264: query: host029.host029.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.10#55264 (host029.host029.example.net.): answer: host029.host029.example.net. IN A (10.100.0.1) -> NOERROR 0 A 10.1.1.29 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.36#59974: query: v10.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.36#59974 (v10.events.data.microsoft.com.): answer: v10.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 22 CNAME win-global-asimov-leafs-events-data.trafficmanager.net. 6 CNAME onedscolprdeus11.eastus.cloudapp.azure.com. 5 A 198.51.100.154 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#62530: query: eu-office.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#62530 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51117: query: m365.cloud.microsoft IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51117 (m365.cloud.microsoft.): answer: m365.cloud.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56538: query: m365.cloud.microsoft IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56538 (m365.cloud.microsoft.): answer: m365.cloud.microsoft. IN A (10.100.0.1) -> NOERROR 53 CNAME officehomemcm.anc.tm.svc.cloud.microsoft. 8 CNAME officehomemcm.afdcafe.tm.svc.cloud.microsoft. 41 CNAME home-office365-com.b-0004.b-msedge.net. 118 CNAME b-0004.b-msedge.net. 11 A 198.51.100.212 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.23#40411: query: host149.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.23#40411: query: host149.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.23#40411 (host149.example.net.): answer: host149.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.242 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.23#40411 (host149.example.net.): answer: host149.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.24#60102: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.24#60102 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#51651: query: onedscolprdneu02.northeurope.cloudapp.azure.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.77#50190: query: identity.osi.office.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.77#50190 (identity.osi.office.net.): answer: identity.osi.office.net. IN TYPE65 (10.100.0.1) -> NOERROR 904 CNAME prod.identity1.osi.office.net.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.77#52190: query: identity.osi.office.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.77#52190 (identity.osi.office.net.): answer: identity.osi.office.net. IN A (10.100.0.1) -> NOERROR 904 CNAME prod.identity1.osi.office.net.akadns.net. 142 CNAME eur.identity1.osi.office.net.akadns.net. 246 CNAME 3pidentity-prod-defaultgeo.trafficmanager.net. 49 CNAME atm.office.mira.tm.svc.cloud.microsoft. 9 A 198.51.100.237 9 A 198.51.100.240 9 A 198.51.100.239 9 A 198.51.100.241 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#52371: query: www.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#52371 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 115 A 198.51.100.248 115 A 198.51.100.244 115 A 198.51.100.249 115 A 198.51.100.246 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.181#63814 (faster.typekit.net.): answer: faster.typekit.net. IN A (10.100.0.1) -> NOERROR 49 CNAME faster.typekit.net-stls-v3.edgesuite.net. 15555 CNAME a1962.dscg.akamai.net. 20 A 198.51.100.114 20 A 198.51.100.122 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#64444: query: www.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#64444 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.249 115 A 198.51.100.246 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 115 A 198.51.100.248 115 A 198.51.100.244 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.171#64564: query: outlook.office.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.171#64564 (outlook.office.com.): answer: outlook.office.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.171#59964: query: outlook.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.171#59964 (outlook.office.com.): answer: outlook.office.com. IN A (10.100.0.1) -> NOERROR 31 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.10 7 A 198.51.100.6 7 A 198.51.100.218 7 A 198.51.100.11 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.104#57193: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.104#57193 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.127#51465: query: host150.example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#63931 (forum.viva.nl.): answer: forum.viva.nl. IN A (10.100.0.1) -> NOERROR 300 CNAME cf-viva.viva-forum.production.183295429382.eu-west-1.cloud.kompas.services. 300 CNAME djornz5oeyhvf.cloudfront.net. 60 A 198.51.100.87 60 A 198.51.100.90 60 A 198.51.100.84 60 A 198.51.100.89 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.127#51465 (host151.example.net.): answer: host151.example.net. IN SOA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#54240: query: eu-teams.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#54240 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.154#65052: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.154#65052 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#56805: query: eu-teams.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#56805 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.127#51465: query: host015.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.127#51465 (host015.example.net.): answer: host015.example.net. IN A (10.100.0.1) -> NOERROR 600 A 10.1.0.189 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#51651 (onedscolprdneu02.northeurope.cloudapp.azure.com.): answer: onedscolprdneu02.northeurope.cloudapp.azure.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.113#50510: query: 10-courier.push.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.113#50510 (10-courier.push.apple.com.): answer: 10-courier.push.apple.com. IN A (10.100.0.1) -> NOERROR 12363 CNAME 10.courier-push-apple.com.akadns.net. 42 CNAME eu-nw-courier-4.push-apple.com.akadns.net. 22 A 198.51.100.38 22 A 198.51.100.35 22 A 198.51.100.33 22 A 198.51.100.34 22 A 198.51.100.37 22 A 198.51.100.36 22 A 198.51.100.32 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.74#55478: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.74#55478 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.167#62016: query: dns.msftncsi.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.167#62016 (dns.msftncsi.com.): answer: dns.msftncsi.com. IN AAAA (10.100.0.1) -> NOERROR 428 AAAA fd12:3456:789a::1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49664: query: turbo.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49664 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN A (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. 5 CNAME mr-b01.tm-azurefd.net. 28 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.211 35 A 198.51.100.210 +<27>Apr 17 12:39:52 eip-dns-test01 named[38626]: client @0x22b4aaca8650 10.1.1.127#65381: update 'example.net/IN' denied +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#62584: query: turbo.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#62584 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55489: query: host113.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55489 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#62798: query: host113.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#62798 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#52097: query: host013.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#52097: query: host013.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#52097 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#52097 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#63159: query: host113.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#63159 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#60083: query: host113.example.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#60083 (host113.example.net.): answer: host113.example.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#13540: query: 4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy.fbcdn.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#65116: query: djornz5oeyhvf.cloudfront.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.65#57857: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.65#57857 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.32#61185: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.32#61185 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#57244: query: onedscolprdfrc01.francecentral.cloudapp.azure.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#57244 (onedscolprdfrc01.francecentral.cloudapp.azure.com.): answer: onedscolprdfrc01.francecentral.cloudapp.azure.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#57376: query: euc-word-telemetry.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#57376 (euc-word-telemetry.officeapps.live.com.): answer: euc-word-telemetry.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 5 CNAME euc-word-telemetry.wac.trafficmanager.net. 1 CNAME pgteu5-word-telemetry-vip.officeapps.live.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#56033: query: euc-word-telemetry.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#56033 (euc-word-telemetry.officeapps.live.com.): answer: euc-word-telemetry.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 5 CNAME euc-word-telemetry.wac.trafficmanager.net. 1 CNAME pgteu5-word-telemetry-vip.officeapps.live.com. 5 A 198.51.100.233 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.8#58393: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.8#58393 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.174#62207: query: browser.events.data.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.174#62207 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.174#56671: query: browser.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.174#56671 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. 5 A 198.51.100.214 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.163#64873: query: substrate.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.163#64873 (substrate.office.com.): answer: substrate.office.com. IN A (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.218 7 A 198.51.100.6 7 A 198.51.100.11 7 A 198.51.100.10 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#65116 (djornz5oeyhvf.cloudfront.net.): answer: djornz5oeyhvf.cloudfront.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.117#49320: query: tm-sdk.platinumai.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.117#49320 (tm-sdk.platinumai.net.): answer: tm-sdk.platinumai.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.132#50989: query: settings-win.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.132#50989 (settings-win.data.microsoft.com.): answer: settings-win.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 454 CNAME atm-settingsfe-prod-geo2.trafficmanager.net. 1 CNAME settings-prod-weu-1.westeurope.cloudapp.azure.com. 2 A 198.51.100.231 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.68#55642: query: excelonline.nel.measure.office.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.68#55642 (excelonline.nel.measure.office.net.): answer: excelonline.nel.measure.office.net. IN A (10.100.0.1) -> NOERROR 8 CNAME nel.measure.office.net.edgesuite.net. 5049 CNAME a1894.dscb.akamai.net. 14 A 198.51.100.116 14 A 198.51.100.114 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.28#50745: query: testorg.hive.templafy.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.28#50745 (testorg.hive.templafy.com.): answer: testorg.hive.templafy.com. IN A (10.100.0.1) -> NOERROR 2800 CNAME templafyprod1.templafy.com. 40 CNAME templafyprod1.trafficmanager.net. 47 CNAME backendpooltemplafyprod1-3.templafy.com. 53 A 198.51.100.153 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.173#59994: query: media-ams2-1.cdn.whatsapp.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.173#59994 (media-ams2-1.cdn.whatsapp.net.): answer: media-ams2-1.cdn.whatsapp.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.173#63733: query: media-ams2-1.cdn.whatsapp.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.173#63733 (media-ams2-1.cdn.whatsapp.net.): answer: media-ams2-1.cdn.whatsapp.net. IN A (10.100.0.1) -> NOERROR 2211 A 198.51.100.31 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.44#53603: query: teams.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.44#53603 (teams.microsoft.com.): answer: teams.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 95863 CNAME teams.office.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.44#62020: query: teams.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.44#62020 (teams.microsoft.com.): answer: teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 95863 CNAME teams.office.com. 29 CNAME tmc-g2.tm-4.office.com. 22 CNAME teams-office-com.s-0005.dual-s-msedge.net. 101 CNAME s-0005.dual-s-msedge.net. 25 A 198.51.100.251 25 A 198.51.100.252 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.158#55420: query: testorg.hive.templafy.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.158#55420 (testorg.hive.templafy.com.): answer: testorg.hive.templafy.com. IN A (10.100.0.1) -> NOERROR 2800 CNAME templafyprod1.templafy.com. 40 CNAME templafyprod1.trafficmanager.net. 47 CNAME backendpooltemplafyprod1-3.templafy.com. 53 A 198.51.100.153 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#62818: query: eu-mobile.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#62818 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#54788: query: eu-mobile.events.data.microsoft.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#54788 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#13540 (4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy.fbcdn.net.): answer: 4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy.fbcdn.net. IN A (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.62#50678: query: uploads.cdn.biorender.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.62#50678 (uploads.cdn.biorender.com.): answer: uploads.cdn.biorender.com. IN TYPE65 (10.100.0.1) -> NOERROR 10 CNAME dw09pkmvpczpb.cloudfront.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.62#65274: query: uploads.cdn.biorender.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.41#60316: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.41#60316 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#59320: query: pfr1-collabhubrtc.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#59320 (pfr1-collabhubrtc.officeapps.live.com.): answer: pfr1-collabhubrtc.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 79 CNAME pfr1-collabhubrtc-split.rtc.trafficmanager.net. 10 CNAME pfr1-vipcollabrtc.officeapps.live.com. 182 A 198.51.100.234 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#60305: query: pfr1-collabhubrtc.officeapps.live.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#60305 (pfr1-collabhubrtc.officeapps.live.com.): answer: pfr1-collabhubrtc.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.13#48460: query: host031.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.13#42494: query: host031.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.13#48460 (host031.example.net.): answer: host031.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.13#42494 (host031.example.net.): answer: host031.example.net. IN A (10.100.0.1) -> NOERROR 300 A 10.1.1.134 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.114#60260: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.114#49973: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.114#49973 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.114#60260 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.10#50807: query: example.net IN SOA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.10#50807 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.130#64737: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.130#64737 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.89#50723: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.89#50723 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.73#58165: query: editor.svc.cloud.microsoft IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.73#58165 (editor.svc.cloud.microsoft.): answer: editor.svc.cloud.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR 20 CNAME prod1.naturallanguageeditorservice.osi.office.net.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.73#62974: query: editor.svc.cloud.microsoft IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.73#62974 (editor.svc.cloud.microsoft.): answer: editor.svc.cloud.microsoft. IN A (10.100.0.1) -> NOERROR 20 CNAME prod1.naturallanguageeditorservice.osi.office.net.akadns.net. 4 CNAME prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net. 4 A 198.51.100.49 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.122#51055: query: tas01.cwsapp.update.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.122#51055 (tas01.cwsapp.update.microsoft.com.): answer: tas01.cwsapp.update.microsoft.com. IN A (10.100.0.1) -> NOERROR 125 CNAME glb.tas01.cwsapp-prod.dcat.dsp.mp.microsoft.com. 621 CNAME glb.cwsapp.prod.dcat.dsp.trafficmanager.net. 18 A 198.51.100.226 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.89#55853: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.89#55853 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#49510: query: onedscolprdfrc01.francecentral.cloudapp.azure.com IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#49510 (onedscolprdfrc01.francecentral.cloudapp.azure.com.): answer: onedscolprdfrc01.francecentral.cloudapp.azure.com. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.123#58803: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.123#58803 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#41461: query: host152.host152.host152.host152.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#41461 (host152.host152.host152.host152.example.net.): answer: host152.host152.host152.host152.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.120#52852: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.120#52852 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.94#62361: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.94#62361 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#59427: query: www.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#59427 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 115 A 198.51.100.248 115 A 198.51.100.244 115 A 198.51.100.249 115 A 198.51.100.246 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#53826: query: apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#53826 (apple.com.): answer: apple.com. IN A (10.100.0.1) -> NOERROR 244 A 198.51.100.53 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.172#56085: query: enterpriseregistration.windows.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.172#56085 (enterpriseregistration.windows.net.): answer: enterpriseregistration.windows.net. IN A (10.100.0.1) -> NOERROR 1792 CNAME na.privatelink.msidentity.com. 129 CNAME prdf.aadg.msidentity.com. 21 CNAME www.tm.f.prd.aadg.akadns.net. 291 A 198.51.100.214 291 A 198.51.100.211 291 A 198.51.100.212 291 A 198.51.100.213 291 A 198.51.100.150 291 A 198.51.100.215 291 A 198.51.100.152 291 A 20.190.181 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.55#57471: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.55#57471 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.115#30425: query: gos-api.gos-gsp.io IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.115#30425 (gos-api.gos-gsp.io.): answer: gos-api.gos-gsp.io. IN A (10.100.0.1) -> NOERROR 27 CNAME gos-api-pew1.gos-gsp.io. 4 CNAME gos-api-pew1-a.gos-gsp.io. 13 A 198.51.100.197 13 A 198.51.100.255 13 A 198.51.100.17 13 A 198.51.100.46 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.229#54956: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.229#54956 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.121#62632: query: keepalive.softether.org IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.121#62632 (keepalive.softether.org.): answer: keepalive.softether.org. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.164#60877: query: ams-efz.ms-acdc.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.164#60877 (ams-efz.ms-acdc.office.com.): answer: ams-efz.ms-acdc.office.com. IN A (10.100.0.1) -> NOERROR 6 A 198.51.100.218 6 A 198.51.100.11 6 A 198.51.100.10 6 A 198.51.100.6 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.110#65215: query: ws-m2m.prs.healthcare.philips.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.110#65215 (ws-m2m.prs.healthcare.philips.com.): answer: ws-m2m.prs.healthcare.philips.com. IN A (10.100.0.1) -> NOERROR 1545 A 198.51.100.163 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#59837: query: mask.icloud.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#59837 (mask.icloud.com.): answer: mask.icloud.com. IN TYPE65 (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#51279: query: waa-pa.clients6.google.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#51279 (waa-pa.clients6.google.com.): answer: waa-pa.clients6.google.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#49743: query: waa-pa.clients6.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#49743 (waa-pa.clients6.google.com.): answer: waa-pa.clients6.google.com. IN A (10.100.0.1) -> NOERROR 74 A 198.51.100.250 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#62214: query: mask.icloud.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#62214 (mask.icloud.com.): answer: mask.icloud.com. IN A (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. 3 A 198.51.100.42 3 A 198.51.100.41 3 A 198.51.100.45 3 A 198.51.100.46 3 A 198.51.100.43 3 A 198.51.100.44 3 A 198.51.100.40 3 A 198.51.100.47 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#51237: query: star.c10r.facebook.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#51237 (star.c10r.facebook.com.): answer: star.c10r.facebook.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#54810: query: xp.apple.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.60#64556: query: mdav.eu.endpoint.security.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#54810 (xp.apple.com.): answer: xp.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 2500 CNAME xp.itunes-apple.com.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.60#64556 (mdav.eu.endpoint.security.microsoft.com.): answer: mdav.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 106 CNAME md-prod-simcon-atm-epp-eu.trafficmanager.net. 269 CNAME md-prod-simcon-ip0.westeurope.cloudapp.azure.com. 1 A 198.51.100.157 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.4#60140: query: euc-excel.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.4#60140 (euc-excel.officeapps.live.com.): answer: euc-excel.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 49 CNAME euc-excel-geo.wac.trafficmanager.net. 55 CNAME euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 44 CNAME wac-0003.wac-msedge.net. 17 A 198.51.100.236 17 A 198.51.100.235 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.4#58957: query: euc-excel.officeapps.live.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.4#58957 (euc-excel.officeapps.live.com.): answer: euc-excel.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 49 CNAME euc-excel-geo.wac.trafficmanager.net. 55 CNAME euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 44 CNAME wac-0003.wac-msedge.net. 17 A 198.51.100.236 17 A 198.51.100.235 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#52105: query: ssl.gstatic.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#52105 (ssl.gstatic.com.): answer: ssl.gstatic.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#58669: query: ssl.gstatic.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#58669 (ssl.gstatic.com.): answer: ssl.gstatic.com. IN A (10.100.0.1) -> NOERROR 4 A 198.51.100.165 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.110#59967: query: ws-m2m.prs.healthcare.philips.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.110#59967 (ws-m2m.prs.healthcare.philips.com.): answer: ws-m2m.prs.healthcare.philips.com. IN A (10.100.0.1) -> NOERROR 1545 A 198.51.100.163 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.100#62713: query: outlook.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.100#62713 (outlook.office.com.): answer: outlook.office.com. IN A (10.100.0.1) -> NOERROR 31 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.10 7 A 198.51.100.6 7 A 198.51.100.218 7 A 198.51.100.11 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.88#59170: query: gacs-discovery.cloud.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.63#62901: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.63#62901 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#49874: query: xp.apple.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#49874 (xp.apple.com.): answer: xp.apple.com. IN A (10.100.0.1) -> NOERROR 2500 CNAME xp.itunes-apple.com.akadns.net. 77 CNAME xp-cdn-lb.itunes-apple.com.akadns.net. 25 CNAME xp.v.aaplimg.com. 11 A 198.51.100.55 11 A 198.51.100.54 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#51115: query: mask.apple-dns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#51115 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.38#60453: query: substrate.office.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.38#60453 (substrate.office.com.): answer: substrate.office.com. IN TYPE65 (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.38#54881: query: substrate.office.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.38#54881 (substrate.office.com.): answer: substrate.office.com. IN A (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.218 7 A 198.51.100.6 7 A 198.51.100.11 7 A 198.51.100.10 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.62#65274 (uploads.cdn.biorender.com.): answer: uploads.cdn.biorender.com. IN A (10.100.0.1) -> NOERROR 10 CNAME dw09pkmvpczpb.cloudfront.net. 60 A 198.51.100.93 60 A 198.51.100.95 60 A 198.51.100.92 60 A 198.51.100.94 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.120#62227: query: v10.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.120#62227 (v10.events.data.microsoft.com.): answer: v10.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 22 CNAME win-global-asimov-leafs-events-data.trafficmanager.net. 6 CNAME onedscolprdeus11.eastus.cloudapp.azure.com. 5 A 198.51.100.154 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.88#59170 (gacs-discovery.cloud.com.): answer: gacs-discovery.cloud.com. IN A (10.100.0.1) -> NOERROR 242 CNAME appconfig-ffb2c4are9abh3fa.a01.azurefd.net. 18 CNAME mr-a01.tm-azurefd.net. 25 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.211 35 A 198.51.100.210 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.160#53191: query: graph.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.160#53191 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.210 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 122 A 198.51.100.141 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.160#50737: query: graph.microsoft.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.160#50737 (graph.microsoft.com.): answer: graph.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1054 CNAME ags.privatelink.msidentity.com. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#53090: query: iphone-ld.origin-apple.com.akadns.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#53090 (iphone-ld.origin-apple.com.akadns.net.): answer: iphone-ld.origin-apple.com.akadns.net. IN A (10.100.0.1) -> NOERROR 292 CNAME iphone-ld-migration.origin-apple.com.akadns.net. 23 CNAME iphone-ld.v.aaplimg.com. 8 A 198.51.100.54 8 A 198.51.100.57 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#51249: query: iphone-ld.origin-apple.com.akadns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#51249 (iphone-ld.origin-apple.com.akadns.net.): answer: iphone-ld.origin-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.110#64771: query: locate-europe-west-azure-1.devicetrust.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.110#64771 (locate-europe-west-azure-1.devicetrust.com.): answer: locate-europe-west-azure-1.devicetrust.com. IN A (10.100.0.1) -> NOERROR 146 CNAME whois-eu-west-1.azurewebsites.net. 16 CNAME hosts.whois-eu-west-1.azurewebsites.net. 29 A 198.51.100.134 29 A 198.51.100.135 29 A 198.51.100.132 29 A 198.51.100.208 29 A 198.51.100.207 29 A 198.51.100.133 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#56542: query: 198.51.100.39.in-addr.arpa IN PTR (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#56542 (198.51.100.39.in-addr.arpa.): answer: 198.51.100.39.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host153.host153.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#57577: query: host153.host153.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#57577: query: host153.host153.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#48628: query: host013.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#48628: query: host013.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#57577 (host153.host153.example.net.): answer: host153.host153.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.218 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#57577 (host153.host153.example.net.): answer: host153.host153.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#48628 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#48628 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#64723: query: g.whatsapp.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#62816: query: xp.itunes-apple.com.akadns.net IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#64723 (g.whatsapp.net.): answer: g.whatsapp.net. IN A (10.100.0.1) -> NOERROR 299 CNAME chat.cdn.whatsapp.net. 6 A 198.51.100.33 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#62816 (xp.itunes-apple.com.akadns.net.): answer: xp.itunes-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 76 CNAME xp-cdn-lb.itunes-apple.com.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.141#53995: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.141#53995 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.141#51396: query: host001.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.141#51396 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.155#60368: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.155#60368 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.42#59690: query: eu-teams.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.42#59690 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#42840: query: host124.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#42840: query: host124.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#42840 (host124.example.net.): answer: host124.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.238 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#42840 (host124.example.net.): answer: host124.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#61589: query: scontent-ams2-1.cdninstagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#61589 (scontent-ams2-1.cdninstagram.com.): answer: scontent-ams2-1.cdninstagram.com. IN A (10.100.0.1) -> NOERROR 90 A 198.51.100.27 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#54332: query: iphone-ld.v.aaplimg.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#54332 (iphone-ld.v.aaplimg.com.): answer: iphone-ld.v.aaplimg.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.17#63349: query: host154.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.182#51869: query: login.microsoftonline.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.182#51869 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.17#63349 (host155.example.net.): answer: host155.example.net. IN A (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#45557: query: host132.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#45557 (host132.example.net.): answer: host132.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.224 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#45557: query: host132.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#45557 (host132.example.net.): answer: host132.example.net. IN AAAA (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#59092: query: xp.v.aaplimg.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#59092 (xp.v.aaplimg.com.): answer: xp.v.aaplimg.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#52577: query: scontent-lhr6-2.cdninstagram.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#52577 (scontent-lhr6-2.cdninstagram.com.): answer: scontent-lhr6-2.cdninstagram.com. IN A (10.100.0.1) -> NOERROR 695 A 198.51.100.20 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.204#52449: query: host007.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.204#52449: query: host007.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.204#52449 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.204#52449 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.81#50648: query: downloadplugins.citrix.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.81#50648 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#61572: query: mail.google.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#52908: query: mail.google.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#52908 (mail.google.com.): answer: mail.google.com. IN A (10.100.0.1) -> NOERROR 233 A 198.51.100.240 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.190#53302: query: host156.host156.example.net IN AAAA (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.190#53302 (host156.host156.example.net.): answer: host156.host156.example.net. IN AAAA (10.100.0.1) -> NOERROR 28800 CNAME host157.host157.example.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.190#39280: query: host156.host156.example.net IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.190#39280 (host156.host156.example.net.): answer: host156.host156.example.net. IN A (10.100.0.1) -> NOERROR 28800 CNAME host157.host157.example.net. 28800 A 198.51.100.189 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.161#55971: query: editor.svc.cloud.microsoft IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.161#55971 (editor.svc.cloud.microsoft.): answer: editor.svc.cloud.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR 20 CNAME prod1.naturallanguageeditorservice.osi.office.net.akadns.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.149#49773: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.149#49773 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.161#62709: query: editor.svc.cloud.microsoft IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.161#62709 (editor.svc.cloud.microsoft.): answer: editor.svc.cloud.microsoft. IN A (10.100.0.1) -> NOERROR 20 CNAME prod1.naturallanguageeditorservice.osi.office.net.akadns.net. 4 CNAME prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net. 4 A 198.51.100.49 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.126#52802: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.126#52802 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61559: query: acrobat.adobe.com IN TYPE65 (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61559 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN TYPE65 (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.112#56686: query: europe.smartscreen.microsoft.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.112#56686 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61242: query: acrobat.adobe.com IN A (10.100.0.1) +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61242 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN A (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. 20 A 198.51.100.124 20 A 198.51.100.128 +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#61572 (mail.google.com.): answer: mail.google.com. IN TYPE65 (10.100.0.1) -> NOERROR +<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.130#55301: query: 188926-ipv4fdsmte.gr.global.aa-rt.sharepoint.com IN A (10.100.0.1) \ No newline at end of file diff --git a/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json b/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json new file mode 100644 index 00000000000..e12f5527b80 --- /dev/null +++ b/packages/efficient_ip/data_stream/log/_dev/test/pipeline/test-dns.log-expected.json @@ -0,0 +1,133860 @@ +{ + "expected": [ + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.42", + "port": 56474 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-common.online.office.com", + "registered_domain": "office.com", + "subdomain": "euc-common.online", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.42#56474: query: euc-common.online.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-common.online.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.42", + "port": 56474 + }, + "dns": { + "answers": [ + { + "data": "euc-common-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-common.online.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-common-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.42#56474 (euc-common.online.office.com.): answer: euc-common.online.office.com. IN A (10.100.0.1) -> NOERROR 258 CNAME euc-common-geo.wac.trafficmanager.net. 5 CNAME euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 35 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.235 18 A 198.51.100.236 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-common.online.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.165", + "port": 59650 + }, + "dns": { + "question": { + "class": "IN", + "name": "login.microsoftonline.com", + "registered_domain": "microsoftonline.com", + "subdomain": "login", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.165#59650: query: login.microsoftonline.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.165", + "port": 59650 + }, + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "login.microsoftonline.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.165#59650 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.64", + "port": 50108 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.msftncsi.com", + "registered_domain": "msftncsi.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.64#50108: query: dns.msftncsi.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.msftncsi.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.64", + "port": 50108 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.215", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "dns.msftncsi.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.215", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.64#50108 (dns.msftncsi.com.): answer: dns.msftncsi.com. IN A (10.100.0.1) -> NOERROR 8 A 198.51.100.215 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.msftncsi.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.74", + "port": 62956 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.74#62956: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.74", + "port": 62956 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.74#62956 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.105", + "port": 56853 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.105#56853: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.105", + "port": 56853 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.105#56853 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.168", + "port": 63721 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.168#63721: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.168", + "port": 63721 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.168#63721 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 56127 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.google.com", + "registered_domain": "google.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56127: query: www.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 56127 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56127 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.248 115 A 198.51.100.244 115 A 198.51.100.249 115 A 198.51.100.246 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 52551 + }, + "dns": { + "question": { + "class": "IN", + "name": "z-p42-instagram.c10r.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "z-p42-instagram.c10r", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52551: query: z-p42-instagram.c10r.instagram.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "z-p42-instagram.c10r.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 53130 + }, + "dns": { + "question": { + "class": "IN", + "name": "z-p42-instagram.c10r.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "z-p42-instagram.c10r", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#53130: query: z-p42-instagram.c10r.instagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "z-p42-instagram.c10r.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 53130 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.29", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "z-p42-instagram.c10r.instagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.29", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#53130 (z-p42-instagram.c10r.instagram.com.): answer: z-p42-instagram.c10r.instagram.com. IN A (10.100.0.1) -> NOERROR 41 A 198.51.100.29 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "z-p42-instagram.c10r.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 53312 + }, + "dns": { + "question": { + "class": "IN", + "name": "app-measurement.com", + "registered_domain": "app-measurement.com", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#53312: query: app-measurement.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "app-measurement.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 53312 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.253", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "app-measurement.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.253", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#53312 (app-measurement.com.): answer: app-measurement.com. IN A (10.100.0.1) -> NOERROR 177 A 198.51.100.253 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "app-measurement.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.95", + "port": 63787 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.95#63787: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.95", + "port": 63787 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.95#63787 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.75", + "port": 60720 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.75#60720: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.75", + "port": 60720 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.75#60720 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.75", + "port": 59046 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.75#59046: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.75", + "port": 59046 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.75#59046 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 56258 + }, + "dns": { + "question": { + "class": "IN", + "name": "view.adjust.com", + "registered_domain": "adjust.com", + "subdomain": "view", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#56258: query: view.adjust.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "view.adjust.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 52551 + }, + "dns": { + "question": { + "class": "IN", + "name": "z-p42-instagram.c10r.instagram.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52551 (z-p42-instagram.c10r.instagram.com.): answer: z-p42-instagram.c10r.instagram.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "z-p42-instagram.c10r.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.26", + "port": 50433 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.26#50433: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.26", + "port": 50433 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.26#50433 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.101", + "port": 51741 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.101#51741: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.101", + "port": 51741 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.101#51741 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 49021 + }, + "dns": { + "question": { + "class": "IN", + "name": "pub-ent-frce-03-t.trouter.teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "pub-ent-frce-03-t.trouter.teams", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#49021: query: pub-ent-frce-03-t.trouter.teams.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pub-ent-frce-03-t.trouter.teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 49021 + }, + "dns": { + "answers": [ + { + "data": "partition-cname-trouter.pub-ent-frce-03.ic3-edf-trouter.francecentral-prod.cosmic.office.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "pub-ent-frce-03-t.trouter.teams.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "partition-cname-trouter.pub-ent-frce-03.ic3-edf-trouter.francecentral-prod.cosmic.office.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#49021 (pub-ent-frce-03-t.trouter.teams.microsoft.com.): answer: pub-ent-frce-03-t.trouter.teams.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 678 CNAME partition-cname-trouter.pub-ent-frce-03.ic3-edf-trouter.francecentral-prod.cosmic.office.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pub-ent-frce-03-t.trouter.teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 37741 + }, + "dns": { + "question": { + "class": "IN", + "name": "pub-ent-frce-03-t.trouter.teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "pub-ent-frce-03-t.trouter.teams", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#37741: query: pub-ent-frce-03-t.trouter.teams.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pub-ent-frce-03-t.trouter.teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 37741 + }, + "dns": { + "answers": [ + { + "data": "partition-cname-trouter.pub-ent-frce-03.ic3-edf-trouter.francecentral-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-francecentral-ns-e44da0a10bd2.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "pub-ent-frce-03-t.trouter.teams.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "partition-cname-trouter.pub-ent-frce-03.ic3-edf-trouter.francecentral-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-francecentral-ns-e44da0a10bd2.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#37741 (pub-ent-frce-03-t.trouter.teams.microsoft.com.): answer: pub-ent-frce-03-t.trouter.teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 679 CNAME partition-cname-trouter.pub-ent-frce-03.ic3-edf-trouter.francecentral-prod.cosmic.office.net. 16 CNAME cosmic-francecentral-ns-e44da0a10bd2.trafficmanager.net. 7 CNAME partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pub-ent-frce-03-t.trouter.teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 56258 + }, + "dns": { + "question": { + "class": "IN", + "name": "view.adjust.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#56258 (view.adjust.com.): answer: view.adjust.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "view.adjust.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.213", + "port": 56340 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.213#56340: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.213", + "port": 56340 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.213#56340 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.179", + "port": 50604 + }, + "dns": { + "question": { + "class": "IN", + "name": "connect.epicgames.dev", + "registered_domain": "epicgames.dev", + "subdomain": "connect", + "top_level_domain": "dev", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.179#50604: query: connect.epicgames.dev IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "connect.epicgames.dev" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.86", + "port": 58372 + }, + "dns": { + "question": { + "class": "IN", + "name": "login.microsoftonline.com", + "registered_domain": "microsoftonline.com", + "subdomain": "login", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.86#58372: query: login.microsoftonline.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.86", + "port": 58372 + }, + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "login.microsoftonline.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.86#58372 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.140", + "port": 64819 + }, + "dns": { + "question": { + "class": "IN", + "name": "rr1---sn-4g5lznsl.googlevideo.com", + "registered_domain": "googlevideo.com", + "subdomain": "rr1---sn-4g5lznsl", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.140#64819: query: rr1---sn-4g5lznsl.googlevideo.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "rr1---sn-4g5lznsl.googlevideo.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.140", + "port": 64819 + }, + "dns": { + "answers": [ + { + "data": "rr1.sn-4g5lznsl.googlevideo.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.78", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "rr1---sn-4g5lznsl.googlevideo.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "rr1.sn-4g5lznsl.googlevideo.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.78", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.140#64819 (rr1---sn-4g5lznsl.googlevideo.com.): answer: rr1---sn-4g5lznsl.googlevideo.com. IN A (10.100.0.1) -> NOERROR 1658 CNAME rr1.sn-4g5lznsl.googlevideo.com. 1658 A 198.51.100.78 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "rr1---sn-4g5lznsl.googlevideo.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.148", + "port": 43768 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.google.com", + "registered_domain": "google.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.148#43768: query: www.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.148", + "port": 43768 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.148#43768 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.246 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 115 A 198.51.100.248 115 A 198.51.100.244 115 A 198.51.100.249 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.118", + "port": 39600 + }, + "dns": { + "question": { + "class": "IN", + "name": "connectivitycheck.gstatic.com", + "registered_domain": "gstatic.com", + "subdomain": "connectivitycheck", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.118#39600: query: connectivitycheck.gstatic.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "connectivitycheck.gstatic.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.118", + "port": 39600 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.239", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "connectivitycheck.gstatic.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.239", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.118#39600 (connectivitycheck.gstatic.com.): answer: connectivitycheck.gstatic.com. IN A (10.100.0.1) -> NOERROR 84 A 198.51.100.239 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "connectivitycheck.gstatic.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.118", + "port": 39600 + }, + "dns": { + "question": { + "class": "IN", + "name": "connectivitycheck.gstatic.com", + "registered_domain": "gstatic.com", + "subdomain": "connectivitycheck", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.118#39600: query: connectivitycheck.gstatic.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "connectivitycheck.gstatic.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.118", + "port": 39600 + }, + "dns": { + "answers": [ + { + "data": "fd12:3456:789a::1", + "type": "AAAA" + } + ], + "question": { + "class": "IN", + "name": "connectivitycheck.gstatic.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "fd12:3456:789a::1", + "type": "AAAA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.118#39600 (connectivitycheck.gstatic.com.): answer: connectivitycheck.gstatic.com. IN AAAA (10.100.0.1) -> NOERROR 84 AAAA fd12:3456:789a::1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "connectivitycheck.gstatic.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 59895 + }, + "dns": { + "question": { + "class": "IN", + "name": "teams.cloud.microsoft", + "registered_domain": "cloud.microsoft", + "subdomain": "teams", + "top_level_domain": "microsoft", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#59895: query: teams.cloud.microsoft IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.cloud.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 59895 + }, + "dns": { + "answers": [ + { + "data": "teams-cloud-microsoft.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "teams.cloud.microsoft.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "teams-cloud-microsoft.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#59895 (teams.cloud.microsoft.): answer: teams.cloud.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR 70 CNAME teams-cloud-microsoft.s-0005.dual-s-msedge.net. 18 CNAME s-0005.dual-s-msedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.cloud.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 64296 + }, + "dns": { + "question": { + "class": "IN", + "name": "teams.cloud.microsoft", + "registered_domain": "cloud.microsoft", + "subdomain": "teams", + "top_level_domain": "microsoft", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#64296: query: teams.cloud.microsoft IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.cloud.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 64296 + }, + "dns": { + "answers": [ + { + "data": "teams-cloud-microsoft.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.251", + "type": "A" + }, + { + "data": "198.51.100.252", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "teams.cloud.microsoft.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "teams-cloud-microsoft.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.251", + "type": "A" + }, + { + "data": "198.51.100.252", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#64296 (teams.cloud.microsoft.): answer: teams.cloud.microsoft. IN A (10.100.0.1) -> NOERROR 69 CNAME teams-cloud-microsoft.s-0005.dual-s-msedge.net. 17 CNAME s-0005.dual-s-msedge.net. 24 A 198.51.100.251 24 A 198.51.100.252 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.cloud.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.58", + "port": 59666 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.58#59666: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.58", + "port": 59666 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.58#59666 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.58", + "port": 50350 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.58#50350: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.58", + "port": 50350 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.58#50350 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.73", + "port": 52430 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.73#52430: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.73", + "port": 52430 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.73#52430 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 63397 + }, + "dns": { + "question": { + "class": "IN", + "name": "host002.example.net", + "registered_domain": "example.net", + "subdomain": "host002", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397: query: host002.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host002.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.237", + "port": 62629 + }, + "dns": { + "question": { + "class": "IN", + "name": "host003.example.net", + "registered_domain": "example.net", + "subdomain": "host003", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.237#62629: query: host003.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host003.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.237", + "port": 62629 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.236", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host003.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.236", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.237#62629 (host003.example.net.): answer: host003.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.236 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host003.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.180", + "port": 52405 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.icloud.com", + "registered_domain": "icloud.com", + "subdomain": "mask", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#52405: query: mask.icloud.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.180", + "port": 52405 + }, + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "mask.icloud.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#52405 (mask.icloud.com.): answer: mask.icloud.com. IN TYPE65 (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.79", + "port": 58430 + }, + "dns": { + "question": { + "class": "IN", + "name": "host004.host004.host004.host004.example.net", + "registered_domain": "example.net", + "subdomain": "host004.host004.host004.host004", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.79#58430: query: host004.host004.host004.host004.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host004.host004.host004.host004.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.79", + "port": 58430 + }, + "dns": { + "answers": [ + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + } + ], + "question": { + "class": "IN", + "name": "host004.host004.host004.host004.example.net.", + "type": "SRV" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.79#58430 (host004.host004.host004.host004.example.net.): answer: host004.host004.host004.host004.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host005.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host004.host004.host004.host004.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.180", + "port": 60314 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.icloud.com", + "registered_domain": "icloud.com", + "subdomain": "mask", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#60314: query: mask.icloud.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.180", + "port": 60314 + }, + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mask.icloud.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#60314 (mask.icloud.com.): answer: mask.icloud.com. IN A (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. 3 A 198.51.100.43 3 A 198.51.100.44 3 A 198.51.100.40 3 A 198.51.100.47 3 A 198.51.100.42 3 A 198.51.100.41 3 A 198.51.100.45 3 A 198.51.100.46 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 56616 + }, + "dns": { + "question": { + "class": "IN", + "name": "host006.example.net", + "registered_domain": "example.net", + "subdomain": "host006", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56616: query: host006.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host006.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 56616 + }, + "dns": { + "question": { + "class": "IN", + "name": "host006.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56616 (host006.example.net.): answer: host006.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host006.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.3", + "port": 60173 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#60173: query: host007.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.3", + "port": 60173 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#60173: query: host007.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.3", + "port": 60173 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#60173 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.3", + "port": 60173 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#60173 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 63397 + }, + "dns": { + "question": { + "class": "IN", + "name": "host002.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397 (host002.example.net.): answer: host002.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host002.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 54708 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.39.in-addr.arpa", + "registered_domain": "39.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#54708: query: 198.51.100.39.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.39.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 54708 + }, + "dns": { + "answers": [ + { + "data": "host009.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.39.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host009.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#54708 (198.51.100.39.in-addr.arpa.): answer: 198.51.100.39.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host009.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.39.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.181", + "port": 59494 + }, + "dns": { + "question": { + "class": "IN", + "name": "res.public.onecdn.static.microsoft", + "registered_domain": "static.microsoft", + "subdomain": "res.public.onecdn", + "top_level_domain": "microsoft", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.181#59494: query: res.public.onecdn.static.microsoft IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "res.public.onecdn.static.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.181", + "port": 59494 + }, + "dns": { + "answers": [ + { + "data": "res-ocdi-public.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.public.onecdn.static.microsoft.", + "type": "CNAME" + }, + { + "data": "res-ocdi-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a434.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.76", + "type": "A" + }, + { + "data": "198.51.100.69", + "type": "A" + }, + { + "data": "198.51.100.74", + "type": "A" + }, + { + "data": "198.51.100.64", + "type": "A" + }, + { + "data": "198.51.100.70 14", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "res.public.onecdn.static.microsoft.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "res-ocdi-public.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.public.onecdn.static.microsoft.", + "type": "CNAME" + }, + { + "data": "res-ocdi-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a434.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.76", + "type": "A" + }, + { + "data": "198.51.100.69", + "type": "A" + }, + { + "data": "198.51.100.74", + "type": "A" + }, + { + "data": "198.51.100.64", + "type": "A" + }, + { + "data": "198.51.100.70 14", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.181#59494 (res.public.onecdn.static.microsoft.): answer: res.public.onecdn.static.microsoft. IN A (10.100.0.1) -> NOERROR 282 CNAME res-ocdi-public.trafficmanager.net. 87 CNAME res-1.public.onecdn.static.microsoft. 19 CNAME res-ocdi-stls-prod.edgesuite.net. 119 CNAME a434.dscd.akamai.net. 14 A 198.51.100.76 14 A 198.51.100.69 14 A 198.51.100.74 14 A 198.51.100.64 14 A 198.51.100.70 14 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "res.public.onecdn.static.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.122", + "port": 49665 + }, + "dns": { + "question": { + "class": "IN", + "name": "stream-production.avcdn.net", + "registered_domain": "avcdn.net", + "subdomain": "stream-production", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.122#49665: query: stream-production.avcdn.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "stream-production.avcdn.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.22", + "port": 54200 + }, + "dns": { + "question": { + "class": "IN", + "name": "host010.example.net", + "registered_domain": "example.net", + "subdomain": "host010", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.22#54200: query: host010.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host010.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.22", + "port": 54200 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.7", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host010.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.7", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.22#54200 (host010.example.net.): answer: host010.example.net. IN A (10.100.0.1) -> NOERROR 900 A 10.1.1.7 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host010.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 62066 + }, + "dns": { + "question": { + "class": "IN", + "name": "host011.host011.example.net", + "registered_domain": "example.net", + "subdomain": "host011.host011", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066: query: host011.host011.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host011.host011.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.118", + "port": 52650 + }, + "dns": { + "question": { + "class": "IN", + "name": "refinery2fa.afaspocket.nl", + "registered_domain": "afaspocket.nl", + "subdomain": "refinery2fa", + "top_level_domain": "nl", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#52650: query: refinery2fa.afaspocket.nl IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "refinery2fa.afaspocket.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.118", + "port": 52650 + }, + "dns": { + "answers": [ + { + "data": "refinery2fa-afaspocket-nl.trafficmanager.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "refinery2fa.afaspocket.nl.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "refinery2fa-afaspocket-nl.trafficmanager.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#52650 (refinery2fa.afaspocket.nl.): answer: refinery2fa.afaspocket.nl. IN TYPE65 (10.100.0.1) -> NOERROR 2562 CNAME refinery2fa-afaspocket-nl.trafficmanager.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "refinery2fa.afaspocket.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.118", + "port": 50566 + }, + "dns": { + "question": { + "class": "IN", + "name": "refinery2fa.afaspocket.nl", + "registered_domain": "afaspocket.nl", + "subdomain": "refinery2fa", + "top_level_domain": "nl", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#50566: query: refinery2fa.afaspocket.nl IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "refinery2fa.afaspocket.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.180", + "port": 61113 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "mask", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#61113: query: mask.apple-dns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.180", + "port": 61113 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.180#61113 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.182", + "port": 61204 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.182#61204: query: graph.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.182", + "port": 61204 + }, + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + }, + { + "data": "198.51.100.141", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + }, + { + "data": "198.51.100.141", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.182#61204 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 122 A 198.51.100.141 122 A 198.51.100.210 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.33", + "port": 64388 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-teams.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.33#64388: query: eu-teams.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.33", + "port": 64388 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.33#64388 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.33", + "port": 52928 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-teams.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.33#52928: query: eu-teams.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.33", + "port": 52928 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.33#52928 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.56", + "port": 52730 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edge", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.56#52730: query: edge.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.56", + "port": 52730 + }, + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "edge.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.56#52730 (edge.microsoft.com.): answer: edge.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.92", + "port": 57947 + }, + "dns": { + "question": { + "class": "IN", + "name": "host010.example.net", + "registered_domain": "example.net", + "subdomain": "host010", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.92#57947: query: host010.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host010.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.92", + "port": 57947 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.7", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host010.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.7", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.92#57947 (host010.example.net.): answer: host010.example.net. IN A (10.100.0.1) -> NOERROR 900 A 10.1.1.7 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host010.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.56", + "port": 56409 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edge", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.56#56409: query: edge.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.56", + "port": 56409 + }, + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + }, + { + "data": "ax-0002.ax-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.4", + "type": "A" + }, + { + "data": "198.51.100.3", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edge.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + }, + { + "data": "ax-0002.ax-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.4", + "type": "A" + }, + { + "data": "198.51.100.3", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.56#56409 (edge.microsoft.com.): answer: edge.microsoft.com. IN A (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. 80 CNAME ax-0002.ax-dc-msedge.net. 5 A 198.51.100.4 5 A 198.51.100.3 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.197", + "port": 56096 + }, + "dns": { + "question": { + "class": "IN", + "name": "host012.example.net", + "registered_domain": "example.net", + "subdomain": "host012", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.197#56096: query: host012.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host012.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.197", + "port": 33276 + }, + "dns": { + "question": { + "class": "IN", + "name": "host012.example.net", + "registered_domain": "example.net", + "subdomain": "host012", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.197#33276: query: host012.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host012.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.197", + "port": 33276 + }, + "dns": { + "question": { + "class": "IN", + "name": "host012.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.197#33276 (host012.example.net.): answer: host012.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host012.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.197", + "port": 56096 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.196", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host012.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.196", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.197#56096 (host012.example.net.): answer: host012.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.196 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host012.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 56832 + }, + "dns": { + "question": { + "class": "IN", + "name": "play.playr.biz", + "registered_domain": "playr.biz", + "subdomain": "play", + "top_level_domain": "biz", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#56832: query: play.playr.biz IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "play.playr.biz" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 56832 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.21", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "play.playr.biz.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.21", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#56832 (play.playr.biz.): answer: play.playr.biz. IN A (10.100.0.1) -> NOERROR 1517 A 198.51.100.21 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "play.playr.biz." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 57258 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#57258: query: host013.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 57258 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#57258 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 57258 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#57258: query: host013.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 57258 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#57258 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.179", + "port": 50604 + }, + "dns": { + "answers": [ + { + "data": "weighted-epic-connect-manager-prod.epicgames.dev.", + "type": "CNAME" + }, + { + "data": "198.51.100.13", + "type": "A" + }, + { + "data": "198.51.100.82", + "type": "A" + }, + { + "data": "198.51.100.3", + "type": "A" + }, + { + "data": "198.51.100.22", + "type": "A" + }, + { + "data": "198.51.100.187", + "type": "A" + }, + { + "data": "198.51.100.186", + "type": "A" + }, + { + "data": "198.51.100.15", + "type": "A" + }, + { + "data": "198.51.100.19", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "connect.epicgames.dev.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "weighted-epic-connect-manager-prod.epicgames.dev.", + "type": "CNAME" + }, + { + "data": "198.51.100.13", + "type": "A" + }, + { + "data": "198.51.100.82", + "type": "A" + }, + { + "data": "198.51.100.3", + "type": "A" + }, + { + "data": "198.51.100.22", + "type": "A" + }, + { + "data": "198.51.100.187", + "type": "A" + }, + { + "data": "198.51.100.186", + "type": "A" + }, + { + "data": "198.51.100.15", + "type": "A" + }, + { + "data": "198.51.100.19", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.179#50604 (connect.epicgames.dev.): answer: connect.epicgames.dev. IN A (10.100.0.1) -> NOERROR 241 CNAME weighted-epic-connect-manager-prod.epicgames.dev. 60 A 198.51.100.13 60 A 198.51.100.82 60 A 198.51.100.3 60 A 198.51.100.22 60 A 198.51.100.187 60 A 198.51.100.186 60 A 198.51.100.15 60 A 198.51.100.19 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "connect.epicgames.dev." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 64939 + }, + "dns": { + "question": { + "class": "IN", + "name": "play.playr.biz", + "registered_domain": "playr.biz", + "subdomain": "play", + "top_level_domain": "biz", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#64939: query: play.playr.biz IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "play.playr.biz" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 64939 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.21", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "play.playr.biz.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.21", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#64939 (play.playr.biz.): answer: play.playr.biz. IN A (10.100.0.1) -> NOERROR 1517 A 198.51.100.21 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "play.playr.biz." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 50161 + }, + "dns": { + "question": { + "class": "IN", + "name": "cdn.jsdelivr.net", + "registered_domain": "jsdelivr.net", + "subdomain": "cdn", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#50161: query: cdn.jsdelivr.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cdn.jsdelivr.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 50161 + }, + "dns": { + "answers": [ + { + "data": "cdn.jsdelivr.net.cdn.cloudflare.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.201", + "type": "A" + }, + { + "data": "198.51.100.200", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "cdn.jsdelivr.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cdn.jsdelivr.net.cdn.cloudflare.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.201", + "type": "A" + }, + { + "data": "198.51.100.200", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#50161 (cdn.jsdelivr.net.): answer: cdn.jsdelivr.net. IN A (10.100.0.1) -> NOERROR 263 CNAME cdn.jsdelivr.net.cdn.cloudflare.net. 196 A 198.51.100.201 196 A 198.51.100.200 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cdn.jsdelivr.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 53178 + }, + "dns": { + "question": { + "class": "IN", + "name": "cdn.jsdelivr.net", + "registered_domain": "jsdelivr.net", + "subdomain": "cdn", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#53178: query: cdn.jsdelivr.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cdn.jsdelivr.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 53178 + }, + "dns": { + "question": { + "class": "IN", + "name": "cdn.jsdelivr.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#53178 (cdn.jsdelivr.net.): answer: cdn.jsdelivr.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cdn.jsdelivr.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.250", + "port": 57252 + }, + "dns": { + "question": { + "class": "IN", + "name": "host014.example.net", + "registered_domain": "example.net", + "subdomain": "host014", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#57252: query: host014.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host014.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.250", + "port": 57252 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.251", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host014.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.251", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#57252 (host014.example.net.): answer: host014.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.251 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host014.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.250", + "port": 49550 + }, + "dns": { + "question": { + "class": "IN", + "name": "host014.example.net", + "registered_domain": "example.net", + "subdomain": "host014", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#49550: query: host014.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host014.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.250", + "port": 49550 + }, + "dns": { + "question": { + "class": "IN", + "name": "host014.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#49550 (host014.example.net.): answer: host014.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host014.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.83", + "port": 50183 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.83#50183: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.83", + "port": 50183 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.83#50183 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.28", + "port": 58990 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.28#58990: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.28", + "port": 58990 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.28#58990 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.122", + "port": 49665 + }, + "dns": { + "answers": [ + { + "data": "stream-production.avcdn.net.akamaized.net.", + "type": "CNAME" + }, + { + "data": "a6143.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.58", + "type": "A" + }, + { + "data": "198.51.100.74", + "type": "A" + }, + { + "data": "198.51.100.67", + "type": "A" + }, + { + "data": "198.51.100.60", + "type": "A" + }, + { + "data": "198.51.100.75", + "type": "A" + }, + { + "data": "198.51.100.66", + "type": "A" + }, + { + "data": "198.51.100.72", + "type": "A" + }, + { + "data": "198.51.100.77", + "type": "A" + }, + { + "data": "198.51.100.62", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "stream-production.avcdn.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "stream-production.avcdn.net.akamaized.net.", + "type": "CNAME" + }, + { + "data": "a6143.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.58", + "type": "A" + }, + { + "data": "198.51.100.74", + "type": "A" + }, + { + "data": "198.51.100.67", + "type": "A" + }, + { + "data": "198.51.100.60", + "type": "A" + }, + { + "data": "198.51.100.75", + "type": "A" + }, + { + "data": "198.51.100.66", + "type": "A" + }, + { + "data": "198.51.100.72", + "type": "A" + }, + { + "data": "198.51.100.77", + "type": "A" + }, + { + "data": "198.51.100.62", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.122#49665 (stream-production.avcdn.net.): answer: stream-production.avcdn.net. IN A (10.100.0.1) -> NOERROR 181 CNAME stream-production.avcdn.net.akamaized.net. 5470 CNAME a6143.dscd.akamai.net. 20 A 198.51.100.58 20 A 198.51.100.74 20 A 198.51.100.67 20 A 198.51.100.60 20 A 198.51.100.75 20 A 198.51.100.66 20 A 198.51.100.72 20 A 198.51.100.77 20 A 198.51.100.62 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "stream-production.avcdn.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.133", + "port": 58488 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.133#58488: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.133", + "port": 58488 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.133#58488 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.97", + "port": 58799 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.97#58799: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.97", + "port": 58799 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.97#58799 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.208", + "port": 57653 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.208#57653: query: example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.177", + "port": 63489 + }, + "dns": { + "question": { + "class": "IN", + "name": "gew4-spclient.spotify.com", + "registered_domain": "spotify.com", + "subdomain": "gew4-spclient", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.177#63489: query: gew4-spclient.spotify.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-spclient.spotify.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.177", + "port": 63489 + }, + "dns": { + "answers": [ + { + "data": "edge-web-gew4.dual-gslb.spotify.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.202", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "gew4-spclient.spotify.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-web-gew4.dual-gslb.spotify.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.202", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.177#63489 (gew4-spclient.spotify.com.): answer: gew4-spclient.spotify.com. IN A (10.100.0.1) -> NOERROR 138 CNAME edge-web-gew4.dual-gslb.spotify.com. 37 A 198.51.100.202 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-spclient.spotify.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.208", + "port": 57653 + }, + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "question": { + "class": "IN", + "name": "example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.208#57653 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.177", + "port": 51056 + }, + "dns": { + "question": { + "class": "IN", + "name": "gew4-spclient.spotify.com", + "registered_domain": "spotify.com", + "subdomain": "gew4-spclient", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.177#51056: query: gew4-spclient.spotify.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-spclient.spotify.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.177", + "port": 51056 + }, + "dns": { + "answers": [ + { + "data": "edge-web-gew4.dual-gslb.spotify.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "gew4-spclient.spotify.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-web-gew4.dual-gslb.spotify.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.177#51056 (gew4-spclient.spotify.com.): answer: gew4-spclient.spotify.com. IN TYPE65 (10.100.0.1) -> NOERROR 139 CNAME edge-web-gew4.dual-gslb.spotify.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-spclient.spotify.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.250", + "port": 43650 + }, + "dns": { + "question": { + "class": "IN", + "name": "host016.example.net", + "registered_domain": "example.net", + "subdomain": "host016", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#43650: query: host016.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host016.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.250", + "port": 43650 + }, + "dns": { + "question": { + "class": "IN", + "name": "host016.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#43650 (host016.example.net.): answer: host016.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host016.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 62066 + }, + "dns": { + "question": { + "class": "IN", + "name": "host011.host011.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066 (host011.host011.example.net.): answer: host011.host011.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host011.host011.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.250", + "port": 51709 + }, + "dns": { + "question": { + "class": "IN", + "name": "host016.example.net", + "registered_domain": "example.net", + "subdomain": "host016", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#51709: query: host016.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host016.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.250", + "port": 51709 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.252", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host016.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.252", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.250#51709 (host016.example.net.): answer: host016.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.252 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host016.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 59119 + }, + "dns": { + "question": { + "class": "IN", + "name": "host017.example.net", + "registered_domain": "example.net", + "subdomain": "host017", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59119: query: host017.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host017.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.251", + "port": 31139 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.79.in-addr.arpa", + "registered_domain": "79.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.251#31139: query: 198.51.100.79.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.79.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 59119 + }, + "dns": { + "question": { + "class": "IN", + "name": "host017.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59119 (host017.example.net.): answer: host017.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host017.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 58215 + }, + "dns": { + "question": { + "class": "IN", + "name": "gateway.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "gateway", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#58215: query: gateway.facebook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gateway.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 58215 + }, + "dns": { + "answers": [ + { + "data": "dgw.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.26", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "gateway.facebook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dgw.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.26", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#58215 (gateway.facebook.com.): answer: gateway.facebook.com. IN A (10.100.0.1) -> NOERROR 1121 CNAME dgw.c10r.facebook.com. 33 A 198.51.100.26 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gateway.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.251", + "port": 31139 + }, + "dns": { + "answers": [ + { + "data": "host018.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.79.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host018.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.251#31139 (198.51.100.79.in-addr.arpa.): answer: 198.51.100.79.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host018.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.79.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 65408 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge-mqtt.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "edge-mqtt", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#65408: query: edge-mqtt.facebook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge-mqtt.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 65408 + }, + "dns": { + "answers": [ + { + "data": "mqtt.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.25", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edge-mqtt.facebook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mqtt.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.25", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#65408 (edge-mqtt.facebook.com.): answer: edge-mqtt.facebook.com. IN A (10.100.0.1) -> NOERROR 44 CNAME mqtt.c10r.facebook.com. 1 A 198.51.100.25 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge-mqtt.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.78", + "port": 59607 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.78#59607: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.78", + "port": 59607 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.78#59607 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 58225 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#58225: query: europe.smartscreen.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 58225 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#58225 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 50093 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#50093: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 50093 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#50093 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.118", + "port": 49228 + }, + "dns": { + "question": { + "class": "IN", + "name": "refinery2fa-afaspocket-nl.trafficmanager.net", + "registered_domain": "trafficmanager.net", + "subdomain": "refinery2fa-afaspocket-nl", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#49228: query: refinery2fa-afaspocket-nl.trafficmanager.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "refinery2fa-afaspocket-nl.trafficmanager.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.72", + "port": 62166 + }, + "dns": { + "question": { + "class": "IN", + "name": "default._dante-ddm-d._udp", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.72#62166: query: default._dante-ddm-d._udp IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "default._dante-ddm-d._udp" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.72", + "port": 62166 + }, + "dns": { + "question": { + "class": "IN", + "name": "default._dante-ddm-d._udp.", + "type": "SRV" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.72#62166 (default._dante-ddm-d._udp.): answer: default._dante-ddm-d._udp. IN SRV (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "default._dante-ddm-d._udp." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.84", + "port": 51692 + }, + "dns": { + "question": { + "class": "IN", + "name": "host019.example.net", + "registered_domain": "example.net", + "subdomain": "host019", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.84#51692: query: host019.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host019.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.84", + "port": 51692 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.8", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host019.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.8", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.84#51692 (host019.example.net.): answer: host019.example.net. IN A (10.100.0.1) -> NOERROR 180 A 10.1.1.8 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host019.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56703 + }, + "dns": { + "question": { + "class": "IN", + "name": "host020.host020.example.net", + "registered_domain": "example.net", + "subdomain": "host020.host020", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56703: query: host020.host020.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host020.host020.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56703 + }, + "dns": { + "question": { + "class": "IN", + "name": "host020.host020.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56703 (host020.host020.example.net.): answer: host020.host020.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host020.host020.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.252", + "port": 42821 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.79.in-addr.arpa", + "registered_domain": "79.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.252#42821: query: 198.51.100.79.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.79.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.252", + "port": 42821 + }, + "dns": { + "answers": [ + { + "data": "host018.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.79.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host018.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.252#42821 (198.51.100.79.in-addr.arpa.): answer: 198.51.100.79.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host018.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.79.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 56402 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "mask", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#56402: query: mask.apple-dns.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 56402 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mask.apple-dns.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#56402 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN A (10.100.0.1) -> NOERROR 3 A 198.51.100.41 3 A 198.51.100.47 3 A 198.51.100.44 3 A 198.51.100.40 3 A 198.51.100.42 3 A 198.51.100.43 3 A 198.51.100.46 3 A 198.51.100.45 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 63701 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "mask", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#63701: query: mask.apple-dns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 63701 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#63701 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.71", + "port": 65086 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.71#65086: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.71", + "port": 65086 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.71#65086 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.139", + "port": 49348 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.113.in-addr.arpa", + "registered_domain": "113.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#49348: query: lb._dns-sd._udp.198.51.100.113.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.113.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.139", + "port": 49348 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.113.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#49348 (lb._dns-sd._udp.198.51.100.113.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.113.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.113.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.139", + "port": 53868 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa", + "registered_domain": "2.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#53868: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.139", + "port": 55797 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net", + "registered_domain": "example.net", + "subdomain": "host021.host021.host021", + "top_level_domain": "net", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#55797: query: host021.host021.host021.example.net IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.139", + "port": 53868 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#53868 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.139", + "port": 55797 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.139#55797 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.181", + "port": 63814 + }, + "dns": { + "question": { + "class": "IN", + "name": "cctypekit.adobe.io", + "registered_domain": "adobe.io", + "subdomain": "cctypekit", + "top_level_domain": "io", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.181#63814: query: cctypekit.adobe.io IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cctypekit.adobe.io" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.84", + "port": 51692 + }, + "dns": { + "question": { + "class": "IN", + "name": "host022.host022.example.net", + "registered_domain": "example.net", + "subdomain": "host022.host022", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.84#51692: query: host022.host022.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host022.host022.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.84", + "port": 51692 + }, + "dns": { + "question": { + "class": "IN", + "name": "host023.host023.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.84#51692 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host023.host023.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 63397 + }, + "dns": { + "question": { + "class": "IN", + "name": "host024.example.net", + "registered_domain": "example.net", + "subdomain": "host024", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397: query: host024.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host024.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 63397 + }, + "dns": { + "question": { + "class": "IN", + "name": "host024.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397 (host024.example.net.): answer: host024.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host024.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.118", + "port": 50566 + }, + "dns": { + "answers": [ + { + "data": "refinery2fa-afaspocket-nl.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pocketapi2fa.azurewebsites.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-025a.sip.azurewebsites.windows.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-025.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.207", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "refinery2fa.afaspocket.nl.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "refinery2fa-afaspocket-nl.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pocketapi2fa.azurewebsites.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-025a.sip.azurewebsites.windows.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-025.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.207", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#50566 (refinery2fa.afaspocket.nl.): answer: refinery2fa.afaspocket.nl. IN A (10.100.0.1) -> NOERROR 2563 CNAME refinery2fa-afaspocket-nl.trafficmanager.net. 60 CNAME pocketapi2fa.azurewebsites.net. 30 CNAME waws-prod-am2-025a.sip.azurewebsites.windows.net. 2653 CNAME waws-prod-am2-025.westeurope.cloudapp.azure.com. 4 A 198.51.100.207 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "refinery2fa.afaspocket.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.181", + "port": 63814 + }, + "dns": { + "answers": [ + { + "data": "cctypekit.adobe.io.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e364363.dscg.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.124", + "type": "A" + }, + { + "data": "198.51.100.128", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "cctypekit.adobe.io.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cctypekit.adobe.io.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e364363.dscg.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.124", + "type": "A" + }, + { + "data": "198.51.100.128", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.181#63814 (cctypekit.adobe.io.): answer: cctypekit.adobe.io. IN A (10.100.0.1) -> NOERROR 16 CNAME cctypekit.adobe.io.edgekey.net. 7530 CNAME e364363.dscg.akamaiedge.net. 20 A 198.51.100.124 20 A 198.51.100.128 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cctypekit.adobe.io." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.68", + "port": 58264 + }, + "dns": { + "question": { + "class": "IN", + "name": "metadata.google.internal", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.68#58264: query: metadata.google.internal IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "metadata.google.internal" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.68", + "port": 58264 + }, + "dns": { + "question": { + "class": "IN", + "name": "metadata.google.internal.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.68#58264 (metadata.google.internal.): answer: metadata.google.internal. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "metadata.google.internal." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.143", + "port": 50982 + }, + "dns": { + "question": { + "class": "IN", + "name": "contacts.fe2.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "contacts.fe2", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.143#50982: query: contacts.fe2.apple-dns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "contacts.fe2.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.143", + "port": 50982 + }, + "dns": { + "question": { + "class": "IN", + "name": "contacts.fe2.apple-dns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.143#50982 (contacts.fe2.apple-dns.net.): answer: contacts.fe2.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "contacts.fe2.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.143", + "port": 60326 + }, + "dns": { + "question": { + "class": "IN", + "name": "contacts.fe2.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "contacts.fe2", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.143#60326: query: contacts.fe2.apple-dns.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "contacts.fe2.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.143", + "port": 60326 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.50", + "type": "A" + }, + { + "data": "198.51.100.49", + "type": "A" + }, + { + "data": "198.51.100.48", + "type": "A" + }, + { + "data": "198.51.100.51", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "contacts.fe2.apple-dns.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.50", + "type": "A" + }, + { + "data": "198.51.100.49", + "type": "A" + }, + { + "data": "198.51.100.48", + "type": "A" + }, + { + "data": "198.51.100.51", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.143#60326 (contacts.fe2.apple-dns.net.): answer: contacts.fe2.apple-dns.net. IN A (10.100.0.1) -> NOERROR 66 A 198.51.100.50 66 A 198.51.100.49 66 A 198.51.100.48 66 A 198.51.100.51 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "contacts.fe2.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.223", + "port": 56323 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.0.in-addr.arpa", + "registered_domain": "0.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#56323: query: 198.51.100.0.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.0.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.223", + "port": 56323 + }, + "dns": { + "answers": [ + { + "data": "host025.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.0.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host025.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#56323 (198.51.100.0.in-addr.arpa.): answer: 198.51.100.0.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 1800 PTR host025.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.0.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.223", + "port": 52617 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.0.in-addr.arpa", + "registered_domain": "0.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#52617: query: 198.51.100.0.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.0.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 62066 + }, + "dns": { + "question": { + "class": "IN", + "name": "host026.host026.example.net", + "registered_domain": "example.net", + "subdomain": "host026.host026", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066: query: host026.host026.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host026.host026.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.223", + "port": 52617 + }, + "dns": { + "answers": [ + { + "data": "host025.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.0.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host025.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#52617 (198.51.100.0.in-addr.arpa.): answer: 198.51.100.0.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 1800 PTR host025.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.0.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.61", + "port": 52256 + }, + "dns": { + "question": { + "class": "IN", + "name": "messaging.engagement.office.com", + "registered_domain": "office.com", + "subdomain": "messaging.engagement", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#52256: query: messaging.engagement.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "messaging.engagement.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.61", + "port": 52256 + }, + "dns": { + "answers": [ + { + "data": "prod-campaignaggregator.omexexternallfb.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.250", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "messaging.engagement.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-campaignaggregator.omexexternallfb.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.250", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#52256 (messaging.engagement.office.com.): answer: messaging.engagement.office.com. IN A (10.100.0.1) -> NOERROR 121 CNAME prod-campaignaggregator.omexexternallfb.office.net.akadns.net. 7 A 198.51.100.250 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "messaging.engagement.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.169", + "port": 60503 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.47.in-addr.arpa", + "registered_domain": "47.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#60503: query: lb._dns-sd._udp.198.51.100.47.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.47.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.169", + "port": 52052 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net", + "registered_domain": "example.net", + "subdomain": "host021.host021.host021", + "top_level_domain": "net", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#52052: query: host021.host021.host021.example.net IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.169", + "port": 59573 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa", + "registered_domain": "2.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#59573: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.169", + "port": 60503 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.47.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#60503 (lb._dns-sd._udp.198.51.100.47.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.47.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.47.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.169", + "port": 52052 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#52052 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.169", + "port": 59573 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#59573 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.169", + "port": 56353 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.37.in-addr.arpa", + "registered_domain": "37.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#56353: query: lb._dns-sd._udp.198.51.100.37.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.37.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.169", + "port": 56353 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.37.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#56353 (lb._dns-sd._udp.198.51.100.37.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.37.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.37.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.169", + "port": 58516 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.180.in-addr.arpa", + "registered_domain": "180.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#58516: query: lb._dns-sd._udp.198.51.100.180.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.180.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.169", + "port": 58516 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.180.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.169#58516 (lb._dns-sd._udp.198.51.100.180.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.180.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.180.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 62521 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-office.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#62521: query: eu-office.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 62521 + }, + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#62521 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 52556 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-office.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#52556: query: eu-office.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 52556 + }, + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#52556 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 62066 + }, + "dns": { + "question": { + "class": "IN", + "name": "host026.host026.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066 (host026.host026.example.net.): answer: host026.host026.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host026.host026.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.54", + "port": 44471 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#44471: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.54", + "port": 44471 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#44471 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.118", + "port": 49228 + }, + "dns": { + "answers": [ + { + "data": "pocketapi2fa.azurewebsites.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-025a.sip.azurewebsites.windows.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-025.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "refinery2fa-afaspocket-nl.trafficmanager.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "pocketapi2fa.azurewebsites.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-025a.sip.azurewebsites.windows.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-025.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.118#49228 (refinery2fa-afaspocket-nl.trafficmanager.net.): answer: refinery2fa-afaspocket-nl.trafficmanager.net. IN TYPE65 (10.100.0.1) -> NOERROR 60 CNAME pocketapi2fa.azurewebsites.net. 30 CNAME waws-prod-am2-025a.sip.azurewebsites.windows.net. 2653 CNAME waws-prod-am2-025.westeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "refinery2fa-afaspocket-nl.trafficmanager.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.232", + "port": 65045 + }, + "dns": { + "question": { + "class": "IN", + "name": "host027.example.net", + "registered_domain": "example.net", + "subdomain": "host027", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.232#65045: query: host027.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host027.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.232", + "port": 65045 + }, + "dns": { + "question": { + "class": "IN", + "name": "host027.example.net", + "registered_domain": "example.net", + "subdomain": "host027", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.232#65045: query: host027.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host027.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.232", + "port": 65045 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.0", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host027.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.0", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.232#65045 (host027.example.net.): answer: host027.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.0 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host027.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.232", + "port": 65045 + }, + "dns": { + "question": { + "class": "IN", + "name": "host027.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.232#65045 (host027.example.net.): answer: host027.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host027.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.203", + "port": 56268 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.203#56268: query: example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.82", + "port": 64639 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.82#64639: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.203", + "port": 56268 + }, + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "question": { + "class": "IN", + "name": "example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.203#56268 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.82", + "port": 64639 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.82#64639 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.123", + "port": 56811 + }, + "dns": { + "question": { + "class": "IN", + "name": "v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.123#56811: query: v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.123", + "port": 56811 + }, + "dns": { + "answers": [ + { + "data": "win-global-asimov-leafs-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdeus11.eastus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.154", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "win-global-asimov-leafs-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdeus11.eastus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.154", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.123#56811 (v20.events.data.microsoft.com.): answer: v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 13 CNAME win-global-asimov-leafs-events-data.trafficmanager.net. 6 CNAME onedscolprdeus11.eastus.cloudapp.azure.com. 5 A 198.51.100.154 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56703 + }, + "dns": { + "question": { + "class": "IN", + "name": "host028.host028.example.net", + "registered_domain": "example.net", + "subdomain": "host028.host028", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56703: query: host028.host028.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host028.host028.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.157", + "port": 63185 + }, + "dns": { + "question": { + "class": "IN", + "name": "auth.deepl.com", + "registered_domain": "deepl.com", + "subdomain": "auth", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.157#63185: query: auth.deepl.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "auth.deepl.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.157", + "port": 63185 + }, + "dns": { + "answers": [ + { + "data": "fal-lb.deepl.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.110", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "auth.deepl.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "fal-lb.deepl.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.110", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.157#63185 (auth.deepl.com.): answer: auth.deepl.com. IN A (10.100.0.1) -> NOERROR 36 CNAME fal-lb.deepl.com. 13 A 198.51.100.110 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "auth.deepl.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.179", + "port": 61269 + }, + "dns": { + "question": { + "class": "IN", + "name": "ssl.gstatic.com", + "registered_domain": "gstatic.com", + "subdomain": "ssl", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.179#61269: query: ssl.gstatic.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ssl.gstatic.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.147", + "port": 64393 + }, + "dns": { + "question": { + "class": "IN", + "name": "aws-proxy-gcp.api.sc-gw.com", + "registered_domain": "sc-gw.com", + "subdomain": "aws-proxy-gcp.api", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.147#64393: query: aws-proxy-gcp.api.sc-gw.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "aws-proxy-gcp.api.sc-gw.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.147", + "port": 64393 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.204", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "aws-proxy-gcp.api.sc-gw.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.204", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.147#64393 (aws-proxy-gcp.api.sc-gw.com.): answer: aws-proxy-gcp.api.sc-gw.com. IN A (10.100.0.1) -> NOERROR 42 A 198.51.100.204 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "aws-proxy-gcp.api.sc-gw.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.172", + "port": 51399 + }, + "dns": { + "question": { + "class": "IN", + "name": "login.microsoftonline.com", + "registered_domain": "microsoftonline.com", + "subdomain": "login", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.172#51399: query: login.microsoftonline.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.172", + "port": 51399 + }, + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "login.microsoftonline.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.172#51399 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 99 A 198.51.100.145 99 A 198.51.100.147 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.85", + "port": 49803 + }, + "dns": { + "question": { + "class": "IN", + "name": "oauth.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "oauth.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.85#49803: query: oauth.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "oauth.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.85", + "port": 49803 + }, + "dns": { + "answers": [ + { + "data": "oauth-geo.wac.trafficmanager.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "oauth.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "oauth-geo.wac.trafficmanager.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.85#49803 (oauth.officeapps.live.com.): answer: oauth.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 52 CNAME oauth-geo.wac.trafficmanager.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "oauth.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.59", + "port": 63597 + }, + "dns": { + "question": { + "class": "IN", + "name": "pneumandit.azure-devices.net", + "registered_domain": "azure-devices.net", + "subdomain": "pneumandit", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.59#63597: query: pneumandit.azure-devices.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pneumandit.azure-devices.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.85", + "port": 52241 + }, + "dns": { + "question": { + "class": "IN", + "name": "oauth.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "oauth.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.85#52241: query: oauth.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "oauth.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.85", + "port": 52241 + }, + "dns": { + "answers": [ + { + "data": "oauth-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "oauth.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "oauth.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "oauth-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "oauth.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.85#52241 (oauth.officeapps.live.com.): answer: oauth.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 52 CNAME oauth-geo.wac.trafficmanager.net. 57 CNAME oauth.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 12 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.235 18 A 198.51.100.236 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "oauth.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.117", + "port": 59549 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "mask", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.117#59549: query: mask.apple-dns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.117", + "port": 59549 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.117#59549 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.117", + "port": 56472 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "mask", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.117#56472: query: mask.apple-dns.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.117", + "port": 56472 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mask.apple-dns.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.117#56472 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN A (10.100.0.1) -> NOERROR 3 A 198.51.100.40 3 A 198.51.100.42 3 A 198.51.100.43 3 A 198.51.100.46 3 A 198.51.100.45 3 A 198.51.100.41 3 A 198.51.100.47 3 A 198.51.100.44 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.109", + "port": 56557 + }, + "dns": { + "question": { + "class": "IN", + "name": "cc-api-data.adobe.io", + "registered_domain": "adobe.io", + "subdomain": "cc-api-data", + "top_level_domain": "io", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.109#56557: query: cc-api-data.adobe.io IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cc-api-data.adobe.io" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.109", + "port": 56557 + }, + "dns": { + "answers": [ + { + "data": "cc-api-data-ew1.adobe.io.", + "type": "CNAME" + }, + { + "data": "ethos.dunamis.ethos508-prod-va6.ethos.adobe.net.", + "type": "CNAME" + }, + { + "data": "dunamis-ethos508-prod-va6-856defacfb833db1.elb.us-east-1.amazonaws.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.2", + "type": "A" + }, + { + "data": "198.51.100.196", + "type": "A" + }, + { + "data": "198.51.100.5", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "cc-api-data.adobe.io.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cc-api-data-ew1.adobe.io.", + "type": "CNAME" + }, + { + "data": "ethos.dunamis.ethos508-prod-va6.ethos.adobe.net.", + "type": "CNAME" + }, + { + "data": "dunamis-ethos508-prod-va6-856defacfb833db1.elb.us-east-1.amazonaws.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.2", + "type": "A" + }, + { + "data": "198.51.100.196", + "type": "A" + }, + { + "data": "198.51.100.5", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.109#56557 (cc-api-data.adobe.io.): answer: cc-api-data.adobe.io. IN A (10.100.0.1) -> NOERROR 48 CNAME cc-api-data-ew1.adobe.io. 10 CNAME ethos.dunamis.ethos508-prod-va6.ethos.adobe.net. 56 CNAME dunamis-ethos508-prod-va6-856defacfb833db1.elb.us-east-1.amazonaws.com. 7 A 198.51.100.2 7 A 198.51.100.196 7 A 198.51.100.5 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cc-api-data.adobe.io." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.54", + "port": 37155 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#37155: query: host007.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.54", + "port": 37155 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#37155 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56703 + }, + "dns": { + "question": { + "class": "IN", + "name": "host028.host028.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56703 (host028.host028.example.net.): answer: host028.host028.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host028.host028.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.215", + "port": 54418 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.215#54418: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.215", + "port": 54418 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.215#54418 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.179", + "port": 61269 + }, + "dns": { + "answers": [ + { + "data": "fd12:3456:789a::1", + "type": "AAAA" + } + ], + "question": { + "class": "IN", + "name": "ssl.gstatic.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "fd12:3456:789a::1", + "type": "AAAA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.179#61269 (ssl.gstatic.com.): answer: ssl.gstatic.com. IN AAAA (10.100.0.1) -> NOERROR 116 AAAA fd12:3456:789a::1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ssl.gstatic.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.59", + "port": 63597 + }, + "dns": { + "answers": [ + { + "data": "gateway-prod-gw-westeurope-5-g2.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.0", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "pneumandit.azure-devices.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "gateway-prod-gw-westeurope-5-g2.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.0", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.59#63597 (pneumandit.azure-devices.net.): answer: pneumandit.azure-devices.net. IN A (10.100.0.1) -> NOERROR 598 CNAME gateway-prod-gw-westeurope-5-g2.westeurope.cloudapp.azure.com. 8 A 198.51.100.0 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pneumandit.azure-devices.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.54", + "port": 36016 + }, + "dns": { + "question": { + "class": "IN", + "name": "host008.example.net", + "registered_domain": "example.net", + "subdomain": "host008", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#36016: query: host008.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host008.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.54", + "port": 36016 + }, + "dns": { + "question": { + "class": "IN", + "name": "host008.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#36016 (host008.example.net.): answer: host008.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host008.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.164", + "port": 56989 + }, + "dns": { + "question": { + "class": "IN", + "name": "host029.host029.example.net", + "registered_domain": "example.net", + "subdomain": "host029.host029", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.164#56989: query: host029.host029.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host029.host029.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.164", + "port": 56989 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.29", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host029.host029.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.29", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.164#56989 (host029.host029.example.net.): answer: host029.host029.example.net. IN A (10.100.0.1) -> NOERROR 0 A 10.1.1.29 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host029.host029.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 63397 + }, + "dns": { + "question": { + "class": "IN", + "name": "host030.host030.example.net", + "registered_domain": "example.net", + "subdomain": "host030.host030", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397: query: host030.host030.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host030.host030.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.99", + "port": 64841 + }, + "dns": { + "question": { + "class": "IN", + "name": "host022.host022.example.net", + "registered_domain": "example.net", + "subdomain": "host022.host022", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.99#64841: query: host022.host022.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host022.host022.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.99", + "port": 64841 + }, + "dns": { + "question": { + "class": "IN", + "name": "host023.host023.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.99#64841 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host023.host023.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 62066 + }, + "dns": { + "question": { + "class": "IN", + "name": "wpad.canbus.net", + "registered_domain": "canbus.net", + "subdomain": "wpad", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066: query: wpad.canbus.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wpad.canbus.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.183", + "port": 60425 + }, + "dns": { + "question": { + "class": "IN", + "name": "dms.licdn.com", + "registered_domain": "licdn.com", + "subdomain": "dms", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#60425: query: dms.licdn.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dms.licdn.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.183", + "port": 60425 + }, + "dns": { + "answers": [ + { + "data": "dms.cm.licdn.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "dms.licdn.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dms.cm.licdn.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#60425 (dms.licdn.com.): answer: dms.licdn.com. IN TYPE65 (10.100.0.1) -> NOERROR 2 CNAME dms.cm.licdn.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dms.licdn.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.183", + "port": 51660 + }, + "dns": { + "question": { + "class": "IN", + "name": "dms.licdn.com", + "registered_domain": "licdn.com", + "subdomain": "dms", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#51660: query: dms.licdn.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dms.licdn.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.183", + "port": 51660 + }, + "dns": { + "answers": [ + { + "data": "dms.cm.licdn.com.", + "type": "CNAME" + }, + { + "data": "dms-fsly.sb.lnkdns.net.", + "type": "CNAME" + }, + { + "data": "fs-ak-cf.dms.sb.lnkdns.net.", + "type": "CNAME" + }, + { + "data": "linkedin.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.15", + "type": "A" + }, + { + "data": "198.51.100.12", + "type": "A" + }, + { + "data": "198.51.100.7", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "dms.licdn.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dms.cm.licdn.com.", + "type": "CNAME" + }, + { + "data": "dms-fsly.sb.lnkdns.net.", + "type": "CNAME" + }, + { + "data": "fs-ak-cf.dms.sb.lnkdns.net.", + "type": "CNAME" + }, + { + "data": "linkedin.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.15", + "type": "A" + }, + { + "data": "198.51.100.12", + "type": "A" + }, + { + "data": "198.51.100.7", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#51660 (dms.licdn.com.): answer: dms.licdn.com. IN A (10.100.0.1) -> NOERROR 2 CNAME dms.cm.licdn.com. 94 CNAME dms-fsly.sb.lnkdns.net. 96 CNAME fs-ak-cf.dms.sb.lnkdns.net. 292 CNAME linkedin.map.fastly.net. 40 A 198.51.100.10 40 A 198.51.100.15 40 A 198.51.100.12 40 A 198.51.100.7 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dms.licdn.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.76", + "port": 52973 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.76#52973: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.76", + "port": 52973 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.76#52973 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.16", + "port": 38153 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net", + "registered_domain": "example.net", + "subdomain": "host031", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.16#38153: query: host031.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.16", + "port": 38153 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.16#38153 (host031.example.net.): answer: host031.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.16", + "port": 46520 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net", + "registered_domain": "example.net", + "subdomain": "host031", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.16#46520: query: host031.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.16", + "port": 46520 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.134", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host031.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.134", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.16#46520 (host031.example.net.): answer: host031.example.net. IN A (10.100.0.1) -> NOERROR 300 A 10.1.1.134 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.54", + "port": 36261 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#36261: query: host007.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.54", + "port": 36261 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#36261 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.37", + "port": 60273 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.37#60273: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.37", + "port": 60273 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.37#60273 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 63397 + }, + "dns": { + "question": { + "class": "IN", + "name": "host030.host030.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#63397 (host030.host030.example.net.): answer: host030.host030.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host030.host030.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.187", + "port": 61978 + }, + "dns": { + "question": { + "class": "IN", + "name": "eas.outlook.com", + "registered_domain": "outlook.com", + "subdomain": "eas", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#61978: query: eas.outlook.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eas.outlook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.187", + "port": 61978 + }, + "dns": { + "answers": [ + { + "data": "outlook.office365.com.", + "type": "CNAME" + }, + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eas.outlook.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.office365.com.", + "type": "CNAME" + }, + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#61978 (eas.outlook.com.): answer: eas.outlook.com. IN TYPE65 (10.100.0.1) -> NOERROR 117 CNAME outlook.office365.com. 220 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eas.outlook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.187", + "port": 62797 + }, + "dns": { + "question": { + "class": "IN", + "name": "eas.outlook.com", + "registered_domain": "outlook.com", + "subdomain": "eas", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#62797: query: eas.outlook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eas.outlook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.187", + "port": 62797 + }, + "dns": { + "answers": [ + { + "data": "outlook.office365.com.", + "type": "CNAME" + }, + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eas.outlook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.office365.com.", + "type": "CNAME" + }, + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#62797 (eas.outlook.com.): answer: eas.outlook.com. IN A (10.100.0.1) -> NOERROR 117 CNAME outlook.office365.com. 220 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.10 7 A 198.51.100.6 7 A 198.51.100.218 7 A 198.51.100.11 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eas.outlook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.36", + "port": 55473 + }, + "dns": { + "question": { + "class": "IN", + "name": "host032.example.net", + "registered_domain": "example.net", + "subdomain": "host032", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.36#55473: query: host032.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host032.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.36", + "port": 55473 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.6", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host032.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.6", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.36#55473 (host032.example.net.): answer: host032.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.6 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host032.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 63421 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph-fallback.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "graph-fallback", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#63421: query: graph-fallback.facebook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph-fallback.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 64289 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#64289: query: graph.facebook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 64289 + }, + "dns": { + "answers": [ + { + "data": "star.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.24", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph.facebook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "star.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.24", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#64289 (graph.facebook.com.): answer: graph.facebook.com. IN A (10.100.0.1) -> NOERROR 266 CNAME star.c10r.facebook.com. 56 A 198.51.100.24 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 55485 + }, + "dns": { + "question": { + "class": "IN", + "name": "host033.example.net", + "registered_domain": "example.net", + "subdomain": "host033", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55485: query: host033.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host033.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 55485 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.240", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host033.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.240", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55485 (host033.example.net.): answer: host033.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.240 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host033.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 55485 + }, + "dns": { + "question": { + "class": "IN", + "name": "host033.example.net", + "registered_domain": "example.net", + "subdomain": "host033", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55485: query: host033.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host033.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 55485 + }, + "dns": { + "question": { + "class": "IN", + "name": "host033.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55485 (host033.example.net.): answer: host033.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host033.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.73", + "port": 52850 + }, + "dns": { + "question": { + "class": "IN", + "name": "host034.example.net", + "registered_domain": "example.net", + "subdomain": "host034", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.73#52850: query: host034.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host034.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.73", + "port": 52850 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host034.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.73#52850 (host034.example.net.): answer: host034.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host034.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 50211 + }, + "dns": { + "question": { + "class": "IN", + "name": "host035.example.net", + "registered_domain": "example.net", + "subdomain": "host035", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50211: query: host035.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host035.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 50211 + }, + "dns": { + "question": { + "class": "IN", + "name": "host035.example.net", + "registered_domain": "example.net", + "subdomain": "host035", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50211: query: host035.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host035.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 50211 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.241", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host035.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.241", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50211 (host035.example.net.): answer: host035.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.241 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host035.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 50211 + }, + "dns": { + "question": { + "class": "IN", + "name": "host035.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50211 (host035.example.net.): answer: host035.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host035.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 55948 + }, + "dns": { + "question": { + "class": "IN", + "name": "i-fallback.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "i-fallback", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#55948: query: i-fallback.instagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "i-fallback.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 55948 + }, + "dns": { + "answers": [ + { + "data": "star.fallback.c10r.instagram.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.20", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "i-fallback.instagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "star.fallback.c10r.instagram.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.20", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#55948 (i-fallback.instagram.com.): answer: i-fallback.instagram.com. IN A (10.100.0.1) -> NOERROR 2008 CNAME star.fallback.c10r.instagram.com. 8 A 198.51.100.20 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "i-fallback.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 63421 + }, + "dns": { + "answers": [ + { + "data": "star.fallback.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.19", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph-fallback.facebook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "star.fallback.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.19", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#63421 (graph-fallback.facebook.com.): answer: graph-fallback.facebook.com. IN A (10.100.0.1) -> NOERROR 3182 CNAME star.fallback.c10r.facebook.com. 22 A 198.51.100.19 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph-fallback.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.183", + "port": 55066 + }, + "dns": { + "question": { + "class": "IN", + "name": "dms.cm.licdn.com", + "registered_domain": "licdn.com", + "subdomain": "dms.cm", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#55066: query: dms.cm.licdn.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dms.cm.licdn.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.183", + "port": 55066 + }, + "dns": { + "answers": [ + { + "data": "dms-fsly.sb.lnkdns.net.", + "type": "CNAME" + }, + { + "data": "fs-ak-cf.dms.sb.lnkdns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "dms.cm.licdn.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dms-fsly.sb.lnkdns.net.", + "type": "CNAME" + }, + { + "data": "fs-ak-cf.dms.sb.lnkdns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.183#55066 (dms.cm.licdn.com.): answer: dms.cm.licdn.com. IN TYPE65 (10.100.0.1) -> NOERROR 94 CNAME dms-fsly.sb.lnkdns.net. 96 CNAME fs-ak-cf.dms.sb.lnkdns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dms.cm.licdn.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.163", + "port": 61047 + }, + "dns": { + "question": { + "class": "IN", + "name": "mail.ofcggz.nl", + "registered_domain": "ofcggz.nl", + "subdomain": "mail", + "top_level_domain": "nl", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.163#61047: query: mail.ofcggz.nl IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mail.ofcggz.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.54", + "port": 35774 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#35774: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.54", + "port": 35774 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.54#35774 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64710 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64710: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64710 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64710 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64711 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64711: query: host036.host036.host036.host036.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64711 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64711 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60040 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net", + "registered_domain": "example.net", + "subdomain": "host037", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040: query: host037.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60040 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040 (host037.example.net.): answer: host037.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64712 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64712: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64712 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64712 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 54535 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#54535: query: graph.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 54535 + }, + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "graph.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#54535 (graph.microsoft.com.): answer: graph.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1054 CNAME ags.privatelink.msidentity.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 59928 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#59928: query: graph.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 59928 + }, + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.141", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.141", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#59928 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.141 122 A 198.51.100.210 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64713 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64713: query: host038.host038.host038.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64713 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64713 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 60306 + }, + "dns": { + "question": { + "class": "IN", + "name": "i.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "i", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#60306: query: i.instagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "i.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 60306 + }, + "dns": { + "answers": [ + { + "data": "instagram.c10r.instagram.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.27", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "i.instagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "instagram.c10r.instagram.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.27", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#60306 (i.instagram.com.): answer: i.instagram.com. IN A (10.100.0.1) -> NOERROR 1961 CNAME instagram.c10r.instagram.com. 36 A 198.51.100.27 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "i.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64714 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64714: query: host038.host038.host038.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64714 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64714 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64715 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64715: query: host039.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64715 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64715 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 50146 + }, + "dns": { + "question": { + "class": "IN", + "name": "res.public.onecdn.static.microsoft", + "registered_domain": "static.microsoft", + "subdomain": "res.public.onecdn", + "top_level_domain": "microsoft", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#50146: query: res.public.onecdn.static.microsoft IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "res.public.onecdn.static.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 50146 + }, + "dns": { + "answers": [ + { + "data": "res-ocdi-public.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.public.onecdn.static.microsoft.", + "type": "CNAME" + }, + { + "data": "res-ocdi-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a434.dscd.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "res.public.onecdn.static.microsoft.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "res-ocdi-public.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.public.onecdn.static.microsoft.", + "type": "CNAME" + }, + { + "data": "res-ocdi-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a434.dscd.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#50146 (res.public.onecdn.static.microsoft.): answer: res.public.onecdn.static.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR 281 CNAME res-ocdi-public.trafficmanager.net. 86 CNAME res-1.public.onecdn.static.microsoft. 18 CNAME res-ocdi-stls-prod.edgesuite.net. 118 CNAME a434.dscd.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "res.public.onecdn.static.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 55040 + }, + "dns": { + "question": { + "class": "IN", + "name": "res.public.onecdn.static.microsoft", + "registered_domain": "static.microsoft", + "subdomain": "res.public.onecdn", + "top_level_domain": "microsoft", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#55040: query: res.public.onecdn.static.microsoft IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "res.public.onecdn.static.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.39", + "port": 55040 + }, + "dns": { + "answers": [ + { + "data": "res-ocdi-public.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.public.onecdn.static.microsoft.", + "type": "CNAME" + }, + { + "data": "res-ocdi-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a434.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.74", + "type": "A" + }, + { + "data": "198.51.100.64", + "type": "A" + }, + { + "data": "198.51.100.70", + "type": "A" + }, + { + "data": "198.51.100.63", + "type": "A" + }, + { + "data": "198.51.100.67 14", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "res.public.onecdn.static.microsoft.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "res-ocdi-public.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.public.onecdn.static.microsoft.", + "type": "CNAME" + }, + { + "data": "res-ocdi-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a434.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.74", + "type": "A" + }, + { + "data": "198.51.100.64", + "type": "A" + }, + { + "data": "198.51.100.70", + "type": "A" + }, + { + "data": "198.51.100.63", + "type": "A" + }, + { + "data": "198.51.100.67 14", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.39#55040 (res.public.onecdn.static.microsoft.): answer: res.public.onecdn.static.microsoft. IN A (10.100.0.1) -> NOERROR 282 CNAME res-ocdi-public.trafficmanager.net. 87 CNAME res-1.public.onecdn.static.microsoft. 19 CNAME res-ocdi-stls-prod.edgesuite.net. 119 CNAME a434.dscd.akamai.net. 14 A 198.51.100.74 14 A 198.51.100.64 14 A 198.51.100.70 14 A 198.51.100.63 14 A 198.51.100.67 14 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "res.public.onecdn.static.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64716 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64716: query: host039.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64716 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64716 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.72", + "port": 53714 + }, + "dns": { + "question": { + "class": "IN", + "name": "play.google.com", + "registered_domain": "google.com", + "subdomain": "play", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#53714: query: play.google.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "play.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.72", + "port": 56170 + }, + "dns": { + "question": { + "class": "IN", + "name": "play.google.com", + "registered_domain": "google.com", + "subdomain": "play", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#56170: query: play.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "play.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.72", + "port": 53714 + }, + "dns": { + "question": { + "class": "IN", + "name": "play.google.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#53714 (play.google.com.): answer: play.google.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "play.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.72", + "port": 56170 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.253", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "play.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.253", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#56170 (play.google.com.): answer: play.google.com. IN A (10.100.0.1) -> NOERROR 296 A 198.51.100.253 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "play.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.116", + "port": 52260 + }, + "dns": { + "question": { + "class": "IN", + "name": "host040.example.net", + "registered_domain": "example.net", + "subdomain": "host040", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.116#52260: query: host040.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host040.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.116", + "port": 52260 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.233", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host040.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.233", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.116#52260 (host040.example.net.): answer: host040.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.233 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host040.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60040 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net", + "registered_domain": "example.net", + "subdomain": "host037", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040: query: host037.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60040 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.14", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host037.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.14", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040 (host037.example.net.): answer: host037.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.14 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 56090 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph-fallback.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "graph-fallback", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#56090: query: graph-fallback.instagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph-fallback.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 56090 + }, + "dns": { + "answers": [ + { + "data": "star.fallback.c10r.instagram.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.20", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph-fallback.instagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "star.fallback.c10r.instagram.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.20", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#56090 (graph-fallback.instagram.com.): answer: graph-fallback.instagram.com. IN A (10.100.0.1) -> NOERROR 949 CNAME star.fallback.c10r.instagram.com. 8 A 198.51.100.20 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph-fallback.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 60503 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#60503: query: graph.instagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 60503 + }, + "dns": { + "answers": [ + { + "data": "instagram.c10r.instagram.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.27", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph.instagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "instagram.c10r.instagram.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.27", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#60503 (graph.instagram.com.): answer: graph.instagram.com. IN A (10.100.0.1) -> NOERROR 2153 CNAME instagram.c10r.instagram.com. 36 A 198.51.100.27 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.3", + "port": 57911 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#57911: query: host007.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.3", + "port": 57911 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#57911: query: host007.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.3", + "port": 57911 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#57911 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.3", + "port": 57911 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.3#57911 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.163", + "port": 61047 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.108", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mail.ofcggz.nl.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.108", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.163#61047 (mail.ofcggz.nl.): answer: mail.ofcggz.nl. IN A (10.100.0.1) -> NOERROR 60 A 198.51.100.108 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mail.ofcggz.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 62066 + }, + "dns": { + "question": { + "class": "IN", + "name": "wpad.canbus.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#62066 (wpad.canbus.net.): answer: wpad.canbus.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wpad.canbus.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.96", + "port": 50532 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.96#50532: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.96", + "port": 50532 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.96#50532 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.76", + "port": 65177 + }, + "dns": { + "question": { + "class": "IN", + "name": "outlook.office365.com", + "registered_domain": "office365.com", + "subdomain": "outlook", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.76#65177: query: outlook.office365.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office365.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.76", + "port": 65177 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "outlook.office365.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.76#65177 (outlook.office365.com.): answer: outlook.office365.com. IN A (10.100.0.1) -> NOERROR 220 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.10 7 A 198.51.100.11 7 A 198.51.100.218 7 A 198.51.100.6 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office365.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 57935 + }, + "dns": { + "question": { + "class": "IN", + "name": "obseu.seroundprince.com", + "registered_domain": "seroundprince.com", + "subdomain": "obseu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#57935: query: obseu.seroundprince.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "obseu.seroundprince.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 60255 + }, + "dns": { + "question": { + "class": "IN", + "name": "obseu.seroundprince.com", + "registered_domain": "seroundprince.com", + "subdomain": "obseu", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#60255: query: obseu.seroundprince.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "obseu.seroundprince.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 61325 + }, + "dns": { + "question": { + "class": "IN", + "name": "gsp85-ssl.ls.apple.com", + "registered_domain": "apple.com", + "subdomain": "gsp85-ssl.ls", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61325: query: gsp85-ssl.ls.apple.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 61325 + }, + "dns": { + "answers": [ + { + "data": "gsp85-ssl.ls2-apple.com.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "gsp85-ssl.ls.apple.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "gsp85-ssl.ls2-apple.com.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61325 (gsp85-ssl.ls.apple.com.): answer: gsp85-ssl.ls.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 1017 CNAME gsp85-ssl.ls2-apple.com.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.88", + "port": 59888 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.88#59888: query: europe.smartscreen.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.88", + "port": 59888 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.88#59888 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.88", + "port": 58317 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.88#58317: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.88", + "port": 58317 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.88#58317 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.93", + "port": 59023 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.93#59023: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.93", + "port": 59023 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.93#59023 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 49899 + }, + "dns": { + "question": { + "class": "IN", + "name": "gsp85-ssl.ls.apple.com", + "registered_domain": "apple.com", + "subdomain": "gsp85-ssl.ls", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#49899: query: gsp85-ssl.ls.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 49899 + }, + "dns": { + "answers": [ + { + "data": "gsp85-ssl.ls2-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.23", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "gsp85-ssl.ls.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "gsp85-ssl.ls2-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.23", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#49899 (gsp85-ssl.ls.apple.com.): answer: gsp85-ssl.ls.apple.com. IN A (10.100.0.1) -> NOERROR 1017 CNAME gsp85-ssl.ls2-apple.com.akadns.net. 27 A 198.51.100.23 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 53662 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com", + "registered_domain": "amazonaws.com", + "subdomain": "logs.eu-west-1", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#53662: query: logs.eu-west-1.amazonaws.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 53662 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#53662 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60040 + }, + "dns": { + "question": { + "class": "IN", + "name": "host041.host041.host041.example.net", + "registered_domain": "example.net", + "subdomain": "host041.host041.host041", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040: query: host041.host041.host041.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host041.host041.host041.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60040 + }, + "dns": { + "question": { + "class": "IN", + "name": "host041.host041.host041.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60040 (host041.host041.host041.example.net.): answer: host041.host041.host041.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host041.host041.host041.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 33835 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com", + "registered_domain": "amazonaws.com", + "subdomain": "logs.eu-west-1", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#33835: query: logs.eu-west-1.amazonaws.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 33835 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.189", + "type": "A" + }, + { + "data": "198.51.100.191", + "type": "A" + }, + { + "data": "198.51.100.194", + "type": "A" + }, + { + "data": "198.51.100.187", + "type": "A" + }, + { + "data": "198.51.100.188", + "type": "A" + }, + { + "data": "198.51.100.192", + "type": "A" + }, + { + "data": "198.51.100.193", + "type": "A" + }, + { + "data": "198.51.100.190", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.189", + "type": "A" + }, + { + "data": "198.51.100.191", + "type": "A" + }, + { + "data": "198.51.100.194", + "type": "A" + }, + { + "data": "198.51.100.187", + "type": "A" + }, + { + "data": "198.51.100.188", + "type": "A" + }, + { + "data": "198.51.100.192", + "type": "A" + }, + { + "data": "198.51.100.193", + "type": "A" + }, + { + "data": "198.51.100.190", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#33835 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN A (10.100.0.1) -> NOERROR 12 A 198.51.100.189 12 A 198.51.100.191 12 A 198.51.100.194 12 A 198.51.100.187 12 A 198.51.100.188 12 A 198.51.100.192 12 A 198.51.100.193 12 A 198.51.100.190 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 56970 + }, + "dns": { + "question": { + "class": "IN", + "name": "_dns.resolver.arpa", + "registered_domain": "resolver.arpa", + "subdomain": "_dns", + "top_level_domain": "arpa", + "type": "TYPE64" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56970: query: _dns.resolver.arpa IN TYPE64 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "_dns.resolver.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 56970 + }, + "dns": { + "question": { + "class": "IN", + "name": "_dns.resolver.arpa.", + "type": "TYPE64" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56970 (_dns.resolver.arpa.): answer: _dns.resolver.arpa. IN TYPE64 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "_dns.resolver.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 35084 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com", + "registered_domain": "amazonaws.com", + "subdomain": "logs.eu-west-1", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#35084: query: logs.eu-west-1.amazonaws.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 35084 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#35084 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 41572 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com", + "registered_domain": "amazonaws.com", + "subdomain": "logs.eu-west-1", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#41572: query: logs.eu-west-1.amazonaws.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 41572 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.190", + "type": "A" + }, + { + "data": "198.51.100.189", + "type": "A" + }, + { + "data": "198.51.100.191", + "type": "A" + }, + { + "data": "198.51.100.194", + "type": "A" + }, + { + "data": "198.51.100.187", + "type": "A" + }, + { + "data": "198.51.100.188", + "type": "A" + }, + { + "data": "198.51.100.192", + "type": "A" + }, + { + "data": "198.51.100.193", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.190", + "type": "A" + }, + { + "data": "198.51.100.189", + "type": "A" + }, + { + "data": "198.51.100.191", + "type": "A" + }, + { + "data": "198.51.100.194", + "type": "A" + }, + { + "data": "198.51.100.187", + "type": "A" + }, + { + "data": "198.51.100.188", + "type": "A" + }, + { + "data": "198.51.100.192", + "type": "A" + }, + { + "data": "198.51.100.193", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#41572 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN A (10.100.0.1) -> NOERROR 12 A 198.51.100.190 12 A 198.51.100.189 12 A 198.51.100.191 12 A 198.51.100.194 12 A 198.51.100.187 12 A 198.51.100.188 12 A 198.51.100.192 12 A 198.51.100.193 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 50279 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com", + "registered_domain": "amazonaws.com", + "subdomain": "logs.eu-west-1", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#50279: query: logs.eu-west-1.amazonaws.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 50279 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#50279 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 41251 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com", + "registered_domain": "amazonaws.com", + "subdomain": "logs.eu-west-1", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#41251: query: logs.eu-west-1.amazonaws.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 41251 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.188", + "type": "A" + }, + { + "data": "198.51.100.192", + "type": "A" + }, + { + "data": "198.51.100.193", + "type": "A" + }, + { + "data": "198.51.100.190", + "type": "A" + }, + { + "data": "198.51.100.189", + "type": "A" + }, + { + "data": "198.51.100.191", + "type": "A" + }, + { + "data": "198.51.100.194", + "type": "A" + }, + { + "data": "198.51.100.187", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.188", + "type": "A" + }, + { + "data": "198.51.100.192", + "type": "A" + }, + { + "data": "198.51.100.193", + "type": "A" + }, + { + "data": "198.51.100.190", + "type": "A" + }, + { + "data": "198.51.100.189", + "type": "A" + }, + { + "data": "198.51.100.191", + "type": "A" + }, + { + "data": "198.51.100.194", + "type": "A" + }, + { + "data": "198.51.100.187", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#41251 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN A (10.100.0.1) -> NOERROR 12 A 198.51.100.188 12 A 198.51.100.192 12 A 198.51.100.193 12 A 198.51.100.190 12 A 198.51.100.189 12 A 198.51.100.191 12 A 198.51.100.194 12 A 198.51.100.187 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 38988 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com", + "registered_domain": "amazonaws.com", + "subdomain": "logs.eu-west-1", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#38988: query: logs.eu-west-1.amazonaws.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 38988 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.189", + "type": "A" + }, + { + "data": "198.51.100.191", + "type": "A" + }, + { + "data": "198.51.100.194", + "type": "A" + }, + { + "data": "198.51.100.187", + "type": "A" + }, + { + "data": "198.51.100.188", + "type": "A" + }, + { + "data": "198.51.100.192", + "type": "A" + }, + { + "data": "198.51.100.193", + "type": "A" + }, + { + "data": "198.51.100.190", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.189", + "type": "A" + }, + { + "data": "198.51.100.191", + "type": "A" + }, + { + "data": "198.51.100.194", + "type": "A" + }, + { + "data": "198.51.100.187", + "type": "A" + }, + { + "data": "198.51.100.188", + "type": "A" + }, + { + "data": "198.51.100.192", + "type": "A" + }, + { + "data": "198.51.100.193", + "type": "A" + }, + { + "data": "198.51.100.190", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#38988 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN A (10.100.0.1) -> NOERROR 12 A 198.51.100.189 12 A 198.51.100.191 12 A 198.51.100.194 12 A 198.51.100.187 12 A 198.51.100.188 12 A 198.51.100.192 12 A 198.51.100.193 12 A 198.51.100.190 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 36750 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com", + "registered_domain": "amazonaws.com", + "subdomain": "logs.eu-west-1", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#36750: query: logs.eu-west-1.amazonaws.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.195", + "port": 36750 + }, + "dns": { + "question": { + "class": "IN", + "name": "logs.eu-west-1.amazonaws.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.195#36750 (logs.eu-west-1.amazonaws.com.): answer: logs.eu-west-1.amazonaws.com. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "logs.eu-west-1.amazonaws.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 60255 + }, + "dns": { + "question": { + "class": "IN", + "name": "obseu.seroundprince.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#60255 (obseu.seroundprince.com.): answer: obseu.seroundprince.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "obseu.seroundprince.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.106", + "port": 62425 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.106#62425: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.106", + "port": 62425 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.106#62425 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.19", + "port": 55292 + }, + "dns": { + "question": { + "class": "IN", + "name": "ctldl.windowsupdate.com", + "registered_domain": "windowsupdate.com", + "subdomain": "ctldl", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.19#55292: query: ctldl.windowsupdate.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ctldl.windowsupdate.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.19", + "port": 55292 + }, + "dns": { + "answers": [ + { + "data": "ctldl.windowsupdate.com.delivery.microsoft.com.", + "type": "CNAME" + }, + { + "data": "wu-b-net.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "bg.microsoft.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.111", + "type": "A" + }, + { + "data": "198.51.100.112", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ctldl.windowsupdate.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ctldl.windowsupdate.com.delivery.microsoft.com.", + "type": "CNAME" + }, + { + "data": "wu-b-net.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "bg.microsoft.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.111", + "type": "A" + }, + { + "data": "198.51.100.112", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.19#55292 (ctldl.windowsupdate.com.): answer: ctldl.windowsupdate.com. IN A (10.100.0.1) -> NOERROR 2379 CNAME ctldl.windowsupdate.com.delivery.microsoft.com. 2350 CNAME wu-b-net.trafficmanager.net. 247 CNAME bg.microsoft.map.fastly.net. 19 A 198.51.100.111 19 A 198.51.100.112 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ctldl.windowsupdate.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 56900 + }, + "dns": { + "question": { + "class": "IN", + "name": "gsp85-ssl.ls2-apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "gsp85-ssl.ls2-apple.com", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56900: query: gsp85-ssl.ls2-apple.com.akadns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls2-apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 56900 + }, + "dns": { + "question": { + "class": "IN", + "name": "gsp85-ssl.ls2-apple.com.akadns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56900 (gsp85-ssl.ls2-apple.com.akadns.net.): answer: gsp85-ssl.ls2-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls2-apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.126", + "port": 61396 + }, + "dns": { + "question": { + "class": "IN", + "name": "outlook.office365.com", + "registered_domain": "office365.com", + "subdomain": "outlook", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.126#61396: query: outlook.office365.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office365.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.126", + "port": 61396 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "outlook.office365.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.126#61396 (outlook.office365.com.): answer: outlook.office365.com. IN A (10.100.0.1) -> NOERROR 220 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.6 7 A 198.51.100.10 7 A 198.51.100.11 7 A 198.51.100.218 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office365.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.223", + "port": 52542 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.0.in-addr.arpa", + "registered_domain": "0.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#52542: query: 198.51.100.0.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.0.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.223", + "port": 52542 + }, + "dns": { + "answers": [ + { + "data": "host025.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.0.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host025.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#52542 (198.51.100.0.in-addr.arpa.): answer: 198.51.100.0.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 1800 PTR host025.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.0.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54963 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54963: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54963 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54963 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.92", + "port": 51600 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.92#51600: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.92", + "port": 51600 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.92#51600 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54964 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54964: query: host036.host036.host036.host036.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54964 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54964 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.49", + "port": 49918 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.49#49918: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.49", + "port": 49918 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.49#49918 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54965 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54965: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54965 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54965 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54966 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54966: query: host038.host038.host038.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54966 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54966 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54967 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54967: query: host038.host038.host038.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54967 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54967 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54968 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54968: query: host039.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54968 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54968 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54969 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54969: query: host039.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54969 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54969 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 47598 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.57.in-addr.arpa", + "registered_domain": "57.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#47598: query: 198.51.100.57.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.57.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 47598 + }, + "dns": { + "answers": [ + { + "data": "host042.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.57.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host042.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#47598 (198.51.100.57.in-addr.arpa.): answer: 198.51.100.57.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host042.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.57.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.34", + "port": 59472 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.34#59472: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.34", + "port": 59472 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.34#59472 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53419 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53419: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53419 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53419 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.51", + "port": 57571 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.51#57571: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53420 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53420: query: host036.host036.host036.host036.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.51", + "port": 57571 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.51#57571 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53420 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53420 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53421 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53421: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53421 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53421 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53422 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53422: query: host038.host038.host038.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53422 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53422 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.175", + "port": 52298 + }, + "dns": { + "question": { + "class": "IN", + "name": "config.teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "config.teams", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.175#52298: query: config.teams.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "config.teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.175", + "port": 52298 + }, + "dns": { + "answers": [ + { + "data": "config.teams.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "dual-s-0005-teams.config.skype.com.", + "type": "CNAME" + }, + { + "data": "config-teams.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.251", + "type": "A" + }, + { + "data": "198.51.100.252", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "config.teams.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "config.teams.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "dual-s-0005-teams.config.skype.com.", + "type": "CNAME" + }, + { + "data": "config-teams.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.251", + "type": "A" + }, + { + "data": "198.51.100.252", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.175#52298 (config.teams.microsoft.com.): answer: config.teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 3013 CNAME config.teams.trafficmanager.net. 47 CNAME dual-s-0005-teams.config.skype.com. 5719 CNAME config-teams.s-0005.dual-s-msedge.net. 92 CNAME s-0005.dual-s-msedge.net. 25 A 198.51.100.251 25 A 198.51.100.252 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "config.teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53423 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53423: query: host038.host038.host038.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53423 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53423 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53424 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53424: query: host039.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53424 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53424 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53425 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53425: query: host039.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.45", + "port": 53425 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.45#53425 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.135", + "port": 63065 + }, + "dns": { + "question": { + "class": "IN", + "name": "ctldl.windowsupdate.com", + "registered_domain": "windowsupdate.com", + "subdomain": "ctldl", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.135#63065: query: ctldl.windowsupdate.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ctldl.windowsupdate.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.135", + "port": 63065 + }, + "dns": { + "answers": [ + { + "data": "ctldl.windowsupdate.com.delivery.microsoft.com.", + "type": "CNAME" + }, + { + "data": "wu-b-net.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "bg.microsoft.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.111", + "type": "A" + }, + { + "data": "198.51.100.112", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ctldl.windowsupdate.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ctldl.windowsupdate.com.delivery.microsoft.com.", + "type": "CNAME" + }, + { + "data": "wu-b-net.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "bg.microsoft.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.111", + "type": "A" + }, + { + "data": "198.51.100.112", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.135#63065 (ctldl.windowsupdate.com.): answer: ctldl.windowsupdate.com. IN A (10.100.0.1) -> NOERROR 2379 CNAME ctldl.windowsupdate.com.delivery.microsoft.com. 2350 CNAME wu-b-net.trafficmanager.net. 247 CNAME bg.microsoft.map.fastly.net. 19 A 198.51.100.111 19 A 198.51.100.112 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ctldl.windowsupdate.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.153", + "port": 49392 + }, + "dns": { + "question": { + "class": "IN", + "name": "cl3.apple.com", + "registered_domain": "apple.com", + "subdomain": "cl3", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#49392: query: cl3.apple.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cl3.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.23", + "port": 49927 + }, + "dns": { + "question": { + "class": "IN", + "name": "outlook.office.com", + "registered_domain": "office.com", + "subdomain": "outlook", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.23#49927: query: outlook.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.23", + "port": 49927 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "outlook.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.23#49927 (outlook.office.com.): answer: outlook.office.com. IN A (10.100.0.1) -> NOERROR 31 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.6 7 A 198.51.100.218 7 A 198.51.100.11 7 A 198.51.100.10 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.61", + "port": 57029 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.snsbank.nl", + "registered_domain": "snsbank.nl", + "subdomain": "www", + "top_level_domain": "nl", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.61#57029: query: www.snsbank.nl IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.snsbank.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.61", + "port": 54387 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.snsbank.nl", + "registered_domain": "snsbank.nl", + "subdomain": "www", + "top_level_domain": "nl", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.61#54387: query: www.snsbank.nl IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.snsbank.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.239", + "port": 59161 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.239#59161: query: example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.239", + "port": 59161 + }, + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "question": { + "class": "IN", + "name": "example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.239#59161 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.153", + "port": 65237 + }, + "dns": { + "question": { + "class": "IN", + "name": "cl3.apple.com", + "registered_domain": "apple.com", + "subdomain": "cl3", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#65237: query: cl3.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cl3.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.76", + "port": 50409 + }, + "dns": { + "question": { + "class": "IN", + "name": "sn.webrootcloudav.com", + "registered_domain": "webrootcloudav.com", + "subdomain": "sn", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.76#50409: query: sn.webrootcloudav.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "sn.webrootcloudav.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.76", + "port": 50409 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.20", + "type": "A" + }, + { + "data": "198.51.100.225", + "type": "A" + }, + { + "data": "198.51.100.21", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "sn.webrootcloudav.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.20", + "type": "A" + }, + { + "data": "198.51.100.225", + "type": "A" + }, + { + "data": "198.51.100.21", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.76#50409 (sn.webrootcloudav.com.): answer: sn.webrootcloudav.com. IN A (10.100.0.1) -> NOERROR 40 A 198.51.100.20 40 A 198.51.100.225 40 A 198.51.100.21 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "sn.webrootcloudav.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60043 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net", + "registered_domain": "example.net", + "subdomain": "host037", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043: query: host037.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60043 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043 (host037.example.net.): answer: host037.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60043 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net", + "registered_domain": "example.net", + "subdomain": "host037", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043: query: host037.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60043 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.14", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host037.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.14", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043 (host037.example.net.): answer: host037.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.14 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60043 + }, + "dns": { + "question": { + "class": "IN", + "name": "host041.host041.host041.example.net", + "registered_domain": "example.net", + "subdomain": "host041.host041.host041", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043: query: host041.host041.host041.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host041.host041.host041.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60043 + }, + "dns": { + "question": { + "class": "IN", + "name": "host041.host041.host041.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60043 (host041.host041.host041.example.net.): answer: host041.host041.host041.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host041.host041.host041.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.153", + "port": 49392 + }, + "dns": { + "question": { + "class": "IN", + "name": "cl3.apple.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#49392 (cl3.apple.com.): answer: cl3.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cl3.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.16", + "port": 57345 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.16#57345: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.16", + "port": 57345 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.16#57345 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.61", + "port": 57029 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.snsbank.nl.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.61#57029 (www.snsbank.nl.): answer: www.snsbank.nl. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.snsbank.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.54", + "port": 49940 + }, + "dns": { + "question": { + "class": "IN", + "name": "host043.host043.example.net", + "registered_domain": "example.net", + "subdomain": "host043.host043", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#49940: query: host043.host043.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host043.host043.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.54", + "port": 49940 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.216", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host043.host043.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.216", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#49940 (host043.host043.example.net.): answer: host043.host043.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.216 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host043.host043.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.35", + "port": 65420 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.35#65420: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.35", + "port": 65420 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.35#65420 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 57935 + }, + "dns": { + "answers": [ + { + "data": "master.eu-west-1.prod.engine-nlb.cheqzone.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.198", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "obseu.seroundprince.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "master.eu-west-1.prod.engine-nlb.cheqzone.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.198", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#57935 (obseu.seroundprince.com.): answer: obseu.seroundprince.com. IN A (10.100.0.1) -> NOERROR 60 CNAME master.eu-west-1.prod.engine-nlb.cheqzone.com. 17 A 198.51.100.198 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "obseu.seroundprince.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.78", + "port": 59789 + }, + "dns": { + "question": { + "class": "IN", + "name": "enterpriseregistration.windows.net", + "registered_domain": "windows.net", + "subdomain": "enterpriseregistration", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.78#59789: query: enterpriseregistration.windows.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "enterpriseregistration.windows.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.78", + "port": 59789 + }, + "dns": { + "answers": [ + { + "data": "na.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "prdf.aadg.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.f.prd.aadg.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.213", + "type": "A" + }, + { + "data": "198.51.100.150", + "type": "A" + }, + { + "data": "198.51.100.215", + "type": "A" + }, + { + "data": "198.51.100.152", + "type": "A" + }, + { + "data": "198.51.100.151", + "type": "A" + }, + { + "data": "198.51.100.214", + "type": "A" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "40.12", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "enterpriseregistration.windows.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "na.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "prdf.aadg.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.f.prd.aadg.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.213", + "type": "A" + }, + { + "data": "198.51.100.150", + "type": "A" + }, + { + "data": "198.51.100.215", + "type": "A" + }, + { + "data": "198.51.100.152", + "type": "A" + }, + { + "data": "198.51.100.151", + "type": "A" + }, + { + "data": "198.51.100.214", + "type": "A" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "40.12", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.78#59789 (enterpriseregistration.windows.net.): answer: enterpriseregistration.windows.net. IN A (10.100.0.1) -> NOERROR 1792 CNAME na.privatelink.msidentity.com. 129 CNAME prdf.aadg.msidentity.com. 21 CNAME www.tm.f.prd.aadg.akadns.net. 291 A 198.51.100.213 291 A 198.51.100.150 291 A 198.51.100.215 291 A 198.51.100.152 291 A 198.51.100.151 291 A 198.51.100.214 291 A 198.51.100.211 291 A 40.12" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "enterpriseregistration.windows.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.225", + "port": 60834 + }, + "dns": { + "question": { + "class": "IN", + "name": "host044.example.net", + "registered_domain": "example.net", + "subdomain": "host044", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.225#60834: query: host044.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host044.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.225", + "port": 60834 + }, + "dns": { + "question": { + "class": "IN", + "name": "host044.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.225#60834 (host044.example.net.): answer: host044.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host044.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.194", + "port": 39477 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.81.in-addr.arpa", + "registered_domain": "81.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#39477: query: 198.51.100.81.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.81.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.194", + "port": 39477 + }, + "dns": { + "answers": [ + { + "data": "host045.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.81.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host045.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#39477 (198.51.100.81.in-addr.arpa.): answer: 198.51.100.81.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host045.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.81.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.137", + "port": 7122 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-mobile.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#7122: query: eu-mobile.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.137", + "port": 7122 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#7122 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.153", + "port": 65237 + }, + "dns": { + "answers": [ + { + "data": "cl3-cdn.origin-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "cl3.g.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.57", + "type": "A" + }, + { + "data": "198.51.100.52", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "cl3.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cl3-cdn.origin-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "cl3.g.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.57", + "type": "A" + }, + { + "data": "198.51.100.52", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#65237 (cl3.apple.com.): answer: cl3.apple.com. IN A (10.100.0.1) -> NOERROR 508 CNAME cl3-cdn.origin-apple.com.akadns.net. 340 CNAME cl3.g.aaplimg.com. 15 A 198.51.100.57 15 A 198.51.100.52 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cl3.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 65019 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.opendns.com", + "registered_domain": "opendns.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#65019: query: dns.opendns.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.opendns.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 65019 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.161", + "type": "A" + }, + { + "data": "198.51.100.160", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "dns.opendns.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.161", + "type": "A" + }, + { + "data": "198.51.100.160", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#65019 (dns.opendns.com.): answer: dns.opendns.com. IN A (10.100.0.1) -> NOERROR 2380 A 198.51.100.161 2380 A 198.51.100.160 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.opendns.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60046 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net", + "registered_domain": "example.net", + "subdomain": "host037", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046: query: host037.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60046 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046 (host037.example.net.): answer: host037.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60046 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net", + "registered_domain": "example.net", + "subdomain": "host037", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046: query: host037.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60046 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.14", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host037.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.14", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046 (host037.example.net.): answer: host037.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.14 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.64", + "port": 64508 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.64#64508: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.64", + "port": 64508 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.64#64508 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 54799 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.umbrella.com", + "registered_domain": "umbrella.com", + "subdomain": "doh", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#54799: query: doh.umbrella.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.umbrella.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 54799 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.255", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "doh.umbrella.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.255", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#54799 (doh.umbrella.com.): answer: doh.umbrella.com. IN A (10.100.0.1) -> NOERROR 1 A 198.51.100.255 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.umbrella.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 56344 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.umbrella.com", + "registered_domain": "umbrella.com", + "subdomain": "doh", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56344: query: doh.umbrella.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.umbrella.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 56344 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.umbrella.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#56344 (doh.umbrella.com.): answer: doh.umbrella.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.umbrella.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 53419 + }, + "dns": { + "question": { + "class": "IN", + "name": "host046.host046.example.net", + "registered_domain": "example.net", + "subdomain": "host046.host046", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#53419: query: host046.host046.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host046.host046.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 63373 + }, + "dns": { + "question": { + "class": "IN", + "name": "_dns.resolver.arpa", + "registered_domain": "resolver.arpa", + "subdomain": "_dns", + "top_level_domain": "arpa", + "type": "TYPE64" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#63373: query: _dns.resolver.arpa IN TYPE64 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "_dns.resolver.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 63373 + }, + "dns": { + "question": { + "class": "IN", + "name": "_dns.resolver.arpa.", + "type": "TYPE64" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#63373 (_dns.resolver.arpa.): answer: _dns.resolver.arpa. IN TYPE64 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "_dns.resolver.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 49553 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.opendns.com", + "registered_domain": "opendns.com", + "subdomain": "doh", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#49553: query: doh.opendns.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.opendns.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 49553 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.254", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "doh.opendns.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.254", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#49553 (doh.opendns.com.): answer: doh.opendns.com. IN A (10.100.0.1) -> NOERROR 114 A 198.51.100.254 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.opendns.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 53419 + }, + "dns": { + "question": { + "class": "IN", + "name": "host047.host047.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#53419 (host047.host047.example.net.): answer: host047.host047.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host047.host047.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60046 + }, + "dns": { + "question": { + "class": "IN", + "name": "host041.host041.host041.example.net", + "registered_domain": "example.net", + "subdomain": "host041.host041.host041", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046: query: host041.host041.host041.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host041.host041.host041.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 51160 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.opendns.com", + "registered_domain": "opendns.com", + "subdomain": "doh", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#51160: query: doh.opendns.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.opendns.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 51160 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.opendns.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#51160 (doh.opendns.com.): answer: doh.opendns.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.opendns.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.138", + "port": 60046 + }, + "dns": { + "question": { + "class": "IN", + "name": "host041.host041.host041.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.138#60046 (host041.host041.host041.example.net.): answer: host041.host041.host041.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host041.host041.host041.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 57116 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.umbrella.com", + "registered_domain": "umbrella.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#57116: query: dns.umbrella.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.umbrella.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 57116 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.161", + "type": "A" + }, + { + "data": "198.51.100.160", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "dns.umbrella.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.161", + "type": "A" + }, + { + "data": "198.51.100.160", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#57116 (dns.umbrella.com.): answer: dns.umbrella.com. IN A (10.100.0.1) -> NOERROR 376 A 198.51.100.161 376 A 198.51.100.160 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.umbrella.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 62393 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.umbrella.com", + "registered_domain": "umbrella.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#62393: query: dns.umbrella.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.umbrella.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 62393 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.umbrella.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#62393 (dns.umbrella.com.): answer: dns.umbrella.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.umbrella.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 63904 + }, + "dns": { + "question": { + "class": "IN", + "name": "master.eu-west-1.prod.engine-nlb.cheqzone.com", + "registered_domain": "cheqzone.com", + "subdomain": "master.eu-west-1.prod.engine-nlb", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63904: query: master.eu-west-1.prod.engine-nlb.cheqzone.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "master.eu-west-1.prod.engine-nlb.cheqzone.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 61835 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.opendns.com", + "registered_domain": "opendns.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61835: query: dns.opendns.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.opendns.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 61835 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.opendns.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61835 (dns.opendns.com.): answer: dns.opendns.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.opendns.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 64184 + }, + "dns": { + "question": { + "class": "IN", + "name": "host048.example.net", + "registered_domain": "example.net", + "subdomain": "host048", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#64184: query: host048.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host048.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 64184 + }, + "dns": { + "question": { + "class": "IN", + "name": "host049.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#64184 (host049.example.net.): answer: host049.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host049.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 51884 + }, + "dns": { + "question": { + "class": "IN", + "name": "host200.internal.net", + "registered_domain": "internal.net", + "subdomain": "host200", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#51884: query: host200.internal.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host200.internal.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 51884 + }, + "dns": { + "question": { + "class": "IN", + "name": "host200.internal.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#51884 (host200.internal.net.): answer: host200.internal.net. IN A (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host200.internal.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.64", + "port": 53265 + }, + "dns": { + "question": { + "class": "IN", + "name": "turbo.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "turbo", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.64#53265: query: turbo.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.64", + "port": 53265 + }, + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "turbo.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.64#53265 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.85", + "port": 61721 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.googletagmanager.com", + "registered_domain": "googletagmanager.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.85#61721: query: www.googletagmanager.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.googletagmanager.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.85", + "port": 61721 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.252", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.googletagmanager.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.252", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.85#61721 (www.googletagmanager.com.): answer: www.googletagmanager.com. IN A (10.100.0.1) -> NOERROR 201 A 198.51.100.252 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.googletagmanager.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.129", + "port": 61233 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.129#61233: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.129", + "port": 61233 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.129#61233 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.64", + "port": 51746 + }, + "dns": { + "question": { + "class": "IN", + "name": "turbo.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "turbo", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.64#51746: query: turbo.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.64", + "port": 51746 + }, + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-b01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.211", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "turbo.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-b01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.211", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.64#51746 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN A (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. 5 CNAME mr-b01.tm-azurefd.net. 28 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.210 35 A 198.51.100.211 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.85", + "port": 65484 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.googletagmanager.com", + "registered_domain": "googletagmanager.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.85#65484: query: www.googletagmanager.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.googletagmanager.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.85", + "port": 65484 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.googletagmanager.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.85#65484 (www.googletagmanager.com.): answer: www.googletagmanager.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.googletagmanager.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.227", + "port": 55240 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.227#55240: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.227", + "port": 55240 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.227#55240 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.11", + "port": 54043 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.11#54043: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.11", + "port": 54043 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.11#54043 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 63904 + }, + "dns": { + "question": { + "class": "IN", + "name": "master.eu-west-1.prod.engine-nlb.cheqzone.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63904 (master.eu-west-1.prod.engine-nlb.cheqzone.com.): answer: master.eu-west-1.prod.engine-nlb.cheqzone.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "master.eu-west-1.prod.engine-nlb.cheqzone.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.221", + "port": 59759 + }, + "dns": { + "question": { + "class": "IN", + "name": "host050.example.net", + "registered_domain": "example.net", + "subdomain": "host050", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.221#59759: query: host050.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host050.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.221", + "port": 59759 + }, + "dns": { + "question": { + "class": "IN", + "name": "host050.example.net", + "registered_domain": "example.net", + "subdomain": "host050", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.221#59759: query: host050.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host050.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.61", + "port": 54387 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.126", + "type": "A" + }, + { + "data": "198.51.100.129", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.snsbank.nl.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.126", + "type": "A" + }, + { + "data": "198.51.100.129", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.61#54387 (www.snsbank.nl.): answer: www.snsbank.nl. IN A (10.100.0.1) -> NOERROR 20 A 198.51.100.126 20 A 198.51.100.129 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.snsbank.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.221", + "port": 59759 + }, + "dns": { + "answers": [ + { + "data": "172.16.2.65", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host051.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "172.16.2.65", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.221#59759 (host051.example.net.): answer: host051.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 172.16.2.65 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host051.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.221", + "port": 59759 + }, + "dns": { + "question": { + "class": "IN", + "name": "host051.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.221#59759 (host051.example.net.): answer: host051.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host051.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.82", + "port": 49540 + }, + "dns": { + "question": { + "class": "IN", + "name": "host034.example.net", + "registered_domain": "example.net", + "subdomain": "host034", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.82#49540: query: host034.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host034.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.82", + "port": 49540 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host034.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.82#49540 (host034.example.net.): answer: host034.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host034.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.153", + "port": 54808 + }, + "dns": { + "question": { + "class": "IN", + "name": "cl3.g.aaplimg.com", + "registered_domain": "aaplimg.com", + "subdomain": "cl3.g", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#54808: query: cl3.g.aaplimg.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cl3.g.aaplimg.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.153", + "port": 54808 + }, + "dns": { + "question": { + "class": "IN", + "name": "cl3.g.aaplimg.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.153#54808 (cl3.g.aaplimg.com.): answer: cl3.g.aaplimg.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cl3.g.aaplimg.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 50405 + }, + "dns": { + "question": { + "class": "IN", + "name": "test-gateway.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "test-gateway", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#50405: query: test-gateway.instagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "test-gateway.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 50405 + }, + "dns": { + "answers": [ + { + "data": "dgw-ig.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.28", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "test-gateway.instagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dgw-ig.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.28", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#50405 (test-gateway.instagram.com.): answer: test-gateway.instagram.com. IN A (10.100.0.1) -> NOERROR 2033 CNAME dgw-ig.c10r.facebook.com. 8 A 198.51.100.28 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "test-gateway.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.186", + "port": 65533 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.113.in-addr.arpa", + "registered_domain": "113.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#65533: query: lb._dns-sd._udp.198.51.100.113.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.113.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.186", + "port": 65533 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.113.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#65533 (lb._dns-sd._udp.198.51.100.113.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.113.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.113.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 64242 + }, + "dns": { + "question": { + "class": "IN", + "name": "gateway.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "gateway", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#64242: query: gateway.instagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gateway.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 64242 + }, + "dns": { + "answers": [ + { + "data": "dgw.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.26", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "gateway.instagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dgw.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.26", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#64242 (gateway.instagram.com.): answer: gateway.instagram.com. IN A (10.100.0.1) -> NOERROR 1212 CNAME dgw.c10r.facebook.com. 33 A 198.51.100.26 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gateway.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.186", + "port": 58930 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net", + "registered_domain": "example.net", + "subdomain": "host021.host021.host021", + "top_level_domain": "net", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#58930: query: host021.host021.host021.example.net IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.186", + "port": 58930 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#58930 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.186", + "port": 49738 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa", + "registered_domain": "2.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#49738: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.186", + "port": 49738 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.186#49738 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.176", + "port": 62054 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.176#62054: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.176", + "port": 62054 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.176#62054 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.184", + "port": 53303 + }, + "dns": { + "question": { + "class": "IN", + "name": "ecs.office.com", + "registered_domain": "office.com", + "subdomain": "ecs", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.184#53303: query: ecs.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ecs.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.184", + "port": 53303 + }, + "dns": { + "answers": [ + { + "data": "ecs.office.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "dual-s-0005-office.config.skype.com.", + "type": "CNAME" + }, + { + "data": "ecs-office.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.252", + "type": "A" + }, + { + "data": "198.51.100.251", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ecs.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ecs.office.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "dual-s-0005-office.config.skype.com.", + "type": "CNAME" + }, + { + "data": "ecs-office.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.252", + "type": "A" + }, + { + "data": "198.51.100.251", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.184#53303 (ecs.office.com.): answer: ecs.office.com. IN A (10.100.0.1) -> NOERROR 78 CNAME ecs.office.trafficmanager.net. 7 CNAME dual-s-0005-office.config.skype.com. 8549 CNAME ecs-office.s-0005.dual-s-msedge.net. 40 CNAME s-0005.dual-s-msedge.net. 25 A 198.51.100.252 25 A 198.51.100.251 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ecs.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 26652 + }, + "dns": { + "question": { + "class": "IN", + "name": "api-emea.flightproxy.teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "api-emea.flightproxy.teams", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#26652: query: api-emea.flightproxy.teams.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api-emea.flightproxy.teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.66", + "port": 55371 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.66#55371: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.66", + "port": 55371 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.66#55371 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.75", + "port": 60078 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.75#60078: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.75", + "port": 60078 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.75#60078 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.194", + "port": 45361 + }, + "dns": { + "question": { + "class": "IN", + "name": "host045.example.net", + "registered_domain": "example.net", + "subdomain": "host045", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#45361: query: host045.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host045.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.194", + "port": 45361 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.191", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host045.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.191", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#45361 (host045.example.net.): answer: host045.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.191 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host045.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.130", + "port": 55301 + }, + "dns": { + "question": { + "class": "IN", + "name": "v10.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "v10.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.130#55301: query: v10.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v10.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.130", + "port": 55301 + }, + "dns": { + "answers": [ + { + "data": "win-global-asimov-leafs-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdeus11.eastus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.154", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "v10.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "win-global-asimov-leafs-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdeus11.eastus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.154", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.130#55301 (v10.events.data.microsoft.com.): answer: v10.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 22 CNAME win-global-asimov-leafs-events-data.trafficmanager.net. 6 CNAME onedscolprdeus11.eastus.cloudapp.azure.com. 5 A 198.51.100.154 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v10.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.15", + "port": 45859 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net", + "registered_domain": "example.net", + "subdomain": "host031", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.15#45859: query: host031.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.15", + "port": 45859 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net", + "registered_domain": "example.net", + "subdomain": "host031", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.15#45859: query: host031.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.15", + "port": 45859 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.134", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host031.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.134", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.15#45859 (host031.example.net.): answer: host031.example.net. IN A (10.100.0.1) -> NOERROR 300 A 10.1.1.134 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.15", + "port": 45859 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.15#45859 (host031.example.net.): answer: host031.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.24", + "port": 50529 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-word-edit.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-word-edit.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.24#50529: query: euc-word-edit.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-edit.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.24", + "port": 50529 + }, + "dns": { + "answers": [ + { + "data": "euc-word-edit-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "euc-word-edit.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-word-edit-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.24#50529 (euc-word-edit.officeapps.live.com.): answer: euc-word-edit.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 3 CNAME euc-word-edit-geo.wac.trafficmanager.net. 14 CNAME euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 20 CNAME wac-0003.wac-msedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-edit.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.24", + "port": 52993 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-word-edit.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-word-edit.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.24#52993: query: euc-word-edit.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-edit.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.24", + "port": 52993 + }, + "dns": { + "answers": [ + { + "data": "euc-word-edit-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-word-edit.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-word-edit-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.24#52993 (euc-word-edit.officeapps.live.com.): answer: euc-word-edit.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 3 CNAME euc-word-edit-geo.wac.trafficmanager.net. 14 CNAME euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 20 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.235 18 A 198.51.100.236 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-edit.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.137", + "port": 48503 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.tizen.org", + "registered_domain": "tizen.org", + "subdomain": "www", + "top_level_domain": "org", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#48503: query: www.tizen.org IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.tizen.org" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.137", + "port": 48503 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.97", + "type": "A" + }, + { + "data": "198.51.100.96", + "type": "A" + }, + { + "data": "198.51.100.98", + "type": "A" + }, + { + "data": "198.51.100.99", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.tizen.org.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.97", + "type": "A" + }, + { + "data": "198.51.100.96", + "type": "A" + }, + { + "data": "198.51.100.98", + "type": "A" + }, + { + "data": "198.51.100.99", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#48503 (www.tizen.org.): answer: www.tizen.org. IN A (10.100.0.1) -> NOERROR 12 A 198.51.100.97 12 A 198.51.100.96 12 A 198.51.100.98 12 A 198.51.100.99 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.tizen.org." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.4", + "port": 15232 + }, + "dns": { + "question": { + "class": "IN", + "name": "host052.example.net", + "registered_domain": "example.net", + "subdomain": "host052", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#15232: query: host052.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host052.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.4", + "port": 15232 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.2", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host052.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.2", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#15232 (host052.example.net.): answer: host052.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.2 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host052.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.4", + "port": 46339 + }, + "dns": { + "question": { + "class": "IN", + "name": "host052.example.net", + "registered_domain": "example.net", + "subdomain": "host052", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#46339: query: host052.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host052.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.4", + "port": 46339 + }, + "dns": { + "question": { + "class": "IN", + "name": "host052.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#46339 (host052.example.net.): answer: host052.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host052.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.101", + "port": 58858 + }, + "dns": { + "question": { + "class": "IN", + "name": "outlook.office.com", + "registered_domain": "office.com", + "subdomain": "outlook", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.101#58858: query: outlook.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.101", + "port": 58858 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "outlook.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.101#58858 (outlook.office.com.): answer: outlook.office.com. IN A (10.100.0.1) -> NOERROR 31 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.218 7 A 198.51.100.11 7 A 198.51.100.10 7 A 198.51.100.6 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.200", + "port": 56508 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.200#56508: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.200", + "port": 56508 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.200#56508: query: eu-v20.events.endpoint.security.microsoft.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.200", + "port": 56508 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.200#56508 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.200", + "port": 56508 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.200#56508 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.194", + "port": 49921 + }, + "dns": { + "question": { + "class": "IN", + "name": "host045.example.net", + "registered_domain": "example.net", + "subdomain": "host045", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#49921: query: host045.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host045.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 58342 + }, + "dns": { + "question": { + "class": "IN", + "name": "host053.example.net", + "registered_domain": "example.net", + "subdomain": "host053", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#58342: query: host053.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host053.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.194", + "port": 49921 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.191", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host045.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.191", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#49921 (host045.example.net.): answer: host045.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.191 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host045.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 58342 + }, + "dns": { + "question": { + "class": "IN", + "name": "host053.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#58342 (host053.example.net.): answer: host053.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host053.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.194", + "port": 57464 + }, + "dns": { + "question": { + "class": "IN", + "name": "host045.example.net", + "registered_domain": "example.net", + "subdomain": "host045", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#57464: query: host045.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host045.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.194", + "port": 57464 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.191", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host045.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.191", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.194#57464 (host045.example.net.): answer: host045.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.191 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host045.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.4", + "port": 61891 + }, + "dns": { + "question": { + "class": "IN", + "name": "host054.example.net", + "registered_domain": "example.net", + "subdomain": "host054", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#61891: query: host054.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host054.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.4", + "port": 61891 + }, + "dns": { + "question": { + "class": "IN", + "name": "host054.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#61891 (host054.example.net.): answer: host054.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host054.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.4", + "port": 54295 + }, + "dns": { + "question": { + "class": "IN", + "name": "host054.example.net", + "registered_domain": "example.net", + "subdomain": "host054", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#54295: query: host054.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host054.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.4", + "port": 54295 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host054.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.4#54295 (host054.example.net.): answer: host054.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host054.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.52", + "port": 58462 + }, + "dns": { + "question": { + "class": "IN", + "name": "turbo.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "turbo", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.52#58462: query: turbo.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.52", + "port": 58462 + }, + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-b01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "turbo.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-b01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.52#58462 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN A (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. 5 CNAME mr-b01.tm-azurefd.net. 28 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.211 35 A 198.51.100.210 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.30", + "port": 54389 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edge", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.30#54389: query: edge.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.30", + "port": 54389 + }, + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "edge.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.30#54389 (edge.microsoft.com.): answer: edge.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.30", + "port": 49206 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edge", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.30#49206: query: edge.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.30", + "port": 49206 + }, + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + }, + { + "data": "ax-0002.ax-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.4", + "type": "A" + }, + { + "data": "198.51.100.3", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edge.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + }, + { + "data": "ax-0002.ax-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.4", + "type": "A" + }, + { + "data": "198.51.100.3", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.30#49206 (edge.microsoft.com.): answer: edge.microsoft.com. IN A (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. 80 CNAME ax-0002.ax-dc-msedge.net. 5 A 198.51.100.4 5 A 198.51.100.3 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 26652 + }, + "dns": { + "answers": [ + { + "data": "flightproxy-emea-teams.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ep-frce-02-prod-aks.flightproxy.teams.microsoft.com.", + "type": "CNAME" + }, + { + "data": "epx.frce-02.ic3-calling-enterpriseproxy.francecentral-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-francecentral-ns-9ecb4f6d7", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "api-emea.flightproxy.teams.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "flightproxy-emea-teams.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ep-frce-02-prod-aks.flightproxy.teams.microsoft.com.", + "type": "CNAME" + }, + { + "data": "epx.frce-02.ic3-calling-enterpriseproxy.francecentral-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-francecentral-ns-9ecb4f6d7", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#26652 (api-emea.flightproxy.teams.microsoft.com.): answer: api-emea.flightproxy.teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 43017 CNAME flightproxy-emea-teams.trafficmanager.net. 19 CNAME ep-frce-02-prod-aks.flightproxy.teams.microsoft.com. 10202 CNAME epx.frce-02.ic3-calling-enterpriseproxy.francecentral-prod.cosmic.office.net. 4 CNAME cosmic-francecentral-ns-9ecb4f6d7" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api-emea.flightproxy.teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.48", + "port": 52031 + }, + "dns": { + "question": { + "class": "IN", + "name": "r4.res.office365.com", + "registered_domain": "office365.com", + "subdomain": "r4.res", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.48#52031: query: r4.res.office365.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "r4.res.office365.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.48", + "port": 52031 + }, + "dns": { + "answers": [ + { + "data": "r4.res.office365.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e40491.dscg.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.125", + "type": "A" + }, + { + "data": "198.51.100.131", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "r4.res.office365.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "r4.res.office365.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e40491.dscg.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.125", + "type": "A" + }, + { + "data": "198.51.100.131", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.48#52031 (r4.res.office365.com.): answer: r4.res.office365.com. IN A (10.100.0.1) -> NOERROR 219 CNAME r4.res.office365.com.edgekey.net. 9 CNAME e40491.dscg.akamaiedge.net. 12 A 198.51.100.125 12 A 198.51.100.131 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "r4.res.office365.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.27", + "port": 55201 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.27#55201: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.27", + "port": 55201 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.27#55201 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.50", + "port": 49235 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.50#49235: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.50", + "port": 49235 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.50#49235 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.66", + "port": 57679 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-teams.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.66#57679: query: eu-teams.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.66", + "port": 57679 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.66#57679 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.2", + "port": 63480 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.35.in-addr.arpa", + "registered_domain": "35.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.2#63480: query: 198.51.100.35.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.35.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.2", + "port": 63480 + }, + "dns": { + "answers": [ + { + "data": "host055.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.35.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host055.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.2#63480 (198.51.100.35.in-addr.arpa.): answer: 198.51.100.35.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host055.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.35.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.231", + "port": 62453 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.231#62453: query: example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.66", + "port": 50834 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-teams.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.66#50834: query: eu-teams.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.66", + "port": 50834 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.66#50834 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.231", + "port": 62453 + }, + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "question": { + "class": "IN", + "name": "example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.231#62453 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.162", + "port": 55408 + }, + "dns": { + "question": { + "class": "IN", + "name": "web.whatsapp.com", + "registered_domain": "whatsapp.com", + "subdomain": "web", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.162#55408: query: web.whatsapp.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "web.whatsapp.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.162", + "port": 55408 + }, + "dns": { + "answers": [ + { + "data": "mmx-ds.cdn.whatsapp.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "web.whatsapp.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mmx-ds.cdn.whatsapp.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.162#55408 (web.whatsapp.com.): answer: web.whatsapp.com. IN TYPE65 (10.100.0.1) -> NOERROR 3419 CNAME mmx-ds.cdn.whatsapp.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "web.whatsapp.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.162", + "port": 56602 + }, + "dns": { + "question": { + "class": "IN", + "name": "web.whatsapp.com", + "registered_domain": "whatsapp.com", + "subdomain": "web", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.162#56602: query: web.whatsapp.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "web.whatsapp.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.162", + "port": 56602 + }, + "dns": { + "answers": [ + { + "data": "mmx-ds.cdn.whatsapp.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.32", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "web.whatsapp.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mmx-ds.cdn.whatsapp.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.32", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.162#56602 (web.whatsapp.com.): answer: web.whatsapp.com. IN A (10.100.0.1) -> NOERROR 3419 CNAME mmx-ds.cdn.whatsapp.net. 2 A 198.51.100.32 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "web.whatsapp.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.91", + "port": 54359 + }, + "dns": { + "question": { + "class": "IN", + "name": "nexusrules.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "nexusrules.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.91#54359: query: nexusrules.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "nexusrules.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.91", + "port": 54359 + }, + "dns": { + "answers": [ + { + "data": "prod.nexusrules.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.249", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "nexusrules.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod.nexusrules.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.249", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.91#54359 (nexusrules.officeapps.live.com.): answer: nexusrules.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 2687 CNAME prod.nexusrules.live.com.akadns.net. 23 A 198.51.100.249 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "nexusrules.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 47173 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#47173: query: host013.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 47173 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#47173: query: host013.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 47173 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#47173 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 47173 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#47173 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.32", + "port": 52762 + }, + "dns": { + "question": { + "class": "IN", + "name": "enterpriseregistration.windows.net", + "registered_domain": "windows.net", + "subdomain": "enterpriseregistration", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.32#52762: query: enterpriseregistration.windows.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "enterpriseregistration.windows.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.32", + "port": 52762 + }, + "dns": { + "answers": [ + { + "data": "na.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "prdf.aadg.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.f.prd.aadg.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.152", + "type": "A" + }, + { + "data": "198.51.100.151", + "type": "A" + }, + { + "data": "198.51.100.214", + "type": "A" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.212", + "type": "A" + }, + { + "data": "198.51.100.213", + "type": "A" + }, + { + "data": "198.51.100.150", + "type": "A" + }, + { + "data": "40.12", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "enterpriseregistration.windows.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "na.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "prdf.aadg.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.f.prd.aadg.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.152", + "type": "A" + }, + { + "data": "198.51.100.151", + "type": "A" + }, + { + "data": "198.51.100.214", + "type": "A" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.212", + "type": "A" + }, + { + "data": "198.51.100.213", + "type": "A" + }, + { + "data": "198.51.100.150", + "type": "A" + }, + { + "data": "40.12", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.32#52762 (enterpriseregistration.windows.net.): answer: enterpriseregistration.windows.net. IN A (10.100.0.1) -> NOERROR 1792 CNAME na.privatelink.msidentity.com. 129 CNAME prdf.aadg.msidentity.com. 21 CNAME www.tm.f.prd.aadg.akadns.net. 291 A 198.51.100.152 291 A 198.51.100.151 291 A 198.51.100.214 291 A 198.51.100.211 291 A 198.51.100.212 291 A 198.51.100.213 291 A 198.51.100.150 291 A 40.12" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "enterpriseregistration.windows.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.146", + "port": 62034 + }, + "dns": { + "question": { + "class": "IN", + "name": "login.microsoftonline.com", + "registered_domain": "microsoftonline.com", + "subdomain": "login", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#62034: query: login.microsoftonline.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.146", + "port": 62034 + }, + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "login.microsoftonline.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#62034 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 99 A 198.51.100.145 99 A 198.51.100.147 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.140", + "port": 61255 + }, + "dns": { + "question": { + "class": "IN", + "name": "host004.host004.host004.host004.example.net", + "registered_domain": "example.net", + "subdomain": "host004.host004.host004.host004", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.140#61255: query: host004.host004.host004.host004.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host004.host004.host004.host004.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.140", + "port": 61255 + }, + "dns": { + "answers": [ + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + } + ], + "question": { + "class": "IN", + "name": "host004.host004.host004.host004.example.net.", + "type": "SRV" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.140#61255 (host004.host004.host004.host004.example.net.): answer: host004.host004.host004.host004.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host005.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host004.host004.host004.host004.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 40005 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.209.in-addr.arpa", + "registered_domain": "209.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#40005: query: 198.51.100.209.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.209.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 40005 + }, + "dns": { + "answers": [ + { + "data": "host056.host056.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.209.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host056.host056.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#40005 (198.51.100.209.in-addr.arpa.): answer: 198.51.100.209.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host056.host056.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.209.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.140", + "port": 61255 + }, + "dns": { + "question": { + "class": "IN", + "name": "host005.example.net", + "registered_domain": "example.net", + "subdomain": "host005", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.140#61255: query: host005.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host005.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.140", + "port": 61255 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.228", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host005.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.228", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.140#61255 (host005.example.net.): answer: host005.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.228 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host005.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 31651 + }, + "dns": { + "question": { + "class": "IN", + "name": "go-eu.trouter.teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "go-eu.trouter.teams", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#31651: query: go-eu.trouter.teams.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "go-eu.trouter.teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 31651 + }, + "dns": { + "answers": [ + { + "data": "trouter-atm-pub-ent-emea.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pub-ent-euwe-07-t.trouter.teams.microsoft.com.", + "type": "CNAME" + }, + { + "data": "partition-cname-trouter.pub-ent-euwe-07.ic3-edf-trouter.westeurope-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-westeurope-ns-b80c4716b71c.traffic", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "go-eu.trouter.teams.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "trouter-atm-pub-ent-emea.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pub-ent-euwe-07-t.trouter.teams.microsoft.com.", + "type": "CNAME" + }, + { + "data": "partition-cname-trouter.pub-ent-euwe-07.ic3-edf-trouter.westeurope-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-westeurope-ns-b80c4716b71c.traffic", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#31651 (go-eu.trouter.teams.microsoft.com.): answer: go-eu.trouter.teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 1421 CNAME trouter-atm-pub-ent-emea.trafficmanager.net. 7 CNAME pub-ent-euwe-07-t.trouter.teams.microsoft.com. 2072 CNAME partition-cname-trouter.pub-ent-euwe-07.ic3-edf-trouter.westeurope-prod.cosmic.office.net. 9 CNAME cosmic-westeurope-ns-b80c4716b71c.traffic" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "go-eu.trouter.teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.61", + "port": 57103 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu.recent.svc.cloud.microsoft", + "registered_domain": "cloud.microsoft", + "subdomain": "eu.recent.svc", + "top_level_domain": "microsoft", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#57103: query: eu.recent.svc.cloud.microsoft IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu.recent.svc.cloud.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.61", + "port": 57103 + }, + "dns": { + "answers": [ + { + "data": "eudb.ocws1.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "recent-prod-weightedww.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "atm.office.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "198.51.100.241", + "type": "A" + }, + { + "data": "198.51.100.237", + "type": "A" + }, + { + "data": "198.51.100.239", + "type": "A" + }, + { + "data": "198.51.100.240", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu.recent.svc.cloud.microsoft.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eudb.ocws1.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "recent-prod-weightedww.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "atm.office.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "198.51.100.241", + "type": "A" + }, + { + "data": "198.51.100.237", + "type": "A" + }, + { + "data": "198.51.100.239", + "type": "A" + }, + { + "data": "198.51.100.240", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#57103 (eu.recent.svc.cloud.microsoft.): answer: eu.recent.svc.cloud.microsoft. IN A (10.100.0.1) -> NOERROR 337 CNAME eudb.ocws1.live.com.akadns.net. 49 CNAME recent-prod-weightedww.trafficmanager.net. 30 CNAME atm.office.mira.tm.svc.cloud.microsoft. 9 A 198.51.100.241 9 A 198.51.100.237 9 A 198.51.100.239 9 A 198.51.100.240 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu.recent.svc.cloud.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.1", + "port": 48515 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.35.in-addr.arpa", + "registered_domain": "35.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.1#48515: query: 198.51.100.35.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.35.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.1", + "port": 48515 + }, + "dns": { + "answers": [ + { + "data": "host055.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.35.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host055.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.1#48515 (198.51.100.35.in-addr.arpa.): answer: 198.51.100.35.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host055.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.35.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.30", + "port": 54545 + }, + "dns": { + "question": { + "class": "IN", + "name": "js.monitor.azure.com", + "registered_domain": "azure.com", + "subdomain": "js.monitor", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.30#54545: query: js.monitor.azure.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "js.monitor.azure.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.30", + "port": 54545 + }, + "dns": { + "answers": [ + { + "data": "aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-z01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "js.monitor.azure.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-z01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.30#54545 (js.monitor.azure.com.): answer: js.monitor.azure.com. IN A (10.100.0.1) -> NOERROR 21 CNAME aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net. 44 CNAME mr-z01.tm-azurefd.net. 40 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.211 35 A 198.51.100.210 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "js.monitor.azure.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.30", + "port": 56147 + }, + "dns": { + "question": { + "class": "IN", + "name": "js.monitor.azure.com", + "registered_domain": "azure.com", + "subdomain": "js.monitor", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.30#56147: query: js.monitor.azure.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "js.monitor.azure.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.30", + "port": 56147 + }, + "dns": { + "answers": [ + { + "data": "aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "js.monitor.azure.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.30#56147 (js.monitor.azure.com.): answer: js.monitor.azure.com. IN TYPE65 (10.100.0.1) -> NOERROR 52 CNAME aijscdn2-bwfdfxezdubebtb0.z01.azurefd.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "js.monitor.azure.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.63", + "port": 56741 + }, + "dns": { + "question": { + "class": "IN", + "name": "geover.prod.do.dsp.mp.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "geover.prod.do.dsp.mp", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.63#56741: query: geover.prod.do.dsp.mp.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "geover.prod.do.dsp.mp.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.63", + "port": 56741 + }, + "dns": { + "answers": [ + { + "data": "geover.prod.do.dsp.mp.microsoft.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e10370.d.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.182", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "geover.prod.do.dsp.mp.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "geover.prod.do.dsp.mp.microsoft.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e10370.d.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.182", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.63#56741 (geover.prod.do.dsp.mp.microsoft.com.): answer: geover.prod.do.dsp.mp.microsoft.com. IN A (10.100.0.1) -> NOERROR 3565 CNAME geover.prod.do.dsp.mp.microsoft.com.edgekey.net. 5363 CNAME e10370.d.akamaiedge.net. 20 A 198.51.100.182 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "geover.prod.do.dsp.mp.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.7", + "port": 51716 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.7#51716: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.7", + "port": 51716 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.7#51716 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 53510 + }, + "dns": { + "question": { + "class": "IN", + "name": "api-emea.flightproxy.teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "api-emea.flightproxy.teams", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#53510: query: api-emea.flightproxy.teams.microsoft.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api-emea.flightproxy.teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.223", + "port": 51443 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#51443: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.223", + "port": 51443 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#51443 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.223", + "port": 51443 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#51443: query: eu-v20.events.endpoint.security.microsoft.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.223", + "port": 51443 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.223#51443 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.31", + "port": 49738 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edge", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#49738: query: edge.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.31", + "port": 49738 + }, + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "edge.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#49738 (edge.microsoft.com.): answer: edge.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.77", + "port": 53488 + }, + "dns": { + "question": { + "class": "IN", + "name": "host019.example.net", + "registered_domain": "example.net", + "subdomain": "host019", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.77#53488: query: host019.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host019.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.77", + "port": 53488 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.8", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host019.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.8", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.77#53488 (host019.example.net.): answer: host019.example.net. IN A (10.100.0.1) -> NOERROR 180 A 10.1.1.8 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host019.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.31", + "port": 62995 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edge", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#62995: query: edge.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.31", + "port": 62995 + }, + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + }, + { + "data": "ax-0002.ax-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.3", + "type": "A" + }, + { + "data": "198.51.100.4", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edge.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + }, + { + "data": "ax-0002.ax-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.3", + "type": "A" + }, + { + "data": "198.51.100.4", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#62995 (edge.microsoft.com.): answer: edge.microsoft.com. IN A (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. 80 CNAME ax-0002.ax-dc-msedge.net. 5 A 198.51.100.3 5 A 198.51.100.4 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.145", + "port": 58032 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.145#58032: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.145", + "port": 58032 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.145#58032 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.41", + "port": 56120 + }, + "dns": { + "question": { + "class": "IN", + "name": "v10.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "v10.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.41#56120: query: v10.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v10.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.41", + "port": 56120 + }, + "dns": { + "answers": [ + { + "data": "win-global-asimov-leafs-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdeus11.eastus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.154", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "v10.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "win-global-asimov-leafs-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdeus11.eastus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.154", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.41#56120 (v10.events.data.microsoft.com.): answer: v10.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 22 CNAME win-global-asimov-leafs-events-data.trafficmanager.net. 6 CNAME onedscolprdeus11.eastus.cloudapp.azure.com. 5 A 198.51.100.154 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v10.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.27", + "port": 58099 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.27#58099: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.27", + "port": 58099 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.27#58099 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.77", + "port": 55627 + }, + "dns": { + "question": { + "class": "IN", + "name": "host022.host022.example.net", + "registered_domain": "example.net", + "subdomain": "host022.host022", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.77#55627: query: host022.host022.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host022.host022.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.77", + "port": 55627 + }, + "dns": { + "question": { + "class": "IN", + "name": "host023.host023.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.77#55627 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host023.host023.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 53510 + }, + "dns": { + "answers": [ + { + "data": "flightproxy-emea-teams.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ep-frce-02-prod-aks.flightproxy.teams.microsoft.com.", + "type": "CNAME" + }, + { + "data": "epx.frce-02.ic3-calling-enterpriseproxy.francecentral-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-francecentral-ns-9ecb4f", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "api-emea.flightproxy.teams.microsoft.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "flightproxy-emea-teams.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ep-frce-02-prod-aks.flightproxy.teams.microsoft.com.", + "type": "CNAME" + }, + { + "data": "epx.frce-02.ic3-calling-enterpriseproxy.francecentral-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-francecentral-ns-9ecb4f", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#53510 (api-emea.flightproxy.teams.microsoft.com.): answer: api-emea.flightproxy.teams.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 43017 CNAME flightproxy-emea-teams.trafficmanager.net. 19 CNAME ep-frce-02-prod-aks.flightproxy.teams.microsoft.com. 10202 CNAME epx.frce-02.ic3-calling-enterpriseproxy.francecentral-prod.cosmic.office.net. 4 CNAME cosmic-francecentral-ns-9ecb4f" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api-emea.flightproxy.teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.214", + "port": 62206 + }, + "dns": { + "question": { + "class": "IN", + "name": "testorg.service-now.com", + "registered_domain": "service-now.com", + "subdomain": "testorg", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.214#62206: query: testorg.service-now.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.service-now.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.214", + "port": 62206 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "testorg.service-now.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.214#62206 (testorg.service-now.com.): answer: testorg.service-now.com. IN A (10.100.0.1) -> NOERROR 1 A 198.51.100.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.service-now.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.67", + "port": 52009 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.67#52009: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.67", + "port": 52009 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.67#52009 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 50858 + }, + "dns": { + "question": { + "class": "IN", + "name": "host057.host057.host057.host057.host057.host057.example.net", + "registered_domain": "example.net", + "subdomain": "host057.host057.host057.host057.host057.host057", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50858: query: host057.host057.host057.host057.host057.host057.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host057.host057.host057.host057.host057.host057.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 50731 + }, + "dns": { + "question": { + "class": "IN", + "name": "host058.host058.host058.host058.host058.host058.example.net", + "registered_domain": "example.net", + "subdomain": "host058.host058.host058.host058.host058.host058", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50731: query: host058.host058.host058.host058.host058.host058.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host058.host058.host058.host058.host058.host058.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 56071 + }, + "dns": { + "question": { + "class": "IN", + "name": "host057.host057.host057.host057.host057.host057.example.net", + "registered_domain": "example.net", + "subdomain": "host057.host057.host057.host057.host057.host057", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#56071: query: host057.host057.host057.host057.host057.host057.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host057.host057.host057.host057.host057.host057.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 50858 + }, + "dns": { + "answers": [ + { + "data": "0 100 88 host034.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host059.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host005.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host060.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host061.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 dc5.example.ne", + "type": "SRV" + } + ], + "question": { + "class": "IN", + "name": "_kerberos._tcp.Centrum-Locatie._sites.dc._msdcs.EXAMPLE.NET.", + "type": "SRV" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "0 100 88 host034.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host059.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host005.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host060.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host061.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 dc5.example.ne", + "type": "SRV" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50858 (_kerberos._tcp.Centrum-Locatie._sites.dc._msdcs.EXAMPLE.NET.): answer: _kerberos._tcp.Centrum-Locatie._sites.dc._msdcs.EXAMPLE.NET. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 88 host034.example.net. 600 SRV 0 100 88 host059.example.net. 600 SRV 0 100 88 host005.example.net. 600 SRV 0 100 88 host060.example.net. 600 SRV 0 100 88 host061.example.net. 600 SRV 0 100 88 dc5.example.ne" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "_kerberos._tcp.Centrum-Locatie._sites.dc._msdcs.EXAMPLE.NET." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 50731 + }, + "dns": { + "answers": [ + { + "data": "0 100 389 host063.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host059.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host060.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host061.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host034.example.net.", + "type": "SRV" + } + ], + "question": { + "class": "IN", + "name": "host062.host062.host062.host062.host062.host062.example.net.", + "type": "SRV" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "0 100 389 host063.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host059.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host060.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host061.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host034.example.net.", + "type": "SRV" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50731 (host062.host062.host062.host062.host062.host062.example.net.): answer: host062.host062.host062.host062.host062.host062.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host063.example.net. 600 SRV 0 100 389 host059.example.net. 600 SRV 0 100 389 host060.example.net. 600 SRV 0 100 389 host005.example.net. 600 SRV 0 100 389 host061.example.net. 600 SRV 0 100 389 host034.example.net." + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host062.host062.host062.host062.host062.host062.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 56071 + }, + "dns": { + "answers": [ + { + "data": "0 100 88 host060.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host005.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host063.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host034.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host059.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 dc4.example.ne", + "type": "SRV" + } + ], + "question": { + "class": "IN", + "name": "host064.host064.host064.host064.host064.host064.example.net.", + "type": "SRV" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "0 100 88 host060.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host005.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host063.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host034.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 host059.example.net.", + "type": "SRV" + }, + { + "data": "0 100 88 dc4.example.ne", + "type": "SRV" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#56071 (host064.host064.host064.host064.host064.host064.example.net.): answer: host064.host064.host064.host064.host064.host064.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 88 host060.example.net. 600 SRV 0 100 88 host005.example.net. 600 SRV 0 100 88 host063.example.net. 600 SRV 0 100 88 host034.example.net. 600 SRV 0 100 88 host059.example.net. 600 SRV 0 100 88 dc4.example.ne" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host064.host064.host064.host064.host064.host064.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 3264 + }, + "dns": { + "question": { + "class": "IN", + "name": "go-eu.trouter.teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "go-eu.trouter.teams", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#3264: query: go-eu.trouter.teams.microsoft.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "go-eu.trouter.teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 3264 + }, + "dns": { + "answers": [ + { + "data": "trouter-atm-pub-ent-emea.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pub-ent-euwe-07-t.trouter.teams.microsoft.com.", + "type": "CNAME" + }, + { + "data": "partition-cname-trouter.pub-ent-euwe-07.ic3-edf-trouter.westeurope-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-westeurope-ns-b80c4716b71c.traff", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "go-eu.trouter.teams.microsoft.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "trouter-atm-pub-ent-emea.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pub-ent-euwe-07-t.trouter.teams.microsoft.com.", + "type": "CNAME" + }, + { + "data": "partition-cname-trouter.pub-ent-euwe-07.ic3-edf-trouter.westeurope-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-westeurope-ns-b80c4716b71c.traff", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#3264 (go-eu.trouter.teams.microsoft.com.): answer: go-eu.trouter.teams.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 1421 CNAME trouter-atm-pub-ent-emea.trafficmanager.net. 7 CNAME pub-ent-euwe-07-t.trouter.teams.microsoft.com. 2072 CNAME partition-cname-trouter.pub-ent-euwe-07.ic3-edf-trouter.westeurope-prod.cosmic.office.net. 9 CNAME cosmic-westeurope-ns-b80c4716b71c.traff" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "go-eu.trouter.teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.40", + "port": 58484 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.40#58484: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.40", + "port": 58484 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.40#58484 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.40", + "port": 55140 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.40#55140: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.40", + "port": 55140 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.40#55140 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.128", + "port": 60586 + }, + "dns": { + "question": { + "class": "IN", + "name": "wise-m.public.cdn.office.net", + "registered_domain": "office.net", + "subdomain": "wise-m.public.cdn", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.128#60586: query: wise-m.public.cdn.office.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wise-m.public.cdn.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.128", + "port": 60586 + }, + "dns": { + "answers": [ + { + "data": "res-prod.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.cdn.office.net.", + "type": "CNAME" + }, + { + "data": "res-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a726.dscd.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "wise-m.public.cdn.office.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "res-prod.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.cdn.office.net.", + "type": "CNAME" + }, + { + "data": "res-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a726.dscd.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.128#60586 (wise-m.public.cdn.office.net.): answer: wise-m.public.cdn.office.net. IN TYPE65 (10.100.0.1) -> NOERROR 172 CNAME res-prod.trafficmanager.net. 103 CNAME res-1.cdn.office.net. 96 CNAME res-stls-prod.edgesuite.net. 221 CNAME a726.dscd.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wise-m.public.cdn.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.25", + "port": 58988 + }, + "dns": { + "question": { + "class": "IN", + "name": "cmp.nu.nl", + "registered_domain": "nu.nl", + "subdomain": "cmp", + "top_level_domain": "nl", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.25#58988: query: cmp.nu.nl IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cmp.nu.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.25", + "port": 58988 + }, + "dns": { + "answers": [ + { + "data": "cdn-1294-2.privacy-mgmt.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "cmp.nu.nl.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cdn-1294-2.privacy-mgmt.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.25#58988 (cmp.nu.nl.): answer: cmp.nu.nl. IN A (10.100.0.1) -> NXDOMAIN 211 CNAME cdn-1294-2.privacy-mgmt.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cmp.nu.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.128", + "port": 57141 + }, + "dns": { + "question": { + "class": "IN", + "name": "wise-m.public.cdn.office.net", + "registered_domain": "office.net", + "subdomain": "wise-m.public.cdn", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.128#57141: query: wise-m.public.cdn.office.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wise-m.public.cdn.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.128", + "port": 57141 + }, + "dns": { + "answers": [ + { + "data": "res-prod.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.cdn.office.net.", + "type": "CNAME" + }, + { + "data": "res-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a726.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.68", + "type": "A" + }, + { + "data": "198.51.100.65", + "type": "A" + }, + { + "data": "198.51.100.75", + "type": "A" + }, + { + "data": "198.51.100.71", + "type": "A" + }, + { + "data": "198.51.100.73", + "type": "A" + }, + { + "data": "198.51.100.70", + "type": "A" + }, + { + "data": "198.51.100.67", + "type": "A" + }, + { + "data": "198.51.100.59", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "wise-m.public.cdn.office.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "res-prod.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.cdn.office.net.", + "type": "CNAME" + }, + { + "data": "res-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a726.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.68", + "type": "A" + }, + { + "data": "198.51.100.65", + "type": "A" + }, + { + "data": "198.51.100.75", + "type": "A" + }, + { + "data": "198.51.100.71", + "type": "A" + }, + { + "data": "198.51.100.73", + "type": "A" + }, + { + "data": "198.51.100.70", + "type": "A" + }, + { + "data": "198.51.100.67", + "type": "A" + }, + { + "data": "198.51.100.59", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.128#57141 (wise-m.public.cdn.office.net.): answer: wise-m.public.cdn.office.net. IN A (10.100.0.1) -> NOERROR 171 CNAME res-prod.trafficmanager.net. 102 CNAME res-1.cdn.office.net. 95 CNAME res-stls-prod.edgesuite.net. 220 CNAME a726.dscd.akamai.net. 9 A 198.51.100.68 9 A 198.51.100.65 9 A 198.51.100.75 9 A 198.51.100.71 9 A 198.51.100.73 9 A 198.51.100.70 9 A 198.51.100.67 9 A 198.51.100.59" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wise-m.public.cdn.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.53", + "port": 55065 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.53#55065: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.53", + "port": 55065 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.53#55065 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.93", + "port": 57169 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.93#57169: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.93", + "port": 57169 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.93#57169 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.106", + "port": 56240 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.106#56240: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.106", + "port": 50850 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.106#50850: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.106", + "port": 56240 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.106#56240 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.106", + "port": 50850 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.106#50850 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 31030 + }, + "dns": { + "question": { + "class": "IN", + "name": "emea.cc.skype.com", + "registered_domain": "skype.com", + "subdomain": "emea.cc", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#31030: query: emea.cc.skype.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "emea.cc.skype.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.148", + "port": 53010 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.zorgdoc.nl", + "registered_domain": "zorgdoc.nl", + "subdomain": "www", + "top_level_domain": "nl", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#53010: query: www.zorgdoc.nl IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.zorgdoc.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.148", + "port": 53010 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.205", + "type": "A" + }, + { + "data": "198.51.100.206", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.zorgdoc.nl.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.205", + "type": "A" + }, + { + "data": "198.51.100.206", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#53010 (www.zorgdoc.nl.): answer: www.zorgdoc.nl. IN A (10.100.0.1) -> NOERROR 23 A 198.51.100.205 23 A 198.51.100.206 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.zorgdoc.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.148", + "port": 55250 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.zorgdoc.nl", + "registered_domain": "zorgdoc.nl", + "subdomain": "www", + "top_level_domain": "nl", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#55250: query: www.zorgdoc.nl IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.zorgdoc.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.148", + "port": 55250 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.206", + "type": "A" + }, + { + "data": "198.51.100.205", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.zorgdoc.nl.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.206", + "type": "A" + }, + { + "data": "198.51.100.205", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#55250 (www.zorgdoc.nl.): answer: www.zorgdoc.nl. IN A (10.100.0.1) -> NOERROR 23 A 198.51.100.206 23 A 198.51.100.205 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.zorgdoc.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.48", + "port": 53231 + }, + "dns": { + "question": { + "class": "IN", + "name": "f58cbbd478574eb99f3a5435625ea88f.fp.measure.office.com", + "registered_domain": "office.com", + "subdomain": "f58cbbd478574eb99f3a5435625ea88f.fp.measure", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.48#53231: query: f58cbbd478574eb99f3a5435625ea88f.fp.measure.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "f58cbbd478574eb99f3a5435625ea88f.fp.measure.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.148", + "port": 51520 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.zorgdoc.nl", + "registered_domain": "zorgdoc.nl", + "subdomain": "www", + "top_level_domain": "nl", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#51520: query: www.zorgdoc.nl IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.zorgdoc.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.115", + "port": 54066 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.115#54066: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.115", + "port": 54066 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.115#54066 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 55442 + }, + "dns": { + "question": { + "class": "IN", + "name": "host033.example.net", + "registered_domain": "example.net", + "subdomain": "host033", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55442: query: host033.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host033.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 55442 + }, + "dns": { + "question": { + "class": "IN", + "name": "host033.example.net", + "registered_domain": "example.net", + "subdomain": "host033", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55442: query: host033.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host033.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 55442 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.240", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host033.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.240", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55442 (host033.example.net.): answer: host033.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.240 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host033.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 55442 + }, + "dns": { + "question": { + "class": "IN", + "name": "host033.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#55442 (host033.example.net.): answer: host033.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host033.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.148", + "port": 65503 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.zorgdoc.nl", + "registered_domain": "zorgdoc.nl", + "subdomain": "www", + "top_level_domain": "nl", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#65503: query: www.zorgdoc.nl IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.zorgdoc.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.148", + "port": 65503 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.206", + "type": "A" + }, + { + "data": "198.51.100.205", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.zorgdoc.nl.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.206", + "type": "A" + }, + { + "data": "198.51.100.205", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#65503 (www.zorgdoc.nl.): answer: www.zorgdoc.nl. IN A (10.100.0.1) -> NOERROR 23 A 198.51.100.206 23 A 198.51.100.205 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.zorgdoc.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 22708 + }, + "dns": { + "question": { + "class": "IN", + "name": "emea.cc.skype.com", + "registered_domain": "skype.com", + "subdomain": "emea.cc", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#22708: query: emea.cc.skype.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "emea.cc.skype.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 22708 + }, + "dns": { + "answers": [ + { + "data": "cc-emea-skype.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "cc-euno-03-prod-aks.cc.skype.com.", + "type": "CNAME" + }, + { + "data": "callcontroller.euno-03.ic3-calling-callcontroller.northeurope-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-northeurope-ns-896c43260b21.trafficmanager.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "emea.cc.skype.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cc-emea-skype.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "cc-euno-03-prod-aks.cc.skype.com.", + "type": "CNAME" + }, + { + "data": "callcontroller.euno-03.ic3-calling-callcontroller.northeurope-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-northeurope-ns-896c43260b21.trafficmanager.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#22708 (emea.cc.skype.com.): answer: emea.cc.skype.com. IN AAAA (10.100.0.1) -> NOERROR 70345 CNAME cc-emea-skype.trafficmanager.net. 1 CNAME cc-euno-03-prod-aks.cc.skype.com. 775 CNAME callcontroller.euno-03.ic3-calling-callcontroller.northeurope-prod.cosmic.office.net. 2 CNAME cosmic-northeurope-ns-896c43260b21.trafficmanager.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "emea.cc.skype.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.209", + "port": 53657 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.209#53657: query: example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.209", + "port": 53657 + }, + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "question": { + "class": "IN", + "name": "example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.209#53657 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 50998 + }, + "dns": { + "question": { + "class": "IN", + "name": "host035.example.net", + "registered_domain": "example.net", + "subdomain": "host035", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50998: query: host035.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host035.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 50998 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.241", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host035.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.241", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50998 (host035.example.net.): answer: host035.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.241 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host035.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 50998 + }, + "dns": { + "question": { + "class": "IN", + "name": "host035.example.net", + "registered_domain": "example.net", + "subdomain": "host035", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50998: query: host035.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host035.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.21", + "port": 50998 + }, + "dns": { + "question": { + "class": "IN", + "name": "host035.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.21#50998 (host035.example.net.): answer: host035.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host035.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.206", + "port": 49233 + }, + "dns": { + "question": { + "class": "IN", + "name": "mdav.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "mdav.eu.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.206#49233: query: mdav.eu.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mdav.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.206", + "port": 49233 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-atm-epp-eu.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip0.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.157", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mdav.eu.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-atm-epp-eu.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip0.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.157", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.206#49233 (mdav.eu.endpoint.security.microsoft.com.): answer: mdav.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 106 CNAME md-prod-simcon-atm-epp-eu.trafficmanager.net. 269 CNAME md-prod-simcon-ip0.westeurope.cloudapp.azure.com. 1 A 198.51.100.157 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mdav.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 50858 + }, + "dns": { + "question": { + "class": "IN", + "name": "host005.example.net", + "registered_domain": "example.net", + "subdomain": "host005", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50858: query: host005.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host005.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 50858 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.228", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host005.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.228", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50858 (host005.example.net.): answer: host005.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.228 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host005.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 56071 + }, + "dns": { + "question": { + "class": "IN", + "name": "host034.example.net", + "registered_domain": "example.net", + "subdomain": "host034", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#56071: query: host034.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host034.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 56071 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host034.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#56071 (host034.example.net.): answer: host034.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host034.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.138", + "port": 31030 + }, + "dns": { + "answers": [ + { + "data": "cc-emea-skype.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "cc-euno-03-prod-aks.cc.skype.com.", + "type": "CNAME" + }, + { + "data": "callcontroller.euno-03.ic3-calling-callcontroller.northeurope-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-northeurope-ns-896c43260b21.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.254", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "emea.cc.skype.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cc-emea-skype.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "cc-euno-03-prod-aks.cc.skype.com.", + "type": "CNAME" + }, + { + "data": "callcontroller.euno-03.ic3-calling-callcontroller.northeurope-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-northeurope-ns-896c43260b21.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.254", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.138#31030 (emea.cc.skype.com.): answer: emea.cc.skype.com. IN A (10.100.0.1) -> NOERROR 70345 CNAME cc-emea-skype.trafficmanager.net. 1 CNAME cc-euno-03-prod-aks.cc.skype.com. 775 CNAME callcontroller.euno-03.ic3-calling-callcontroller.northeurope-prod.cosmic.office.net. 2 CNAME cosmic-northeurope-ns-896c43260b21.trafficmanager.net. 10 A 198.51.100.254 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "emea.cc.skype.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.168", + "port": 53265 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.168#53265: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.168", + "port": 53265 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.168#53265 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.10", + "port": 58615 + }, + "dns": { + "question": { + "class": "IN", + "name": "host029.host029.example.net", + "registered_domain": "example.net", + "subdomain": "host029.host029", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.10#58615: query: host029.host029.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host029.host029.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.10", + "port": 58615 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.29", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host029.host029.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.29", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.10#58615 (host029.host029.example.net.): answer: host029.host029.example.net. IN A (10.100.0.1) -> NOERROR 0 A 10.1.1.29 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host029.host029.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.148", + "port": 51520 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.zorgdoc.nl.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.148#51520 (www.zorgdoc.nl.): answer: www.zorgdoc.nl. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.zorgdoc.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.63", + "port": 61608 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.63#61608: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.63", + "port": 61608 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.63#61608 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.48", + "port": 53231 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.8", + "type": "A" + }, + { + "data": "198.51.100.217", + "type": "A" + }, + { + "data": "198.51.100.219", + "type": "A" + }, + { + "data": "198.51.100.221", + "type": "A" + }, + { + "data": "198.51.100.220", + "type": "A" + }, + { + "data": "198.51.100.9", + "type": "A" + }, + { + "data": "198.51.100.222", + "type": "A" + }, + { + "data": "198.51.100.7", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "f58cbbd478574eb99f3a5435625ea88f.fp.measure.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.8", + "type": "A" + }, + { + "data": "198.51.100.217", + "type": "A" + }, + { + "data": "198.51.100.219", + "type": "A" + }, + { + "data": "198.51.100.221", + "type": "A" + }, + { + "data": "198.51.100.220", + "type": "A" + }, + { + "data": "198.51.100.9", + "type": "A" + }, + { + "data": "198.51.100.222", + "type": "A" + }, + { + "data": "198.51.100.7", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.48#53231 (f58cbbd478574eb99f3a5435625ea88f.fp.measure.office.com.): answer: f58cbbd478574eb99f3a5435625ea88f.fp.measure.office.com. IN A (10.100.0.1) -> NOERROR 10 A 198.51.100.8 10 A 198.51.100.217 10 A 198.51.100.219 10 A 198.51.100.221 10 A 198.51.100.220 10 A 198.51.100.9 10 A 198.51.100.222 10 A 198.51.100.7 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "f58cbbd478574eb99f3a5435625ea88f.fp.measure.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.145", + "port": 58539 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.145#58539: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 58080 + }, + "dns": { + "question": { + "class": "IN", + "name": "host046.host046.example.net", + "registered_domain": "example.net", + "subdomain": "host046.host046", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58080: query: host046.host046.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host046.host046.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.145", + "port": 58539 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.145#58539 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 58080 + }, + "dns": { + "question": { + "class": "IN", + "name": "host047.host047.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58080 (host047.host047.example.net.): answer: host047.host047.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host047.host047.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.166", + "port": 59261 + }, + "dns": { + "question": { + "class": "IN", + "name": "ecs.office.com", + "registered_domain": "office.com", + "subdomain": "ecs", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.166#59261: query: ecs.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ecs.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.166", + "port": 59261 + }, + "dns": { + "answers": [ + { + "data": "ecs.office.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "dual-s-0005-office.config.skype.com.", + "type": "CNAME" + }, + { + "data": "ecs-office.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.252", + "type": "A" + }, + { + "data": "198.51.100.251", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ecs.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ecs.office.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "dual-s-0005-office.config.skype.com.", + "type": "CNAME" + }, + { + "data": "ecs-office.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.252", + "type": "A" + }, + { + "data": "198.51.100.251", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.166#59261 (ecs.office.com.): answer: ecs.office.com. IN A (10.100.0.1) -> NOERROR 78 CNAME ecs.office.trafficmanager.net. 7 CNAME dual-s-0005-office.config.skype.com. 8549 CNAME ecs-office.s-0005.dual-s-msedge.net. 40 CNAME s-0005.dual-s-msedge.net. 25 A 198.51.100.252 25 A 198.51.100.251 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ecs.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 58046 + }, + "dns": { + "question": { + "class": "IN", + "name": "host048.example.net", + "registered_domain": "example.net", + "subdomain": "host048", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58046: query: host048.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host048.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 58046 + }, + "dns": { + "question": { + "class": "IN", + "name": "host049.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58046 (host049.example.net.): answer: host049.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host049.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.153", + "port": 51183 + }, + "dns": { + "question": { + "class": "IN", + "name": "host065.host065.host065.example.net", + "registered_domain": "example.net", + "subdomain": "host065.host065.host065", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.153#51183: query: host065.host065.host065.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host065.host065.host065.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.153", + "port": 51183 + }, + "dns": { + "question": { + "class": "IN", + "name": "host065.host065.host065.example.net.", + "type": "SRV" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.153#51183 (host065.host065.host065.example.net.): answer: host065.host065.host065.example.net. IN SRV (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host065.host065.host065.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 58556 + }, + "dns": { + "question": { + "class": "IN", + "name": "host200.internal.net", + "registered_domain": "internal.net", + "subdomain": "host200", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58556: query: host200.internal.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host200.internal.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.66", + "port": 58556 + }, + "dns": { + "question": { + "class": "IN", + "name": "host200.internal.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.66#58556 (host200.internal.net.): answer: host200.internal.net. IN A (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host200.internal.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.109", + "port": 47787 + }, + "dns": { + "question": { + "class": "IN", + "name": "v2.api.relayrobotics.com", + "registered_domain": "relayrobotics.com", + "subdomain": "v2.api", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.109#47787: query: v2.api.relayrobotics.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v2.api.relayrobotics.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.109", + "port": 47787 + }, + "dns": { + "answers": [ + { + "data": "ghs.googlehosted.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.237", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "v2.api.relayrobotics.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ghs.googlehosted.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.237", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.109#47787 (v2.api.relayrobotics.com.): answer: v2.api.relayrobotics.com. IN A (10.100.0.1) -> NOERROR 85 CNAME ghs.googlehosted.com. 38 A 198.51.100.237 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v2.api.relayrobotics.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.102", + "port": 57705 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.17.in-addr.arpa", + "registered_domain": "17.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.102#57705: query: 198.51.100.17.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.17.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.102", + "port": 57705 + }, + "dns": { + "answers": [ + { + "data": "host066.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.17.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host066.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.102#57705 (198.51.100.17.in-addr.arpa.): answer: 198.51.100.17.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 600 PTR host066.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.17.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.249", + "port": 47132 + }, + "dns": { + "question": { + "class": "IN", + "name": "host067.example.net", + "registered_domain": "example.net", + "subdomain": "host067", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#47132: query: host067.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host067.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.249", + "port": 51746 + }, + "dns": { + "question": { + "class": "IN", + "name": "host068.example.net", + "registered_domain": "example.net", + "subdomain": "host068", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#51746: query: host068.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host068.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.249", + "port": 18582 + }, + "dns": { + "question": { + "class": "IN", + "name": "host067.example.net", + "registered_domain": "example.net", + "subdomain": "host067", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#18582: query: host067.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host067.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.249", + "port": 33065 + }, + "dns": { + "question": { + "class": "IN", + "name": "host068.example.net", + "registered_domain": "example.net", + "subdomain": "host068", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#33065: query: host068.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host068.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.249", + "port": 47132 + }, + "dns": { + "question": { + "class": "IN", + "name": "host067.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#47132 (host067.example.net.): answer: host067.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host067.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.249", + "port": 51746 + }, + "dns": { + "question": { + "class": "IN", + "name": "host068.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#51746 (host068.example.net.): answer: host068.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host068.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.249", + "port": 33065 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.248", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host068.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.248", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#33065 (host068.example.net.): answer: host068.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.248 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host068.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.249", + "port": 18582 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.247", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host067.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.247", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.249#18582 (host067.example.net.): answer: host067.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.247 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host067.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.147", + "port": 61653 + }, + "dns": { + "question": { + "class": "IN", + "name": "substrate.office.com", + "registered_domain": "office.com", + "subdomain": "substrate", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.147#61653: query: substrate.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.147", + "port": 61653 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "substrate.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.147#61653 (substrate.office.com.): answer: substrate.office.com. IN A (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.218 7 A 198.51.100.6 7 A 198.51.100.11 7 A 198.51.100.10 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.31", + "port": 59583 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.31#59583: query: graph.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.31", + "port": 59583 + }, + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "graph.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.31#59583 (graph.microsoft.com.): answer: graph.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1054 CNAME ags.privatelink.msidentity.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.31", + "port": 58527 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.31#58527: query: graph.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.31", + "port": 58527 + }, + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + }, + { + "data": "198.51.100.141", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + }, + { + "data": "198.51.100.141", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.31#58527 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.210 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 122 A 198.51.100.141 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.147", + "port": 53202 + }, + "dns": { + "question": { + "class": "IN", + "name": "substrate.office.com", + "registered_domain": "office.com", + "subdomain": "substrate", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.147#53202: query: substrate.office.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.147", + "port": 53202 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "substrate.office.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.147#53202 (substrate.office.com.): answer: substrate.office.com. IN TYPE65 (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.192", + "port": 42720 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.192#42720: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.192", + "port": 42720 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.192#42720: query: edr-weu.eu.endpoint.security.microsoft.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.192", + "port": 42720 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.192#42720 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.192", + "port": 42720 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.192#42720 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 177 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.187", + "port": 60631 + }, + "dns": { + "question": { + "class": "IN", + "name": "ams-efz.ms-acdc.office.com", + "registered_domain": "office.com", + "subdomain": "ams-efz.ms-acdc", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#60631: query: ams-efz.ms-acdc.office.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ams-efz.ms-acdc.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.187", + "port": 60631 + }, + "dns": { + "question": { + "class": "IN", + "name": "ams-efz.ms-acdc.office.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#60631 (ams-efz.ms-acdc.office.com.): answer: ams-efz.ms-acdc.office.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ams-efz.ms-acdc.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.187", + "port": 55919 + }, + "dns": { + "question": { + "class": "IN", + "name": "iphone-ld.v.aaplimg.com", + "registered_domain": "aaplimg.com", + "subdomain": "iphone-ld.v", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#55919: query: iphone-ld.v.aaplimg.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "iphone-ld.v.aaplimg.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.187", + "port": 55919 + }, + "dns": { + "question": { + "class": "IN", + "name": "iphone-ld.v.aaplimg.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.187#55919 (iphone-ld.v.aaplimg.com.): answer: iphone-ld.v.aaplimg.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "iphone-ld.v.aaplimg.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.81", + "port": 57911 + }, + "dns": { + "question": { + "class": "IN", + "name": "outlook.office365.com", + "registered_domain": "office365.com", + "subdomain": "outlook", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.81#57911: query: outlook.office365.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office365.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.81", + "port": 57911 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "outlook.office365.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.81#57911 (outlook.office365.com.): answer: outlook.office365.com. IN A (10.100.0.1) -> NOERROR 220 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.218 7 A 198.51.100.6 7 A 198.51.100.10 7 A 198.51.100.11 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office365.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.137", + "port": 32109 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.acm.org", + "registered_domain": "acm.org", + "subdomain": "www", + "top_level_domain": "org", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#32109: query: www.acm.org IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.acm.org" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.137", + "port": 32109 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.202", + "type": "A" + }, + { + "data": "198.51.100.203", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.acm.org.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.202", + "type": "A" + }, + { + "data": "198.51.100.203", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#32109 (www.acm.org.): answer: www.acm.org. IN A (10.100.0.1) -> NOERROR 0 A 198.51.100.202 0 A 198.51.100.203 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.acm.org." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.248", + "port": 59653 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.38.in-addr.arpa", + "registered_domain": "38.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.248#59653: query: 198.51.100.38.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.38.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.248", + "port": 59653 + }, + "dns": { + "answers": [ + { + "data": "host069.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.38.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host069.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.248#59653 (198.51.100.38.in-addr.arpa.): answer: 198.51.100.38.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host069.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.38.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.129", + "port": 65483 + }, + "dns": { + "question": { + "class": "IN", + "name": "officeclient.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "officeclient", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.129#65483: query: officeclient.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "officeclient.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.129", + "port": 65483 + }, + "dns": { + "answers": [ + { + "data": "config.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "prod.configsvc1.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "europe.configsvc1.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "config-prod-weightedww.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "atm.office.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "198.51.100.239", + "type": "A" + }, + { + "data": "198.51.100.240", + "type": "A" + }, + { + "data": "52", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "officeclient.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "config.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "prod.configsvc1.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "europe.configsvc1.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "config-prod-weightedww.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "atm.office.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "198.51.100.239", + "type": "A" + }, + { + "data": "198.51.100.240", + "type": "A" + }, + { + "data": "52", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.129#65483 (officeclient.microsoft.com.): answer: officeclient.microsoft.com. IN A (10.100.0.1) -> NOERROR 858 CNAME config.officeapps.live.com. 903 CNAME prod.configsvc1.live.com.akadns.net. 11 CNAME europe.configsvc1.live.com.akadns.net. 249 CNAME config-prod-weightedww.trafficmanager.net. 54 CNAME atm.office.mira.tm.svc.cloud.microsoft. 9 A 198.51.100.239 9 A 198.51.100.240 9 A 52" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "officeclient.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.247", + "port": 16032 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.38.in-addr.arpa", + "registered_domain": "38.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.247#16032: query: 198.51.100.38.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.38.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.247", + "port": 16032 + }, + "dns": { + "answers": [ + { + "data": "host069.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.38.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host069.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.247#16032 (198.51.100.38.in-addr.arpa.): answer: 198.51.100.38.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host069.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.38.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.119", + "port": 64021 + }, + "dns": { + "question": { + "class": "IN", + "name": "exo.nel.measure.office.net", + "registered_domain": "office.net", + "subdomain": "exo.nel.measure", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.119#64021: query: exo.nel.measure.office.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "exo.nel.measure.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 58298 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#58298: query: host013.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 58298 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#58298: query: host013.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.119", + "port": 64021 + }, + "dns": { + "answers": [ + { + "data": "nel.measure.office.net.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1894.dscb.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "exo.nel.measure.office.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "nel.measure.office.net.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1894.dscb.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.119#64021 (exo.nel.measure.office.net.): answer: exo.nel.measure.office.net. IN TYPE65 (10.100.0.1) -> NOERROR 26 CNAME nel.measure.office.net.edgesuite.net. 5050 CNAME a1894.dscb.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "exo.nel.measure.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 58298 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#58298 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 58298 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#58298 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.119", + "port": 55172 + }, + "dns": { + "question": { + "class": "IN", + "name": "exo.nel.measure.office.net", + "registered_domain": "office.net", + "subdomain": "exo.nel.measure", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.119#55172: query: exo.nel.measure.office.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "exo.nel.measure.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.119", + "port": 55172 + }, + "dns": { + "answers": [ + { + "data": "nel.measure.office.net.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1894.dscb.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.114", + "type": "A" + }, + { + "data": "198.51.100.116", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "exo.nel.measure.office.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "nel.measure.office.net.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1894.dscb.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.114", + "type": "A" + }, + { + "data": "198.51.100.116", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.119#55172 (exo.nel.measure.office.net.): answer: exo.nel.measure.office.net. IN A (10.100.0.1) -> NOERROR 26 CNAME nel.measure.office.net.edgesuite.net. 5050 CNAME a1894.dscb.akamai.net. 15 A 198.51.100.114 15 A 198.51.100.116 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "exo.nel.measure.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.51", + "port": 52406 + }, + "dns": { + "question": { + "class": "IN", + "name": "testorg.service-now.com", + "registered_domain": "service-now.com", + "subdomain": "testorg", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.51#52406: query: testorg.service-now.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.service-now.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.51", + "port": 52406 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "testorg.service-now.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.51#52406 (testorg.service-now.com.): answer: testorg.service-now.com. IN A (10.100.0.1) -> NOERROR 1 A 198.51.100.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.service-now.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.12", + "port": 41022 + }, + "dns": { + "question": { + "class": "IN", + "name": "192.0.2.3.in-addr.arpa", + "registered_domain": "3.in-addr.arpa", + "subdomain": "192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.12#41022: query: 192.0.2.3.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "192.0.2.3.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.12", + "port": 41022 + }, + "dns": { + "answers": [ + { + "data": "localhost.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "192.0.2.3.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "localhost.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.12#41022 (192.0.2.3.in-addr.arpa.): answer: 192.0.2.3.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 142247 PTR localhost. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "192.0.2.3.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.154", + "port": 14516 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.gtv-fleks.nl", + "registered_domain": "gtv-fleks.nl", + "subdomain": "www", + "top_level_domain": "nl", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.154#14516: query: www.gtv-fleks.nl IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.gtv-fleks.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.114", + "port": 10011 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#10011: query: graph.facebook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.114", + "port": 10011 + }, + "dns": { + "answers": [ + { + "data": "star.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.24", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph.facebook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "star.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.24", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#10011 (graph.facebook.com.): answer: graph.facebook.com. IN A (10.100.0.1) -> NOERROR 266 CNAME star.c10r.facebook.com. 56 A 198.51.100.24 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.80", + "port": 51202 + }, + "dns": { + "question": { + "class": "IN", + "name": "studio-playerapi.competence.biz", + "registered_domain": "competence.biz", + "subdomain": "studio-playerapi", + "top_level_domain": "biz", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.80#51202: query: studio-playerapi.competence.biz IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "studio-playerapi.competence.biz" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.201", + "port": 33202 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.201#33202: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.201", + "port": 33202 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.201#33202: query: edr-weu.eu.endpoint.security.microsoft.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.201", + "port": 33202 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.201#33202 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.201", + "port": 33202 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.201#33202 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 177 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 49472 + }, + "dns": { + "question": { + "class": "IN", + "name": "b._dns-sd._udp.192.0.2.2.in-addr.arpa", + "registered_domain": "2.in-addr.arpa", + "subdomain": "b._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#49472: query: b._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "b._dns-sd._udp.192.0.2.2.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 49472 + }, + "dns": { + "question": { + "class": "IN", + "name": "b._dns-sd._udp.192.0.2.2.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#49472 (b._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: b._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "b._dns-sd._udp.192.0.2.2.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 60209 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa", + "registered_domain": "2.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#60209: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 61189 + }, + "dns": { + "question": { + "class": "IN", + "name": "e6858.dsce9.akamaiedge.net", + "registered_domain": "akamaiedge.net", + "subdomain": "e6858.dsce9", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#61189: query: e6858.dsce9.akamaiedge.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "e6858.dsce9.akamaiedge.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 61189 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.181", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "e6858.dsce9.akamaiedge.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.181", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#61189 (e6858.dsce9.akamaiedge.net.): answer: e6858.dsce9.akamaiedge.net. IN A (10.100.0.1) -> NOERROR 13 A 198.51.100.181 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "e6858.dsce9.akamaiedge.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 52790 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.apple.com", + "registered_domain": "apple.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#52790: query: www.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 52790 + }, + "dns": { + "answers": [ + { + "data": "www-apple-com.v.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "www.apple.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e6858.dsce9.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.181", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "www-apple-com.v.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "www.apple.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e6858.dsce9.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.181", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#52790 (www.apple.com.): answer: www.apple.com. IN A (10.100.0.1) -> NOERROR 222 CNAME www-apple-com.v.aaplimg.com. 119 CNAME www.apple.com.edgekey.net. 157 CNAME e6858.dsce9.akamaiedge.net. 13 A 198.51.100.181 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 65351 + }, + "dns": { + "question": { + "class": "IN", + "name": "host070.host070.host070.example.net", + "registered_domain": "example.net", + "subdomain": "host070.host070.host070", + "top_level_domain": "net", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#65351: query: host070.host070.host070.example.net IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host070.host070.host070.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 60209 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#60209 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 64543 + }, + "dns": { + "question": { + "class": "IN", + "name": "api.apple-cloudkit.fe2.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "api.apple-cloudkit.fe2", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64543: query: api.apple-cloudkit.fe2.apple-dns.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api.apple-cloudkit.fe2.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 64543 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.50", + "type": "A" + }, + { + "data": "198.51.100.49", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "api.apple-cloudkit.fe2.apple-dns.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.50", + "type": "A" + }, + { + "data": "198.51.100.49", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64543 (api.apple-cloudkit.fe2.apple-dns.net.): answer: api.apple-cloudkit.fe2.apple-dns.net. IN A (10.100.0.1) -> NOERROR 87 A 198.51.100.50 87 A 198.51.100.49 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api.apple-cloudkit.fe2.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 65351 + }, + "dns": { + "question": { + "class": "IN", + "name": "host070.host070.host070.example.net.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#65351 (host070.host070.host070.example.net.): answer: host070.host070.host070.example.net. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host070.host070.host070.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 55941 + }, + "dns": { + "question": { + "class": "IN", + "name": "atc.spotify.map.fastly.net", + "registered_domain": "map.fastly.net", + "subdomain": "atc.spotify", + "top_level_domain": "fastly.net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#55941: query: atc.spotify.map.fastly.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "atc.spotify.map.fastly.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 55941 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.7", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.12", + "type": "A" + }, + { + "data": "198.51.100.15", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "atc.spotify.map.fastly.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.7", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.12", + "type": "A" + }, + { + "data": "198.51.100.15", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#55941 (atc.spotify.map.fastly.net.): answer: atc.spotify.map.fastly.net. IN A (10.100.0.1) -> NOERROR 0 A 198.51.100.7 0 A 198.51.100.10 0 A 198.51.100.12 0 A 198.51.100.15 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "atc.spotify.map.fastly.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 60701 + }, + "dns": { + "question": { + "class": "IN", + "name": "host071.host071.host071.example.net", + "registered_domain": "example.net", + "subdomain": "host071.host071.host071", + "top_level_domain": "net", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#60701: query: host071.host071.host071.example.net IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host071.host071.host071.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 60701 + }, + "dns": { + "question": { + "class": "IN", + "name": "host071.host071.host071.example.net.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#60701 (host071.host071.host071.example.net.): answer: host071.host071.host071.example.net. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host071.host071.host071.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 65313 + }, + "dns": { + "question": { + "class": "IN", + "name": "us-sandbox-courier-4.push-apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "us-sandbox-courier-4.push-apple.com", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#65313: query: us-sandbox-courier-4.push-apple.com.akadns.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "us-sandbox-courier-4.push-apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 65313 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.29", + "type": "A" + }, + { + "data": "198.51.100.25", + "type": "A" + }, + { + "data": "198.51.100.26", + "type": "A" + }, + { + "data": "198.51.100.28", + "type": "A" + }, + { + "data": "198.51.100.24", + "type": "A" + }, + { + "data": "198.51.100.27", + "type": "A" + }, + { + "data": "198.51.100.31", + "type": "A" + }, + { + "data": "198.51.100.30", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "us-sandbox-courier-4.push-apple.com.akadns.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.29", + "type": "A" + }, + { + "data": "198.51.100.25", + "type": "A" + }, + { + "data": "198.51.100.26", + "type": "A" + }, + { + "data": "198.51.100.28", + "type": "A" + }, + { + "data": "198.51.100.24", + "type": "A" + }, + { + "data": "198.51.100.27", + "type": "A" + }, + { + "data": "198.51.100.31", + "type": "A" + }, + { + "data": "198.51.100.30", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#65313 (us-sandbox-courier-4.push-apple.com.akadns.net.): answer: us-sandbox-courier-4.push-apple.com.akadns.net. IN A (10.100.0.1) -> NOERROR 23 A 198.51.100.29 23 A 198.51.100.25 23 A 198.51.100.26 23 A 198.51.100.28 23 A 198.51.100.24 23 A 198.51.100.27 23 A 198.51.100.31 23 A 198.51.100.30 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "us-sandbox-courier-4.push-apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 64776 + }, + "dns": { + "question": { + "class": "IN", + "name": "e6858.dsce9.akamaiedge.net", + "registered_domain": "akamaiedge.net", + "subdomain": "e6858.dsce9", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64776: query: e6858.dsce9.akamaiedge.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "e6858.dsce9.akamaiedge.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 64776 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.181", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "e6858.dsce9.akamaiedge.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.181", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64776 (e6858.dsce9.akamaiedge.net.): answer: e6858.dsce9.akamaiedge.net. IN A (10.100.0.1) -> NOERROR 13 A 198.51.100.181 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "e6858.dsce9.akamaiedge.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 64431 + }, + "dns": { + "question": { + "class": "IN", + "name": "db._dns-sd._udp.192.0.2.2.in-addr.arpa", + "registered_domain": "2.in-addr.arpa", + "subdomain": "db._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64431: query: db._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "db._dns-sd._udp.192.0.2.2.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 64431 + }, + "dns": { + "question": { + "class": "IN", + "name": "db._dns-sd._udp.192.0.2.2.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#64431 (db._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: db._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "db._dns-sd._udp.192.0.2.2.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 58042 + }, + "dns": { + "question": { + "class": "IN", + "name": "1.courier-push-apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "1.courier-push-apple.com", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#58042: query: 1.courier-push-apple.com.akadns.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "1.courier-push-apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 58042 + }, + "dns": { + "answers": [ + { + "data": "eu-nw-courier-4.push-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.33", + "type": "A" + }, + { + "data": "198.51.100.38", + "type": "A" + }, + { + "data": "198.51.100.37", + "type": "A" + }, + { + "data": "198.51.100.34", + "type": "A" + }, + { + "data": "198.51.100.36", + "type": "A" + }, + { + "data": "198.51.100.35", + "type": "A" + }, + { + "data": "198.51.100.32", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "1.courier-push-apple.com.akadns.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-nw-courier-4.push-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.33", + "type": "A" + }, + { + "data": "198.51.100.38", + "type": "A" + }, + { + "data": "198.51.100.37", + "type": "A" + }, + { + "data": "198.51.100.34", + "type": "A" + }, + { + "data": "198.51.100.36", + "type": "A" + }, + { + "data": "198.51.100.35", + "type": "A" + }, + { + "data": "198.51.100.32", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#58042 (1.courier-push-apple.com.akadns.net.): answer: 1.courier-push-apple.com.akadns.net. IN A (10.100.0.1) -> NOERROR 4 CNAME eu-nw-courier-4.push-apple.com.akadns.net. 22 A 198.51.100.33 22 A 198.51.100.38 22 A 198.51.100.37 22 A 198.51.100.34 22 A 198.51.100.36 22 A 198.51.100.35 22 A 198.51.100.32 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "1.courier-push-apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 55795 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net", + "registered_domain": "example.net", + "subdomain": "host021.host021.host021", + "top_level_domain": "net", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#55795: query: host021.host021.host021.example.net IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 59833 + }, + "dns": { + "question": { + "class": "IN", + "name": "gew4-dealer.g2.spotify.com", + "registered_domain": "spotify.com", + "subdomain": "gew4-dealer.g2", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#59833: query: gew4-dealer.g2.spotify.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-dealer.g2.spotify.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 59833 + }, + "dns": { + "answers": [ + { + "data": "gew4-dealer-ssl.spotify.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "gew4-dealer.g2.spotify.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "gew4-dealer-ssl.spotify.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#59833 (gew4-dealer.g2.spotify.com.): answer: gew4-dealer.g2.spotify.com. IN TYPE65 (10.100.0.1) -> NOERROR 64 CNAME gew4-dealer-ssl.spotify.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-dealer.g2.spotify.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.80", + "port": 51202 + }, + "dns": { + "answers": [ + { + "data": "app-studio-playerapi-prod.azurewebsites.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-719.sip.azurewebsites.windows.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-719-c1d4.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.136", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "studio-playerapi.competence.biz.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "app-studio-playerapi-prod.azurewebsites.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-719.sip.azurewebsites.windows.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-am2-719-c1d4.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.136", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.80#51202 (studio-playerapi.competence.biz.): answer: studio-playerapi.competence.biz. IN A (10.100.0.1) -> NOERROR 10 CNAME app-studio-playerapi-prod.azurewebsites.net. 10 CNAME waws-prod-am2-719.sip.azurewebsites.windows.net. 10 CNAME waws-prod-am2-719-c1d4.westeurope.cloudapp.azure.com. 2 A 198.51.100.136 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "studio-playerapi.competence.biz." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 55795 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#55795 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 53056 + }, + "dns": { + "question": { + "class": "IN", + "name": "gew4-dealer.g2.spotify.com", + "registered_domain": "spotify.com", + "subdomain": "gew4-dealer.g2", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#53056: query: gew4-dealer.g2.spotify.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-dealer.g2.spotify.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 53056 + }, + "dns": { + "answers": [ + { + "data": "gew4-dealer-ssl.spotify.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.203", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "gew4-dealer.g2.spotify.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "gew4-dealer-ssl.spotify.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.203", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#53056 (gew4-dealer.g2.spotify.com.): answer: gew4-dealer.g2.spotify.com. IN A (10.100.0.1) -> NOERROR 63 CNAME gew4-dealer-ssl.spotify.com. 26 A 198.51.100.203 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-dealer.g2.spotify.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.160", + "port": 63912 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.weixin.qq.com.cn", + "registered_domain": "qq.com.cn", + "subdomain": "dns.weixin", + "top_level_domain": "com.cn", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.160#63912: query: dns.weixin.qq.com.cn IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.weixin.qq.com.cn" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.160", + "port": 63912 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.224", + "type": "A" + }, + { + "data": "198.51.100.223", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "dns.weixin.qq.com.cn.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.224", + "type": "A" + }, + { + "data": "198.51.100.223", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.160#63912 (dns.weixin.qq.com.cn.): answer: dns.weixin.qq.com.cn. IN A (10.100.0.1) -> NOERROR 106 A 198.51.100.224 106 A 198.51.100.223 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.weixin.qq.com.cn." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.142", + "port": 64168 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.cp.wd.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.cp.wd", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.142#64168: query: europe.cp.wd.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.cp.wd.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.142", + "port": 64168 + }, + "dns": { + "answers": [ + { + "data": "wd-prod-cp-eu.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.227", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.cp.wd.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "wd-prod-cp-eu.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.227", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.142#64168 (europe.cp.wd.microsoft.com.): answer: europe.cp.wd.microsoft.com. IN A (10.100.0.1) -> NOERROR 982 CNAME wd-prod-cp-eu.trafficmanager.net. 208 CNAME wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com. 5 A 198.51.100.227 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.cp.wd.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 60866 + }, + "dns": { + "question": { + "class": "IN", + "name": "dgw.c10r.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "dgw.c10r", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#60866: query: dgw.c10r.facebook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dgw.c10r.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 60866 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.26", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "dgw.c10r.facebook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.26", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#60866 (dgw.c10r.facebook.com.): answer: dgw.c10r.facebook.com. IN A (10.100.0.1) -> NOERROR 32 A 198.51.100.26 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dgw.c10r.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 56846 + }, + "dns": { + "question": { + "class": "IN", + "name": "mqtt.c10r.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "mqtt.c10r", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56846: query: mqtt.c10r.facebook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mqtt.c10r.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 56846 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.25", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mqtt.c10r.facebook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.25", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56846 (mqtt.c10r.facebook.com.): answer: mqtt.c10r.facebook.com. IN A (10.100.0.1) -> NOERROR 1 A 198.51.100.25 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mqtt.c10r.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.154", + "port": 1878 + }, + "dns": { + "question": { + "class": "IN", + "name": "eur.loki.delve.office.com", + "registered_domain": "office.com", + "subdomain": "eur.loki.delve", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.154#1878: query: eur.loki.delve.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eur.loki.delve.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.154", + "port": 1878 + }, + "dns": { + "answers": [ + { + "data": "loki-atm-prod-eur.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "eur.fxgateway.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "mira-cmn.tm-4.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.166", + "type": "A" + }, + { + "data": "198.51.100.174", + "type": "A" + }, + { + "data": "198.51.100.172", + "type": "A" + }, + { + "data": "198.51.100.171", + "type": "A" + }, + { + "data": "198.51.100.167", + "type": "A" + }, + { + "data": "198.51.100.168", + "type": "A" + }, + { + "data": "198.51.100.176", + "type": "A" + }, + { + "data": "198.51.100.177", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eur.loki.delve.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "loki-atm-prod-eur.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "eur.fxgateway.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "mira-cmn.tm-4.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.166", + "type": "A" + }, + { + "data": "198.51.100.174", + "type": "A" + }, + { + "data": "198.51.100.172", + "type": "A" + }, + { + "data": "198.51.100.171", + "type": "A" + }, + { + "data": "198.51.100.167", + "type": "A" + }, + { + "data": "198.51.100.168", + "type": "A" + }, + { + "data": "198.51.100.176", + "type": "A" + }, + { + "data": "198.51.100.177", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.154#1878 (eur.loki.delve.office.com.): answer: eur.loki.delve.office.com. IN A (10.100.0.1) -> NOERROR 74 CNAME loki-atm-prod-eur.trafficmanager.net. 13 CNAME eur.fxgateway.svc.cloud.microsoft. 76 CNAME mira-cmn.tm-4.office.com. 0 A 198.51.100.166 0 A 198.51.100.174 0 A 198.51.100.172 0 A 198.51.100.171 0 A 198.51.100.167 0 A 198.51.100.168 0 A 198.51.100.176 0 A 198.51.100.177 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eur.loki.delve.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.49", + "port": 56058 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.49#56058: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.49", + "port": 56058 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.49#56058 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.253", + "port": 22877 + }, + "dns": { + "question": { + "class": "IN", + "name": "host072.example.net", + "registered_domain": "example.net", + "subdomain": "host072", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#22877: query: host072.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host072.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.34", + "port": 59946 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-mobile.events.data", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.34#59946: query: eu-mobile.events.data.microsoft.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.253", + "port": 22877 + }, + "dns": { + "question": { + "class": "IN", + "name": "host072.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#22877 (host072.example.net.): answer: host072.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host072.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.34", + "port": 59946 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.34#59946 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56731 + }, + "dns": { + "question": { + "class": "IN", + "name": "host002.example.net", + "registered_domain": "example.net", + "subdomain": "host002", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731: query: host002.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host002.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56731 + }, + "dns": { + "question": { + "class": "IN", + "name": "host002.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731 (host002.example.net.): answer: host002.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host002.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.253", + "port": 41595 + }, + "dns": { + "question": { + "class": "IN", + "name": "host072.example.net", + "registered_domain": "example.net", + "subdomain": "host072", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#41595: query: host072.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host072.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.253", + "port": 41595 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.254", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host072.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.254", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#41595 (host072.example.net.): answer: host072.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.254 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host072.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.34", + "port": 63717 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-mobile.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.34#63717: query: eu-mobile.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.34", + "port": 63717 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.34#63717 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 45026 + }, + "dns": { + "question": { + "class": "IN", + "name": "host073.example.net", + "registered_domain": "example.net", + "subdomain": "host073", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#45026: query: host073.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host073.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 45026 + }, + "dns": { + "question": { + "class": "IN", + "name": "host073.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#45026 (host073.example.net.): answer: host073.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host073.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 52316 + }, + "dns": { + "question": { + "class": "IN", + "name": "star.c10r.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "star.c10r", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52316: query: star.c10r.facebook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "star.c10r.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 52316 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.24", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "star.c10r.facebook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.24", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52316 (star.c10r.facebook.com.): answer: star.c10r.facebook.com. IN A (10.100.0.1) -> NOERROR 55 A 198.51.100.24 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "star.c10r.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.56", + "port": 56153 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.56#56153: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.56", + "port": 56153 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.56#56153 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 36524 + }, + "dns": { + "question": { + "class": "IN", + "name": "host074.example.net", + "registered_domain": "example.net", + "subdomain": "host074", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#36524: query: host074.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host074.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.145", + "port": 62532 + }, + "dns": { + "question": { + "class": "IN", + "name": "ocsp2.apple.com", + "registered_domain": "apple.com", + "subdomain": "ocsp2", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#62532: query: ocsp2.apple.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ocsp2.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.145", + "port": 62532 + }, + "dns": { + "answers": [ + { + "data": "ocsp2.g.aaplimg.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "ocsp2.apple.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ocsp2.g.aaplimg.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#62532 (ocsp2.apple.com.): answer: ocsp2.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 313 CNAME ocsp2.g.aaplimg.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ocsp2.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 36524 + }, + "dns": { + "question": { + "class": "IN", + "name": "host074.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#36524 (host074.example.net.): answer: host074.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host074.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.145", + "port": 50127 + }, + "dns": { + "question": { + "class": "IN", + "name": "ocsp2.apple.com", + "registered_domain": "apple.com", + "subdomain": "ocsp2", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#50127: query: ocsp2.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ocsp2.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.145", + "port": 50127 + }, + "dns": { + "answers": [ + { + "data": "ocsp2.g.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.57", + "type": "A" + }, + { + "data": "198.51.100.52", + "type": "A" + }, + { + "data": "198.51.100.56", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ocsp2.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ocsp2.g.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.57", + "type": "A" + }, + { + "data": "198.51.100.52", + "type": "A" + }, + { + "data": "198.51.100.56", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#50127 (ocsp2.apple.com.): answer: ocsp2.apple.com. IN A (10.100.0.1) -> NOERROR 313 CNAME ocsp2.g.aaplimg.com. 13 A 198.51.100.57 13 A 198.51.100.52 13 A 198.51.100.56 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ocsp2.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.219", + "port": 33233 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#33233: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.219", + "port": 33233 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#33233 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 43494 + }, + "dns": { + "question": { + "class": "IN", + "name": "host075.example.net", + "registered_domain": "example.net", + "subdomain": "host075", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#43494: query: host075.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host075.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 43494 + }, + "dns": { + "question": { + "class": "IN", + "name": "host075.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#43494 (host075.example.net.): answer: host075.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host075.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.219", + "port": 33029 + }, + "dns": { + "question": { + "class": "IN", + "name": "host008.example.net", + "registered_domain": "example.net", + "subdomain": "host008", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#33029: query: host008.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host008.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.219", + "port": 33029 + }, + "dns": { + "answers": [ + { + "data": "10.100.0.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host008.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.100.0.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#33029 (host008.example.net.): answer: host008.example.net. IN A (10.100.0.1) -> NOERROR 3600 A 10.100.0.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host008.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 53960 + }, + "dns": { + "question": { + "class": "IN", + "name": "host076.example.net", + "registered_domain": "example.net", + "subdomain": "host076", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#53960: query: host076.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host076.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.137", + "port": 61593 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.137#61593: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.137", + "port": 61593 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.137#61593 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 53960 + }, + "dns": { + "question": { + "class": "IN", + "name": "host076.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#53960 (host076.example.net.): answer: host076.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host076.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.167", + "port": 52213 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa", + "registered_domain": "2.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#52213: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.167", + "port": 52213 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#52213 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.167", + "port": 57423 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net", + "registered_domain": "example.net", + "subdomain": "host021.host021.host021", + "top_level_domain": "net", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#57423: query: host021.host021.host021.example.net IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.254", + "port": 44765 + }, + "dns": { + "question": { + "class": "IN", + "name": "host077.example.net", + "registered_domain": "example.net", + "subdomain": "host077", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#44765: query: host077.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host077.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.167", + "port": 57423 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#57423 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.254", + "port": 37392 + }, + "dns": { + "question": { + "class": "IN", + "name": "host077.example.net", + "registered_domain": "example.net", + "subdomain": "host077", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#37392: query: host077.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host077.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.254", + "port": 44765 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.253", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host077.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.253", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#44765 (host077.example.net.): answer: host077.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.253 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host077.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.167", + "port": 65048 + }, + "dns": { + "question": { + "class": "IN", + "name": "app-analytics-services.com", + "registered_domain": "app-analytics-services.com", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#65048: query: app-analytics-services.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "app-analytics-services.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.167", + "port": 65048 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.109", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "app-analytics-services.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.109", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#65048 (app-analytics-services.com.): answer: app-analytics-services.com. IN A (10.100.0.1) -> NOERROR 201 A 198.51.100.109 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "app-analytics-services.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.167", + "port": 58370 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.113.in-addr.arpa", + "registered_domain": "113.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#58370: query: lb._dns-sd._udp.198.51.100.113.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.113.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.167", + "port": 58370 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.113.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.167#58370 (lb._dns-sd._udp.198.51.100.113.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.113.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.113.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.254", + "port": 37392 + }, + "dns": { + "question": { + "class": "IN", + "name": "host077.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#37392 (host077.example.net.): answer: host077.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host077.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 57750 + }, + "dns": { + "question": { + "class": "IN", + "name": "host078.example.net", + "registered_domain": "example.net", + "subdomain": "host078", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#57750: query: host078.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host078.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 57750 + }, + "dns": { + "question": { + "class": "IN", + "name": "host078.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#57750 (host078.example.net.): answer: host078.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host078.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 38698 + }, + "dns": { + "question": { + "class": "IN", + "name": "host079.example.net", + "registered_domain": "example.net", + "subdomain": "host079", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#38698: query: host079.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host079.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 38698 + }, + "dns": { + "question": { + "class": "IN", + "name": "host079.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#38698 (host079.example.net.): answer: host079.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host079.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 59608 + }, + "dns": { + "question": { + "class": "IN", + "name": "host080.example.net", + "registered_domain": "example.net", + "subdomain": "host080", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59608: query: host080.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host080.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 59608 + }, + "dns": { + "question": { + "class": "IN", + "name": "host080.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59608 (host080.example.net.): answer: host080.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host080.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.95", + "port": 61842 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-office.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.95#61842: query: eu-office.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.95", + "port": 61842 + }, + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.95#61842 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 57340 + }, + "dns": { + "question": { + "class": "IN", + "name": "host081.example.net", + "registered_domain": "example.net", + "subdomain": "host081", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#57340: query: host081.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host081.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 57340 + }, + "dns": { + "question": { + "class": "IN", + "name": "host081.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#57340 (host081.example.net.): answer: host081.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host081.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.225", + "port": 62845 + }, + "dns": { + "question": { + "class": "IN", + "name": "host082.example.net", + "registered_domain": "example.net", + "subdomain": "host082", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.225#62845: query: host082.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host082.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.225", + "port": 62845 + }, + "dns": { + "question": { + "class": "IN", + "name": "host082.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.225#62845 (host082.example.net.): answer: host082.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host082.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 49669 + }, + "dns": { + "question": { + "class": "IN", + "name": "host011.host011.example.net", + "registered_domain": "example.net", + "subdomain": "host011.host011", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669: query: host011.host011.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host011.host011.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 49669 + }, + "dns": { + "question": { + "class": "IN", + "name": "host011.host011.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669 (host011.host011.example.net.): answer: host011.host011.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host011.host011.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.94", + "port": 50368 + }, + "dns": { + "question": { + "class": "IN", + "name": "wise-m.public.cdn.office.net", + "registered_domain": "office.net", + "subdomain": "wise-m.public.cdn", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#50368: query: wise-m.public.cdn.office.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wise-m.public.cdn.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.94", + "port": 50368 + }, + "dns": { + "answers": [ + { + "data": "res-prod.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.cdn.office.net.", + "type": "CNAME" + }, + { + "data": "res-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a726.dscd.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "wise-m.public.cdn.office.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "res-prod.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.cdn.office.net.", + "type": "CNAME" + }, + { + "data": "res-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a726.dscd.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#50368 (wise-m.public.cdn.office.net.): answer: wise-m.public.cdn.office.net. IN TYPE65 (10.100.0.1) -> NOERROR 172 CNAME res-prod.trafficmanager.net. 103 CNAME res-1.cdn.office.net. 96 CNAME res-stls-prod.edgesuite.net. 221 CNAME a726.dscd.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wise-m.public.cdn.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.94", + "port": 60819 + }, + "dns": { + "question": { + "class": "IN", + "name": "wise-m.public.cdn.office.net", + "registered_domain": "office.net", + "subdomain": "wise-m.public.cdn", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#60819: query: wise-m.public.cdn.office.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wise-m.public.cdn.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.94", + "port": 60819 + }, + "dns": { + "answers": [ + { + "data": "res-prod.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.cdn.office.net.", + "type": "CNAME" + }, + { + "data": "res-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a726.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.75", + "type": "A" + }, + { + "data": "198.51.100.71", + "type": "A" + }, + { + "data": "198.51.100.73", + "type": "A" + }, + { + "data": "198.51.100.70", + "type": "A" + }, + { + "data": "198.51.100.67", + "type": "A" + }, + { + "data": "198.51.100.61", + "type": "A" + }, + { + "data": "198.51.100.63", + "type": "A" + }, + { + "data": "198.51.100.68", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "wise-m.public.cdn.office.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "res-prod.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "res-1.cdn.office.net.", + "type": "CNAME" + }, + { + "data": "res-stls-prod.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a726.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.75", + "type": "A" + }, + { + "data": "198.51.100.71", + "type": "A" + }, + { + "data": "198.51.100.73", + "type": "A" + }, + { + "data": "198.51.100.70", + "type": "A" + }, + { + "data": "198.51.100.67", + "type": "A" + }, + { + "data": "198.51.100.61", + "type": "A" + }, + { + "data": "198.51.100.63", + "type": "A" + }, + { + "data": "198.51.100.68", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#60819 (wise-m.public.cdn.office.net.): answer: wise-m.public.cdn.office.net. IN A (10.100.0.1) -> NOERROR 171 CNAME res-prod.trafficmanager.net. 102 CNAME res-1.cdn.office.net. 95 CNAME res-stls-prod.edgesuite.net. 220 CNAME a726.dscd.akamai.net. 9 A 198.51.100.75 9 A 198.51.100.71 9 A 198.51.100.73 9 A 198.51.100.70 9 A 198.51.100.67 9 A 198.51.100.61 9 A 198.51.100.63 9 A 198.51.100.68" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wise-m.public.cdn.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 48250 + }, + "dns": { + "question": { + "class": "IN", + "name": "host083.example.net", + "registered_domain": "example.net", + "subdomain": "host083", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#48250: query: host083.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host083.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 48250 + }, + "dns": { + "question": { + "class": "IN", + "name": "host083.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#48250 (host083.example.net.): answer: host083.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host083.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 48825 + }, + "dns": { + "question": { + "class": "IN", + "name": "host084.example.net", + "registered_domain": "example.net", + "subdomain": "host084", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#48825: query: host084.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host084.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.94", + "port": 60330 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-excel.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-excel.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#60330: query: euc-excel.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.94", + "port": 51758 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-excel.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-excel.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#51758: query: euc-excel.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.94", + "port": 60330 + }, + "dns": { + "answers": [ + { + "data": "euc-excel-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-excel.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-excel-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#60330 (euc-excel.officeapps.live.com.): answer: euc-excel.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 49 CNAME euc-excel-geo.wac.trafficmanager.net. 55 CNAME euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 44 CNAME wac-0003.wac-msedge.net. 17 A 198.51.100.235 17 A 198.51.100.236 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.94", + "port": 51758 + }, + "dns": { + "answers": [ + { + "data": "euc-excel-geo.wac.trafficmanager.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "euc-excel.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-excel-geo.wac.trafficmanager.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.94#51758 (euc-excel.officeapps.live.com.): answer: euc-excel.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 50 CNAME euc-excel-geo.wac.trafficmanager.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 48825 + }, + "dns": { + "question": { + "class": "IN", + "name": "host084.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#48825 (host084.example.net.): answer: host084.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host084.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 50987 + }, + "dns": { + "question": { + "class": "IN", + "name": "gew4-dealer-ssl.spotify.com", + "registered_domain": "spotify.com", + "subdomain": "gew4-dealer-ssl", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#50987: query: gew4-dealer-ssl.spotify.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-dealer-ssl.spotify.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.157", + "port": 50987 + }, + "dns": { + "question": { + "class": "IN", + "name": "gew4-dealer-ssl.spotify.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.157#50987 (gew4-dealer-ssl.spotify.com.): answer: gew4-dealer-ssl.spotify.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-dealer-ssl.spotify.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 56510 + }, + "dns": { + "question": { + "class": "IN", + "name": "host085.example.net", + "registered_domain": "example.net", + "subdomain": "host085", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56510: query: host085.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host085.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 56510 + }, + "dns": { + "question": { + "class": "IN", + "name": "host085.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56510 (host085.example.net.): answer: host085.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host085.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.254", + "port": 48620 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.23.in-addr.arpa", + "registered_domain": "23.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#48620: query: 198.51.100.23.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.23.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.254", + "port": 48620 + }, + "dns": { + "answers": [ + { + "data": "host077.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.23.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host077.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#48620 (198.51.100.23.in-addr.arpa.): answer: 198.51.100.23.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host077.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.23.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 40677 + }, + "dns": { + "question": { + "class": "IN", + "name": "host086.example.net", + "registered_domain": "example.net", + "subdomain": "host086", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#40677: query: host086.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host086.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 40677 + }, + "dns": { + "question": { + "class": "IN", + "name": "host086.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#40677 (host086.example.net.): answer: host086.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host086.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.254", + "port": 52044 + }, + "dns": { + "question": { + "class": "IN", + "name": "host087.example.net", + "registered_domain": "example.net", + "subdomain": "host087", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#52044: query: host087.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host087.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.254", + "port": 52044 + }, + "dns": { + "question": { + "class": "IN", + "name": "host087.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#52044 (host087.example.net.): answer: host087.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host087.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 56682 + }, + "dns": { + "question": { + "class": "IN", + "name": "host088.example.net", + "registered_domain": "example.net", + "subdomain": "host088", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56682: query: host088.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host088.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.162", + "port": 53596 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net", + "registered_domain": "example.net", + "subdomain": "host021.host021.host021", + "top_level_domain": "net", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#53596: query: host021.host021.host021.example.net IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.254", + "port": 45525 + }, + "dns": { + "question": { + "class": "IN", + "name": "host087.example.net", + "registered_domain": "example.net", + "subdomain": "host087", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#45525: query: host087.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host087.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 56682 + }, + "dns": { + "question": { + "class": "IN", + "name": "host088.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#56682 (host088.example.net.): answer: host088.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host088.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.162", + "port": 53596 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#53596 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.254", + "port": 45525 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.255", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host087.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.255", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.254#45525 (host087.example.net.): answer: host087.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.255 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host087.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.162", + "port": 56221 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa", + "registered_domain": "2.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#56221: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.162", + "port": 64124 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.113.in-addr.arpa", + "registered_domain": "113.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#64124: query: lb._dns-sd._udp.198.51.100.113.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.113.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.162", + "port": 64124 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.113.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#64124 (lb._dns-sd._udp.198.51.100.113.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.113.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.113.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.162", + "port": 56221 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.162#56221 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 59798 + }, + "dns": { + "question": { + "class": "IN", + "name": "host089.example.net", + "registered_domain": "example.net", + "subdomain": "host089", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59798: query: host089.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host089.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 59798 + }, + "dns": { + "question": { + "class": "IN", + "name": "host089.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#59798 (host089.example.net.): answer: host089.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host089.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 41456 + }, + "dns": { + "question": { + "class": "IN", + "name": "host090.example.net", + "registered_domain": "example.net", + "subdomain": "host090", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#41456: query: host090.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host090.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 41456 + }, + "dns": { + "question": { + "class": "IN", + "name": "host090.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#41456 (host090.example.net.): answer: host090.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host090.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 41941 + }, + "dns": { + "question": { + "class": "IN", + "name": "host091.example.net", + "registered_domain": "example.net", + "subdomain": "host091", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#41941: query: host091.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host091.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 41941 + }, + "dns": { + "question": { + "class": "IN", + "name": "host091.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#41941 (host091.example.net.): answer: host091.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host091.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 58281 + }, + "dns": { + "question": { + "class": "IN", + "name": "host092.example.net", + "registered_domain": "example.net", + "subdomain": "host092", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#58281: query: host092.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host092.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 58281 + }, + "dns": { + "question": { + "class": "IN", + "name": "host092.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#58281 (host092.example.net.): answer: host092.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host092.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.253", + "port": 53919 + }, + "dns": { + "question": { + "class": "IN", + "name": "host087.example.net", + "registered_domain": "example.net", + "subdomain": "host087", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#53919: query: host087.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host087.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.253", + "port": 35807 + }, + "dns": { + "question": { + "class": "IN", + "name": "host087.example.net", + "registered_domain": "example.net", + "subdomain": "host087", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#35807: query: host087.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host087.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.253", + "port": 53919 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.255", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host087.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.255", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#53919 (host087.example.net.): answer: host087.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.255 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host087.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.253", + "port": 35807 + }, + "dns": { + "question": { + "class": "IN", + "name": "host087.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#35807 (host087.example.net.): answer: host087.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host087.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.145", + "port": 59556 + }, + "dns": { + "question": { + "class": "IN", + "name": "ocsp2.g.aaplimg.com", + "registered_domain": "aaplimg.com", + "subdomain": "ocsp2.g", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#59556: query: ocsp2.g.aaplimg.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ocsp2.g.aaplimg.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.145", + "port": 59556 + }, + "dns": { + "question": { + "class": "IN", + "name": "ocsp2.g.aaplimg.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.145#59556 (ocsp2.g.aaplimg.com.): answer: ocsp2.g.aaplimg.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ocsp2.g.aaplimg.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 33174 + }, + "dns": { + "question": { + "class": "IN", + "name": "host093.example.net", + "registered_domain": "example.net", + "subdomain": "host093", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#33174: query: host093.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host093.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 33174 + }, + "dns": { + "question": { + "class": "IN", + "name": "host093.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#33174 (host093.example.net.): answer: host093.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host093.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56731 + }, + "dns": { + "question": { + "class": "IN", + "name": "host020.host020.example.net", + "registered_domain": "example.net", + "subdomain": "host020.host020", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731: query: host020.host020.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host020.host020.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56731 + }, + "dns": { + "question": { + "class": "IN", + "name": "host020.host020.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731 (host020.host020.example.net.): answer: host020.host020.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host020.host020.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.154", + "port": 14516 + }, + "dns": { + "answers": [ + { + "data": "gtv-fleks.nl.", + "type": "CNAME" + }, + { + "data": "198.51.100.56", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.gtv-fleks.nl.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "gtv-fleks.nl.", + "type": "CNAME" + }, + { + "data": "198.51.100.56", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.154#14516 (www.gtv-fleks.nl.): answer: www.gtv-fleks.nl. IN A (10.100.0.1) -> NOERROR 60 CNAME gtv-fleks.nl. 60 A 198.51.100.56 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.gtv-fleks.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.43", + "port": 60529 + }, + "dns": { + "question": { + "class": "IN", + "name": "ctldl.windowsupdate.com", + "registered_domain": "windowsupdate.com", + "subdomain": "ctldl", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.43#60529: query: ctldl.windowsupdate.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ctldl.windowsupdate.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.43", + "port": 60529 + }, + "dns": { + "answers": [ + { + "data": "ctldl.windowsupdate.com.delivery.microsoft.com.", + "type": "CNAME" + }, + { + "data": "wu-b-net.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "bg.microsoft.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.112", + "type": "A" + }, + { + "data": "198.51.100.111", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ctldl.windowsupdate.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ctldl.windowsupdate.com.delivery.microsoft.com.", + "type": "CNAME" + }, + { + "data": "wu-b-net.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "bg.microsoft.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.112", + "type": "A" + }, + { + "data": "198.51.100.111", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.43#60529 (ctldl.windowsupdate.com.): answer: ctldl.windowsupdate.com. IN A (10.100.0.1) -> NOERROR 2379 CNAME ctldl.windowsupdate.com.delivery.microsoft.com. 2350 CNAME wu-b-net.trafficmanager.net. 247 CNAME bg.microsoft.map.fastly.net. 19 A 198.51.100.112 19 A 198.51.100.111 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ctldl.windowsupdate.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 47471 + }, + "dns": { + "question": { + "class": "IN", + "name": "host094.example.net", + "registered_domain": "example.net", + "subdomain": "host094", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#47471: query: host094.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host094.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 47471 + }, + "dns": { + "question": { + "class": "IN", + "name": "host094.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#47471 (host094.example.net.): answer: host094.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host094.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 34785 + }, + "dns": { + "question": { + "class": "IN", + "name": "host095.example.net", + "registered_domain": "example.net", + "subdomain": "host095", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#34785: query: host095.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host095.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 34785 + }, + "dns": { + "question": { + "class": "IN", + "name": "host095.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#34785 (host095.example.net.): answer: host095.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host095.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.253", + "port": 23764 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.36.in-addr.arpa", + "registered_domain": "36.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#23764: query: 198.51.100.36.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.36.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.253", + "port": 23764 + }, + "dns": { + "answers": [ + { + "data": "host072.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.36.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host072.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.253#23764 (198.51.100.36.in-addr.arpa.): answer: 198.51.100.36.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host072.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.36.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 55384 + }, + "dns": { + "question": { + "class": "IN", + "name": "ipagave.azurewebsites.net", + "registered_domain": "azurewebsites.net", + "subdomain": "ipagave", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#55384: query: ipagave.azurewebsites.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipagave.azurewebsites.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 55384 + }, + "dns": { + "answers": [ + { + "data": "waws-prod-dm1-013.vip.azurewebsites.windows.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "ipagave.azurewebsites.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "waws-prod-dm1-013.vip.azurewebsites.windows.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#55384 (ipagave.azurewebsites.net.): answer: ipagave.azurewebsites.net. IN TYPE65 (10.100.0.1) -> NOERROR 1017 CNAME waws-prod-dm1-013.vip.azurewebsites.windows.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipagave.azurewebsites.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 57943 + }, + "dns": { + "question": { + "class": "IN", + "name": "ipagave.azurewebsites.net", + "registered_domain": "azurewebsites.net", + "subdomain": "ipagave", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#57943: query: ipagave.azurewebsites.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipagave.azurewebsites.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 57943 + }, + "dns": { + "answers": [ + { + "data": "waws-prod-dm1-013.vip.azurewebsites.windows.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-dm1-013.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.216", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ipagave.azurewebsites.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "waws-prod-dm1-013.vip.azurewebsites.windows.net.", + "type": "CNAME" + }, + { + "data": "waws-prod-dm1-013.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.216", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#57943 (ipagave.azurewebsites.net.): answer: ipagave.azurewebsites.net. IN A (10.100.0.1) -> NOERROR 1017 CNAME waws-prod-dm1-013.vip.azurewebsites.windows.net. 21 CNAME waws-prod-dm1-013.centralus.cloudapp.azure.com. 1 A 198.51.100.216 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipagave.azurewebsites.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 54097 + }, + "dns": { + "question": { + "class": "IN", + "name": "host096.example.net", + "registered_domain": "example.net", + "subdomain": "host096", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#54097: query: host096.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host096.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 53931 + }, + "dns": { + "question": { + "class": "IN", + "name": "addin.insights.static.microsoft", + "registered_domain": "static.microsoft", + "subdomain": "addin.insights", + "top_level_domain": "microsoft", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#53931: query: addin.insights.static.microsoft IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "addin.insights.static.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 53931 + }, + "dns": { + "answers": [ + { + "data": "agave-prod-afd-d5fmb2bnhpffbrbu.b01.azurefd.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "addin.insights.static.microsoft.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "agave-prod-afd-d5fmb2bnhpffbrbu.b01.azurefd.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#53931 (addin.insights.static.microsoft.): answer: addin.insights.static.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR 157 CNAME agave-prod-afd-d5fmb2bnhpffbrbu.b01.azurefd.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "addin.insights.static.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.111", + "port": 60952 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.msftncsi.com", + "registered_domain": "msftncsi.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.111#60952: query: dns.msftncsi.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.msftncsi.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.111", + "port": 60952 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.215", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "dns.msftncsi.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.215", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.111#60952 (dns.msftncsi.com.): answer: dns.msftncsi.com. IN A (10.100.0.1) -> NOERROR 8 A 198.51.100.215 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.msftncsi.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 54097 + }, + "dns": { + "question": { + "class": "IN", + "name": "host096.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#54097 (host096.example.net.): answer: host096.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host096.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 37600 + }, + "dns": { + "question": { + "class": "IN", + "name": "host097.example.net", + "registered_domain": "example.net", + "subdomain": "host097", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#37600: query: host097.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host097.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 49224 + }, + "dns": { + "question": { + "class": "IN", + "name": "addin.insights.static.microsoft", + "registered_domain": "static.microsoft", + "subdomain": "addin.insights", + "top_level_domain": "microsoft", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#49224: query: addin.insights.static.microsoft IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "addin.insights.static.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 49224 + }, + "dns": { + "answers": [ + { + "data": "agave-prod-afd-d5fmb2bnhpffbrbu.b01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-b01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.211", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "addin.insights.static.microsoft.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "agave-prod-afd-d5fmb2bnhpffbrbu.b01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-b01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.211", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#49224 (addin.insights.static.microsoft.): answer: addin.insights.static.microsoft. IN A (10.100.0.1) -> NOERROR 157 CNAME agave-prod-afd-d5fmb2bnhpffbrbu.b01.azurefd.net. 25 CNAME mr-b01.tm-azurefd.net. 28 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.210 35 A 198.51.100.211 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "addin.insights.static.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 37600 + }, + "dns": { + "question": { + "class": "IN", + "name": "host097.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#37600 (host097.example.net.): answer: host097.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host097.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 47390 + }, + "dns": { + "question": { + "class": "IN", + "name": "host098.example.net", + "registered_domain": "example.net", + "subdomain": "host098", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#47390: query: host098.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host098.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 47390 + }, + "dns": { + "question": { + "class": "IN", + "name": "host098.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#47390 (host098.example.net.): answer: host098.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host098.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 55646 + }, + "dns": { + "question": { + "class": "IN", + "name": "host099.example.net", + "registered_domain": "example.net", + "subdomain": "host099", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#55646: query: host099.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host099.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 55646 + }, + "dns": { + "question": { + "class": "IN", + "name": "host099.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#55646 (host099.example.net.): answer: host099.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host099.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 35632 + }, + "dns": { + "question": { + "class": "IN", + "name": "host100.example.net", + "registered_domain": "example.net", + "subdomain": "host100", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#35632: query: host100.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host100.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 35632 + }, + "dns": { + "question": { + "class": "IN", + "name": "host100.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#35632 (host100.example.net.): answer: host100.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host100.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 52494 + }, + "dns": { + "question": { + "class": "IN", + "name": "host101.example.net", + "registered_domain": "example.net", + "subdomain": "host101", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#52494: query: host101.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host101.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 52494 + }, + "dns": { + "question": { + "class": "IN", + "name": "host101.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#52494 (host101.example.net.): answer: host101.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host101.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 43828 + }, + "dns": { + "question": { + "class": "IN", + "name": "host102.example.net", + "registered_domain": "example.net", + "subdomain": "host102", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#43828: query: host102.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host102.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.255", + "port": 36019 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.36.in-addr.arpa", + "registered_domain": "36.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.255#36019: query: 198.51.100.36.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.36.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.134", + "port": 43828 + }, + "dns": { + "question": { + "class": "IN", + "name": "host102.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.134#43828 (host102.example.net.): answer: host102.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host102.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.255", + "port": 36019 + }, + "dns": { + "answers": [ + { + "data": "host072.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.36.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host072.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.255#36019 (198.51.100.36.in-addr.arpa.): answer: 198.51.100.36.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host072.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.36.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 49669 + }, + "dns": { + "question": { + "class": "IN", + "name": "host024.example.net", + "registered_domain": "example.net", + "subdomain": "host024", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669: query: host024.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host024.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 49669 + }, + "dns": { + "question": { + "class": "IN", + "name": "host024.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669 (host024.example.net.): answer: host024.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host024.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.69", + "port": 53821 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.69#53821: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.69", + "port": 53821 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.69#53821 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.159", + "port": 61850 + }, + "dns": { + "question": { + "class": "IN", + "name": "a1854.casalemedia.com", + "registered_domain": "casalemedia.com", + "subdomain": "a1854", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.159#61850: query: a1854.casalemedia.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "a1854.casalemedia.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.255", + "port": 17520 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.23.in-addr.arpa", + "registered_domain": "23.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.255#17520: query: 198.51.100.23.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.23.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.98", + "port": 52482 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.cp.wd.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.cp.wd", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.98#52482: query: europe.cp.wd.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.cp.wd.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.98", + "port": 52482 + }, + "dns": { + "answers": [ + { + "data": "wd-prod-cp-eu.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.227", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.cp.wd.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "wd-prod-cp-eu.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.227", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.98#52482 (europe.cp.wd.microsoft.com.): answer: europe.cp.wd.microsoft.com. IN A (10.100.0.1) -> NOERROR 982 CNAME wd-prod-cp-eu.trafficmanager.net. 208 CNAME wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com. 5 A 198.51.100.227 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.cp.wd.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.255", + "port": 17520 + }, + "dns": { + "answers": [ + { + "data": "host077.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.23.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host077.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.255#17520 (198.51.100.23.in-addr.arpa.): answer: 198.51.100.23.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host077.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.23.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.159", + "port": 59616 + }, + "dns": { + "question": { + "class": "IN", + "name": "a1854.casalemedia.com", + "registered_domain": "casalemedia.com", + "subdomain": "a1854", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.159#59616: query: a1854.casalemedia.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "a1854.casalemedia.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.25", + "port": 57594 + }, + "dns": { + "question": { + "class": "IN", + "name": "host103.host103.example.net", + "registered_domain": "example.net", + "subdomain": "host103.host103", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.25#57594: query: host103.host103.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host103.host103.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.25", + "port": 57594 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.26", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host103.host103.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.26", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.25#57594 (host103.host103.example.net.): answer: host103.host103.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.26 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host103.host103.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56731 + }, + "dns": { + "question": { + "class": "IN", + "name": "host026.host026.example.net", + "registered_domain": "example.net", + "subdomain": "host026.host026", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731: query: host026.host026.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host026.host026.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56731 + }, + "dns": { + "question": { + "class": "IN", + "name": "host026.host026.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731 (host026.host026.example.net.): answer: host026.host026.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host026.host026.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.70", + "port": 57664 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.70#57664: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.159", + "port": 61850 + }, + "dns": { + "question": { + "class": "IN", + "name": "a1854.casalemedia.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.159#61850 (a1854.casalemedia.com.): answer: a1854.casalemedia.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "a1854.casalemedia.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.70", + "port": 57664 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.70#57664 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 56130 + }, + "dns": { + "question": { + "class": "IN", + "name": "star.fallback.c10r.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "star.fallback.c10r", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56130: query: star.fallback.c10r.instagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "star.fallback.c10r.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 56130 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.20", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "star.fallback.c10r.instagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.20", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#56130 (star.fallback.c10r.instagram.com.): answer: star.fallback.c10r.instagram.com. IN A (10.100.0.1) -> NOERROR 8 A 198.51.100.20 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "star.fallback.c10r.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.159", + "port": 59616 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.53", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "a1854.casalemedia.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.53", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.159#59616 (a1854.casalemedia.com.): answer: a1854.casalemedia.com. IN A (10.100.0.1) -> NOERROR 2554 A 198.51.100.53 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "a1854.casalemedia.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.188", + "port": 27352 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.google.com", + "registered_domain": "google.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.188#27352: query: www.google.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.188", + "port": 27352 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.google.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.188#27352 (www.google.com.): answer: www.google.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.119", + "port": 56834 + }, + "dns": { + "question": { + "class": "IN", + "name": "27-courier.push.apple.com", + "registered_domain": "apple.com", + "subdomain": "27-courier.push", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.119#56834: query: 27-courier.push.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "27-courier.push.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.119", + "port": 56834 + }, + "dns": { + "answers": [ + { + "data": "27.courier-push-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "eu-nw-courier-4.push-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.35", + "type": "A" + }, + { + "data": "198.51.100.38", + "type": "A" + }, + { + "data": "198.51.100.32", + "type": "A" + }, + { + "data": "198.51.100.37", + "type": "A" + }, + { + "data": "198.51.100.36", + "type": "A" + }, + { + "data": "198.51.100.33", + "type": "A" + }, + { + "data": "198.51.100.34", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "27-courier.push.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "27.courier-push-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "eu-nw-courier-4.push-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.35", + "type": "A" + }, + { + "data": "198.51.100.38", + "type": "A" + }, + { + "data": "198.51.100.32", + "type": "A" + }, + { + "data": "198.51.100.37", + "type": "A" + }, + { + "data": "198.51.100.36", + "type": "A" + }, + { + "data": "198.51.100.33", + "type": "A" + }, + { + "data": "198.51.100.34", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.119#56834 (27-courier.push.apple.com.): answer: 27-courier.push.apple.com. IN A (10.100.0.1) -> NOERROR 6530 CNAME 27.courier-push-apple.com.akadns.net. 51 CNAME eu-nw-courier-4.push-apple.com.akadns.net. 22 A 198.51.100.35 22 A 198.51.100.38 22 A 198.51.100.32 22 A 198.51.100.37 22 A 198.51.100.36 22 A 198.51.100.33 22 A 198.51.100.34 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "27-courier.push.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.108", + "port": 63521 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-office.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.108#63521: query: eu-office.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.108", + "port": 63521 + }, + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.108#63521 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.113", + "port": 52557 + }, + "dns": { + "question": { + "class": "IN", + "name": "settings-win.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "settings-win.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.113#52557: query: settings-win.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "settings-win.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.113", + "port": 52557 + }, + "dns": { + "answers": [ + { + "data": "atm-settingsfe-prod-geo2.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "settings-prod-weu-1.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.231", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "settings-win.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "atm-settingsfe-prod-geo2.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "settings-prod-weu-1.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.231", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.113#52557 (settings-win.data.microsoft.com.): answer: settings-win.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 454 CNAME atm-settingsfe-prod-geo2.trafficmanager.net. 1 CNAME settings-prod-weu-1.westeurope.cloudapp.azure.com. 2 A 198.51.100.231 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "settings-win.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.188", + "port": 22173 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.google.com", + "registered_domain": "google.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.188#22173: query: www.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.188", + "port": 22173 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.248", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.248", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.188#22173 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.244 115 A 198.51.100.249 115 A 198.51.100.246 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 115 A 198.51.100.248 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.35", + "port": 53568 + }, + "dns": { + "question": { + "class": "IN", + "name": "cdns.eu1.gigya.com", + "registered_domain": "gigya.com", + "subdomain": "cdns.eu1", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#53568: query: cdns.eu1.gigya.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cdns.eu1.gigya.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.35", + "port": 62386 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.tui.nl", + "registered_domain": "tui.nl", + "subdomain": "www", + "top_level_domain": "nl", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#62386: query: www.tui.nl IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.tui.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.35", + "port": 62386 + }, + "dns": { + "answers": [ + { + "data": "www.tui.nl-v1.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e116189.dsca.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.130", + "type": "A" + }, + { + "data": "198.51.100.127", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.tui.nl.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "www.tui.nl-v1.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e116189.dsca.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.130", + "type": "A" + }, + { + "data": "198.51.100.127", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#62386 (www.tui.nl.): answer: www.tui.nl. IN A (10.100.0.1) -> NOERROR 49 CNAME www.tui.nl-v1.edgekey.net. 645 CNAME e116189.dsca.akamaiedge.net. 0 A 198.51.100.130 0 A 198.51.100.127 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.tui.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 62730 + }, + "dns": { + "question": { + "class": "IN", + "name": "z-p42-chat-e2ee-ig.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "z-p42-chat-e2ee-ig", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#62730: query: z-p42-chat-e2ee-ig.facebook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "z-p42-chat-e2ee-ig.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 62730 + }, + "dns": { + "answers": [ + { + "data": "chat-e2ee-ig-p42.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.30", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "z-p42-chat-e2ee-ig.facebook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "chat-e2ee-ig-p42.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.30", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#62730 (z-p42-chat-e2ee-ig.facebook.com.): answer: z-p42-chat-e2ee-ig.facebook.com. IN A (10.100.0.1) -> NOERROR 2994 CNAME chat-e2ee-ig-p42.c10r.facebook.com. 36 A 198.51.100.30 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "z-p42-chat-e2ee-ig.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 54985 + }, + "dns": { + "question": { + "class": "IN", + "name": "benelph.de", + "registered_domain": "benelph.de", + "top_level_domain": "de", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#54985: query: benelph.de IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "benelph.de" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.13", + "port": 65356 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-office.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.13#65356: query: eu-office.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.144", + "port": 54084 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.icloud.com", + "registered_domain": "icloud.com", + "subdomain": "mask", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#54084: query: mask.icloud.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.13", + "port": 65356 + }, + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.13#65356 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.144", + "port": 54084 + }, + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "mask.icloud.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#54084 (mask.icloud.com.): answer: mask.icloud.com. IN TYPE65 (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.144", + "port": 64991 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.icloud.com", + "registered_domain": "icloud.com", + "subdomain": "mask", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#64991: query: mask.icloud.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.144", + "port": 64991 + }, + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mask.icloud.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#64991 (mask.icloud.com.): answer: mask.icloud.com. IN A (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. 3 A 198.51.100.42 3 A 198.51.100.41 3 A 198.51.100.45 3 A 198.51.100.46 3 A 198.51.100.43 3 A 198.51.100.44 3 A 198.51.100.40 3 A 198.51.100.47 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.13", + "port": 51416 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-office.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.13#51416: query: eu-office.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.13", + "port": 51416 + }, + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.13#51416 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 49816 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49816: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 49816 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49816 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.55", + "port": 60563 + }, + "dns": { + "question": { + "class": "IN", + "name": "pages.plasticsurgery.org", + "registered_domain": "plasticsurgery.org", + "subdomain": "pages", + "top_level_domain": "org", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.55#60563: query: pages.plasticsurgery.org IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pages.plasticsurgery.org" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 63448 + }, + "dns": { + "question": { + "class": "IN", + "name": "benelph.de", + "registered_domain": "benelph.de", + "top_level_domain": "de", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63448: query: benelph.de IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "benelph.de" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 49669 + }, + "dns": { + "question": { + "class": "IN", + "name": "host028.host028.example.net", + "registered_domain": "example.net", + "subdomain": "host028.host028", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669: query: host028.host028.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host028.host028.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 49669 + }, + "dns": { + "question": { + "class": "IN", + "name": "host028.host028.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669 (host028.host028.example.net.): answer: host028.host028.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host028.host028.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.5", + "port": 61023 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.5#61023: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.5", + "port": 61023 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.5#61023 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 54985 + }, + "dns": { + "question": { + "class": "IN", + "name": "benelph.de.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#54985 (benelph.de.): answer: benelph.de. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "benelph.de." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 49196 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49196: query: europe.smartscreen.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 49196 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49196 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 56229 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56229: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 56229 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56229 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 63331 + }, + "dns": { + "question": { + "class": "IN", + "name": "brwsrfrm.com", + "registered_domain": "brwsrfrm.com", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63331: query: brwsrfrm.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "brwsrfrm.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 51967 + }, + "dns": { + "question": { + "class": "IN", + "name": "clients.config.office.net", + "registered_domain": "office.net", + "subdomain": "clients.config", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51967: query: clients.config.office.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "clients.config.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 51967 + }, + "dns": { + "answers": [ + { + "data": "cloudpolicyclientsconfig.originmira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "atm.common.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "clients.config.office.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cloudpolicyclientsconfig.originmira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "atm.common.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51967 (clients.config.office.net.): answer: clients.config.office.net. IN TYPE65 (10.100.0.1) -> NOERROR 205 CNAME cloudpolicyclientsconfig.originmira.tm.svc.cloud.microsoft. 14 CNAME atm.common.mira.tm.svc.cloud.microsoft. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "clients.config.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 64591 + }, + "dns": { + "question": { + "class": "IN", + "name": "clients.config.office.net", + "registered_domain": "office.net", + "subdomain": "clients.config", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#64591: query: clients.config.office.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "clients.config.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 64591 + }, + "dns": { + "answers": [ + { + "data": "cloudpolicyclientsconfig.originmira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "atm.common.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "198.51.100.175", + "type": "A" + }, + { + "data": "198.51.100.169", + "type": "A" + }, + { + "data": "198.51.100.170", + "type": "A" + }, + { + "data": "198.51.100.173", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "clients.config.office.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cloudpolicyclientsconfig.originmira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "atm.common.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "198.51.100.175", + "type": "A" + }, + { + "data": "198.51.100.169", + "type": "A" + }, + { + "data": "198.51.100.170", + "type": "A" + }, + { + "data": "198.51.100.173", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#64591 (clients.config.office.net.): answer: clients.config.office.net. IN A (10.100.0.1) -> NOERROR 205 CNAME cloudpolicyclientsconfig.originmira.tm.svc.cloud.microsoft. 14 CNAME atm.common.mira.tm.svc.cloud.microsoft. 3 A 198.51.100.175 3 A 198.51.100.169 3 A 198.51.100.170 3 A 198.51.100.173 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "clients.config.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 63448 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.232", + "type": "A" + }, + { + "data": "198.51.100.222", + "type": "A" + }, + { + "data": "198.51.100.226", + "type": "A" + }, + { + "data": "198.51.100.229", + "type": "A" + }, + { + "data": "198.51.100.234", + "type": "A" + }, + { + "data": "198.51.100.225", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.223", + "type": "A" + }, + { + "data": "198.51.100.217", + "type": "A" + }, + { + "data": "198.51.100.219", + "type": "A" + }, + { + "data": "198.51.100.221", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.224", + "type": "A" + }, + { + "data": "198.51.100.227", + "type": "A" + }, + { + "data": "198.51.100.216", + "type": "A" + }, + { + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "benelph.de.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.232", + "type": "A" + }, + { + "data": "198.51.100.222", + "type": "A" + }, + { + "data": "198.51.100.226", + "type": "A" + }, + { + "data": "198.51.100.229", + "type": "A" + }, + { + "data": "198.51.100.234", + "type": "A" + }, + { + "data": "198.51.100.225", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.223", + "type": "A" + }, + { + "data": "198.51.100.217", + "type": "A" + }, + { + "data": "198.51.100.219", + "type": "A" + }, + { + "data": "198.51.100.221", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.224", + "type": "A" + }, + { + "data": "198.51.100.227", + "type": "A" + }, + { + "data": "198.51.100.216", + "type": "A" + }, + { + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63448 (benelph.de.): answer: benelph.de. IN A (10.100.0.1) -> NOERROR 264 A 198.51.100.232 264 A 198.51.100.222 264 A 198.51.100.226 264 A 198.51.100.229 264 A 198.51.100.234 264 A 198.51.100.225 264 A 198.51.100.235 264 A 198.51.100.223 264 A 198.51.100.217 264 A 198.51.100.219 264 A 198.51.100.221 264 A 198.51.100.218 264 A 198.51.100.224 264 A 198.51.100.227 264 A 198.51.100.216 264 A" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "benelph.de." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 55028 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edge", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#55028: query: edge.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 52867 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edge", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52867: query: edge.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 55028 + }, + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "edge.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#55028 (edge.microsoft.com.): answer: edge.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 52867 + }, + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + }, + { + "data": "ax-0002.ax-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.3", + "type": "A" + }, + { + "data": "198.51.100.4", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edge.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + }, + { + "data": "ax-0002.ax-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.3", + "type": "A" + }, + { + "data": "198.51.100.4", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52867 (edge.microsoft.com.): answer: edge.microsoft.com. IN A (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. 80 CNAME ax-0002.ax-dc-msedge.net. 5 A 198.51.100.3 5 A 198.51.100.4 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.50", + "port": 53035 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#53035: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.96", + "port": 59390 + }, + "dns": { + "question": { + "class": "IN", + "name": "teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "teams", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.96#59390: query: teams.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.96", + "port": 59390 + }, + "dns": { + "answers": [ + { + "data": "teams.office.com.", + "type": "CNAME" + }, + { + "data": "tmc-g2.tm-4.office.com.", + "type": "CNAME" + }, + { + "data": "teams-office-com.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.252", + "type": "A" + }, + { + "data": "198.51.100.251", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "teams.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "teams.office.com.", + "type": "CNAME" + }, + { + "data": "tmc-g2.tm-4.office.com.", + "type": "CNAME" + }, + { + "data": "teams-office-com.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.252", + "type": "A" + }, + { + "data": "198.51.100.251", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.96#59390 (teams.microsoft.com.): answer: teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 95863 CNAME teams.office.com. 29 CNAME tmc-g2.tm-4.office.com. 22 CNAME teams-office-com.s-0005.dual-s-msedge.net. 101 CNAME s-0005.dual-s-msedge.net. 25 A 198.51.100.252 25 A 198.51.100.251 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.50", + "port": 53035 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#53035 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.96", + "port": 51074 + }, + "dns": { + "question": { + "class": "IN", + "name": "teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "teams", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.96#51074: query: teams.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.96", + "port": 51074 + }, + "dns": { + "answers": [ + { + "data": "teams.office.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "teams.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "teams.office.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.96#51074 (teams.microsoft.com.): answer: teams.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 95863 CNAME teams.office.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56731 + }, + "dns": { + "question": { + "class": "IN", + "name": "host030.host030.example.net", + "registered_domain": "example.net", + "subdomain": "host030.host030", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731: query: host030.host030.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host030.host030.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56731 + }, + "dns": { + "question": { + "class": "IN", + "name": "host030.host030.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731 (host030.host030.example.net.): answer: host030.host030.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host030.host030.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 60016 + }, + "dns": { + "question": { + "class": "IN", + "name": "bag.itunes.apple.com", + "registered_domain": "apple.com", + "subdomain": "bag.itunes", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#60016: query: bag.itunes.apple.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "bag.itunes.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 60016 + }, + "dns": { + "answers": [ + { + "data": "bag-cdn.itunes-apple.com.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "bag.itunes.apple.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "bag-cdn.itunes-apple.com.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#60016 (bag.itunes.apple.com.): answer: bag.itunes.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 3189 CNAME bag-cdn.itunes-apple.com.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "bag.itunes.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 49940 + }, + "dns": { + "question": { + "class": "IN", + "name": "configuration.apple.com", + "registered_domain": "apple.com", + "subdomain": "configuration", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#49940: query: configuration.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "configuration.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 52786 + }, + "dns": { + "question": { + "class": "IN", + "name": "configuration.apple.com", + "registered_domain": "apple.com", + "subdomain": "configuration", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#52786: query: configuration.apple.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "configuration.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 52786 + }, + "dns": { + "answers": [ + { + "data": "configuration.apple.com.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "configuration.apple.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "configuration.apple.com.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#52786 (configuration.apple.com.): answer: configuration.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 38606 CNAME configuration.apple.com.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "configuration.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.38", + "port": 62332 + }, + "dns": { + "question": { + "class": "IN", + "name": "api2.cursor.sh", + "registered_domain": "cursor.sh", + "subdomain": "api2", + "top_level_domain": "sh", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.38#62332: query: api2.cursor.sh IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api2.cursor.sh" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 55554 + }, + "dns": { + "question": { + "class": "IN", + "name": "brwsrfrm.com", + "registered_domain": "brwsrfrm.com", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#55554: query: brwsrfrm.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "brwsrfrm.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 50952 + }, + "dns": { + "question": { + "class": "IN", + "name": "bag.itunes.apple.com", + "registered_domain": "apple.com", + "subdomain": "bag.itunes", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#50952: query: bag.itunes.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "bag.itunes.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 50952 + }, + "dns": { + "answers": [ + { + "data": "bag-cdn.itunes-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "bag-cdn-lb.itunes-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "h3.apis.apple.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.13", + "type": "A" + }, + { + "data": "198.51.100.16", + "type": "A" + }, + { + "data": "198.51.100.8", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "bag.itunes.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "bag-cdn.itunes-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "bag-cdn-lb.itunes-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "h3.apis.apple.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.13", + "type": "A" + }, + { + "data": "198.51.100.16", + "type": "A" + }, + { + "data": "198.51.100.8", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#50952 (bag.itunes.apple.com.): answer: bag.itunes.apple.com. IN A (10.100.0.1) -> NOERROR 3190 CNAME bag-cdn.itunes-apple.com.akadns.net. 518 CNAME bag-cdn-lb.itunes-apple.com.akadns.net. 134 CNAME h3.apis.apple.map.fastly.net. 30 A 198.51.100.11 30 A 198.51.100.13 30 A 198.51.100.16 30 A 198.51.100.8 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "bag.itunes.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.60", + "port": 53347 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-mobile.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.60#53347: query: eu-mobile.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.144", + "port": 61139 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "mask", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#61139: query: mask.apple-dns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.60", + "port": 53347 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.60#53347 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.144", + "port": 61139 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.144#61139 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.235", + "port": 43542 + }, + "dns": { + "question": { + "class": "IN", + "name": "hbase-rs.node6.isieca.eca.local", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.235#43542: query: hbase-rs.node6.isieca.eca.local IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "hbase-rs.node6.isieca.eca.local" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.235", + "port": 43542 + }, + "dns": { + "question": { + "class": "IN", + "name": "hbase-rs.node6.isieca.eca.local.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.235#43542 (hbase-rs.node6.isieca.eca.local.): answer: hbase-rs.node6.isieca.eca.local. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "hbase-rs.node6.isieca.eca.local." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 63331 + }, + "dns": { + "question": { + "class": "IN", + "name": "brwsrfrm.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#63331 (brwsrfrm.com.): answer: brwsrfrm.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "brwsrfrm.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.86", + "port": 58372 + }, + "dns": { + "question": { + "class": "IN", + "name": "enterpriseregistration.windows.net", + "registered_domain": "windows.net", + "subdomain": "enterpriseregistration", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.86#58372: query: enterpriseregistration.windows.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "enterpriseregistration.windows.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.86", + "port": 58372 + }, + "dns": { + "answers": [ + { + "data": "na.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "prdf.aadg.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.f.prd.aadg.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.212", + "type": "A" + }, + { + "data": "198.51.100.213", + "type": "A" + }, + { + "data": "198.51.100.150", + "type": "A" + }, + { + "data": "198.51.100.215", + "type": "A" + }, + { + "data": "198.51.100.152", + "type": "A" + }, + { + "data": "198.51.100.151", + "type": "A" + }, + { + "data": "198.51.100.214", + "type": "A" + }, + { + "data": "40.126.", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "enterpriseregistration.windows.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "na.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "prdf.aadg.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.f.prd.aadg.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.212", + "type": "A" + }, + { + "data": "198.51.100.213", + "type": "A" + }, + { + "data": "198.51.100.150", + "type": "A" + }, + { + "data": "198.51.100.215", + "type": "A" + }, + { + "data": "198.51.100.152", + "type": "A" + }, + { + "data": "198.51.100.151", + "type": "A" + }, + { + "data": "198.51.100.214", + "type": "A" + }, + { + "data": "40.126.", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.86#58372 (enterpriseregistration.windows.net.): answer: enterpriseregistration.windows.net. IN A (10.100.0.1) -> NOERROR 1792 CNAME na.privatelink.msidentity.com. 129 CNAME prdf.aadg.msidentity.com. 21 CNAME www.tm.f.prd.aadg.akadns.net. 291 A 198.51.100.212 291 A 198.51.100.213 291 A 198.51.100.150 291 A 198.51.100.215 291 A 198.51.100.152 291 A 198.51.100.151 291 A 198.51.100.214 291 A 40.126." + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "enterpriseregistration.windows.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 52932 + }, + "dns": { + "question": { + "class": "IN", + "name": "testorg.sharepoint.com", + "registered_domain": "sharepoint.com", + "subdomain": "testorg", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52932: query: testorg.sharepoint.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.sharepoint.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 52932 + }, + "dns": { + "answers": [ + { + "data": "1271-ipv4v6s.clump.dprodmgd104.aa-rt.sharepoint.com.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6s.farm.dprodmgd104.aa-rt.sharepoint.com.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6g.farm.dprodmgd104.sharepointonline.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spo-0005.sp", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "testorg.sharepoint.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "1271-ipv4v6s.clump.dprodmgd104.aa-rt.sharepoint.com.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6s.farm.dprodmgd104.aa-rt.sharepoint.com.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6g.farm.dprodmgd104.sharepointonline.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spo-0005.sp", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52932 (testorg.sharepoint.com.): answer: testorg.sharepoint.com. IN TYPE65 (10.100.0.1) -> NOERROR 3484 CNAME 1271-ipv4v6s.clump.dprodmgd104.aa-rt.sharepoint.com. 22 CNAME 189376-ipv4v6s.farm.dprodmgd104.aa-rt.sharepoint.com. 3 CNAME 189376-ipv4v6g.farm.dprodmgd104.sharepointonline.com.akadns.net. 260 CNAME 189376-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spo-0005.sp" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.sharepoint.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.12", + "port": 63585 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.12#63585: query: example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.12", + "port": 63585 + }, + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "question": { + "class": "IN", + "name": "example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.12#63585 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 58829 + }, + "dns": { + "question": { + "class": "IN", + "name": "testorg.sharepoint.com", + "registered_domain": "sharepoint.com", + "subdomain": "testorg", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58829: query: testorg.sharepoint.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.sharepoint.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 58829 + }, + "dns": { + "answers": [ + { + "data": "1271-ipv4v6s.clump.dprodmgd104.aa-rt.sharepoint.com.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6s.farm.dprodmgd104.aa-rt.sharepoint.com.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6g.farm.dprodmgd104.sharepointonline.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spo-0005.spo-mse", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "testorg.sharepoint.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "1271-ipv4v6s.clump.dprodmgd104.aa-rt.sharepoint.com.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6s.farm.dprodmgd104.aa-rt.sharepoint.com.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6g.farm.dprodmgd104.sharepointonline.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "189376-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spo-0005.spo-mse", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58829 (testorg.sharepoint.com.): answer: testorg.sharepoint.com. IN A (10.100.0.1) -> NOERROR 3484 CNAME 1271-ipv4v6s.clump.dprodmgd104.aa-rt.sharepoint.com. 22 CNAME 189376-ipv4v6s.farm.dprodmgd104.aa-rt.sharepoint.com. 3 CNAME 189376-ipv4v6g.farm.dprodmgd104.sharepointonline.com.akadns.net. 260 CNAME 189376-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com.dual-spo-0005.spo-mse" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.sharepoint.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 49669 + }, + "dns": { + "question": { + "class": "IN", + "name": "wpad.canbus.net", + "registered_domain": "canbus.net", + "subdomain": "wpad", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669: query: wpad.canbus.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wpad.canbus.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 49669 + }, + "dns": { + "question": { + "class": "IN", + "name": "wpad.canbus.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669 (wpad.canbus.net.): answer: wpad.canbus.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wpad.canbus.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.128", + "port": 55554 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.224", + "type": "A" + }, + { + "data": "198.51.100.225", + "type": "A" + }, + { + "data": "198.51.100.222", + "type": "A" + }, + { + "data": "198.51.100.234", + "type": "A" + }, + { + "data": "198.51.100.216", + "type": "A" + }, + { + "data": "198.51.100.217", + "type": "A" + }, + { + "data": "198.51.100.233", + "type": "A" + }, + { + "data": "198.51.100.231", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.227", + "type": "A" + }, + { + "data": "198.51.100.230", + "type": "A" + }, + { + "data": "198.51.100.229", + "type": "A" + }, + { + "data": "198.51.100.228", + "type": "A" + }, + { + "data": "198.51.100.220 10", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "brwsrfrm.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.224", + "type": "A" + }, + { + "data": "198.51.100.225", + "type": "A" + }, + { + "data": "198.51.100.222", + "type": "A" + }, + { + "data": "198.51.100.234", + "type": "A" + }, + { + "data": "198.51.100.216", + "type": "A" + }, + { + "data": "198.51.100.217", + "type": "A" + }, + { + "data": "198.51.100.233", + "type": "A" + }, + { + "data": "198.51.100.231", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.227", + "type": "A" + }, + { + "data": "198.51.100.230", + "type": "A" + }, + { + "data": "198.51.100.229", + "type": "A" + }, + { + "data": "198.51.100.228", + "type": "A" + }, + { + "data": "198.51.100.220 10", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.128#55554 (brwsrfrm.com.): answer: brwsrfrm.com. IN A (10.100.0.1) -> NOERROR 104 A 198.51.100.218 104 A 198.51.100.224 104 A 198.51.100.225 104 A 198.51.100.222 104 A 198.51.100.234 104 A 198.51.100.216 104 A 198.51.100.217 104 A 198.51.100.233 104 A 198.51.100.231 104 A 198.51.100.235 104 A 198.51.100.227 104 A 198.51.100.230 104 A 198.51.100.229 104 A 198.51.100.228 104 A 198.51.100.220 10" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "brwsrfrm.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52689 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net", + "registered_domain": "example.net", + "subdomain": "host037", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689: query: host037.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52689 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689 (host037.example.net.): answer: host037.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52689 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net", + "registered_domain": "example.net", + "subdomain": "host037", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689: query: host037.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52689 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.14", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host037.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.14", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689 (host037.example.net.): answer: host037.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.14 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52689 + }, + "dns": { + "question": { + "class": "IN", + "name": "host041.host041.host041.example.net", + "registered_domain": "example.net", + "subdomain": "host041.host041.host041", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689: query: host041.host041.host041.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host041.host041.host041.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.176", + "port": 50469 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.176#50469: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.176", + "port": 50469 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.176#50469 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52689 + }, + "dns": { + "question": { + "class": "IN", + "name": "host041.host041.host041.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52689 (host041.host041.host041.example.net.): answer: host041.host041.host041.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host041.host041.host041.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56731 + }, + "dns": { + "question": { + "class": "IN", + "name": "wpad.acds.canon-europe.com", + "registered_domain": "canon-europe.com", + "subdomain": "wpad.acds", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731: query: wpad.acds.canon-europe.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wpad.acds.canon-europe.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.6", + "port": 60085 + }, + "dns": { + "question": { + "class": "IN", + "name": "host019.example.net", + "registered_domain": "example.net", + "subdomain": "host019", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.6#60085: query: host019.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host019.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.6", + "port": 60085 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.8", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host019.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.8", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.6#60085 (host019.example.net.): answer: host019.example.net. IN A (10.100.0.1) -> NOERROR 180 A 10.1.1.8 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host019.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.124", + "port": 57628 + }, + "dns": { + "question": { + "class": "IN", + "name": "host019.example.net", + "registered_domain": "example.net", + "subdomain": "host019", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.124#57628: query: host019.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host019.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.124", + "port": 57628 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.8", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host019.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.8", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.124#57628 (host019.example.net.): answer: host019.example.net. IN A (10.100.0.1) -> NOERROR 180 A 10.1.1.8 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host019.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.62", + "port": 1026 + }, + "dns": { + "question": { + "class": "IN", + "name": "host104.example.net", + "registered_domain": "example.net", + "subdomain": "host104", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.62#1026: query: host104.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host104.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.62", + "port": 1026 + }, + "dns": { + "answers": [ + { + "data": "172.16.2.61", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host105.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "172.16.2.61", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.62#1026 (host105.example.net.): answer: host105.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 172.16.2.61 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host105.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.35", + "port": 53568 + }, + "dns": { + "answers": [ + { + "data": "d18uol17ln7pq5.cloudfront.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.101", + "type": "A" + }, + { + "data": "198.51.100.103", + "type": "A" + }, + { + "data": "198.51.100.102", + "type": "A" + }, + { + "data": "198.51.100.100", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "cdns.eu1.gigya.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "d18uol17ln7pq5.cloudfront.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.101", + "type": "A" + }, + { + "data": "198.51.100.103", + "type": "A" + }, + { + "data": "198.51.100.102", + "type": "A" + }, + { + "data": "198.51.100.100", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#53568 (cdns.eu1.gigya.com.): answer: cdns.eu1.gigya.com. IN A (10.100.0.1) -> NOERROR 46 CNAME d18uol17ln7pq5.cloudfront.net. 2 A 198.51.100.101 2 A 198.51.100.103 2 A 198.51.100.102 2 A 198.51.100.100 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cdns.eu1.gigya.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 53142 + }, + "dns": { + "question": { + "class": "IN", + "name": "configuration.apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "configuration.apple.com", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#53142: query: configuration.apple.com.akadns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "configuration.apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 53142 + }, + "dns": { + "answers": [ + { + "data": "configuration-row-lb.apple.com.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "configuration.apple.com.akadns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "configuration-row-lb.apple.com.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#53142 (configuration.apple.com.akadns.net.): answer: configuration.apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 13 CNAME configuration-row-lb.apple.com.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "configuration.apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.124", + "port": 63372 + }, + "dns": { + "question": { + "class": "IN", + "name": "officeclient.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "officeclient", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.124#63372: query: officeclient.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "officeclient.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.124", + "port": 63372 + }, + "dns": { + "answers": [ + { + "data": "config.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "prod.configsvc1.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "europe.configsvc1.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "config-prod-weightedww.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "atm.office.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "198.51.100.237", + "type": "A" + }, + { + "data": "198.51.100.239", + "type": "A" + }, + { + "data": "52.11", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "officeclient.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "config.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "prod.configsvc1.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "europe.configsvc1.live.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "config-prod-weightedww.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "atm.office.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "198.51.100.237", + "type": "A" + }, + { + "data": "198.51.100.239", + "type": "A" + }, + { + "data": "52.11", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.124#63372 (officeclient.microsoft.com.): answer: officeclient.microsoft.com. IN A (10.100.0.1) -> NOERROR 858 CNAME config.officeapps.live.com. 903 CNAME prod.configsvc1.live.com.akadns.net. 11 CNAME europe.configsvc1.live.com.akadns.net. 249 CNAME config-prod-weightedww.trafficmanager.net. 54 CNAME atm.office.mira.tm.svc.cloud.microsoft. 9 A 198.51.100.237 9 A 198.51.100.239 9 A 52.11" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "officeclient.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 52968 + }, + "dns": { + "question": { + "class": "IN", + "name": "bag-cdn.itunes-apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "bag-cdn.itunes-apple.com", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#52968: query: bag-cdn.itunes-apple.com.akadns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "bag-cdn.itunes-apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 52968 + }, + "dns": { + "answers": [ + { + "data": "bag-cdn-lb.itunes-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "h3.apis.apple.map.fastly.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "bag-cdn.itunes-apple.com.akadns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "bag-cdn-lb.itunes-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "h3.apis.apple.map.fastly.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#52968 (bag-cdn.itunes-apple.com.akadns.net.): answer: bag-cdn.itunes-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 517 CNAME bag-cdn-lb.itunes-apple.com.akadns.net. 133 CNAME h3.apis.apple.map.fastly.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "bag-cdn.itunes-apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.6", + "port": 51330 + }, + "dns": { + "question": { + "class": "IN", + "name": "host022.host022.example.net", + "registered_domain": "example.net", + "subdomain": "host022.host022", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.6#51330: query: host022.host022.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host022.host022.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.6", + "port": 51330 + }, + "dns": { + "question": { + "class": "IN", + "name": "host023.host023.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.6#51330 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host023.host023.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.5", + "port": 56033 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#56033: query: host007.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.5", + "port": 56033 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#56033: query: host007.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.5", + "port": 56033 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#56033 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.5", + "port": 56033 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#56033 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 58919 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.icloud.com", + "registered_domain": "icloud.com", + "subdomain": "mask", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#58919: query: mask.icloud.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 58919 + }, + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "mask.icloud.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#58919 (mask.icloud.com.): answer: mask.icloud.com. IN TYPE65 (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.33", + "port": 54504 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.33#54504: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.33", + "port": 54504 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.33#54504 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 50582 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.icloud.com", + "registered_domain": "icloud.com", + "subdomain": "mask", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#50582: query: mask.icloud.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 50582 + }, + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.47", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mask.icloud.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.47", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#50582 (mask.icloud.com.): answer: mask.icloud.com. IN A (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. 3 A 198.51.100.47 3 A 198.51.100.42 3 A 198.51.100.41 3 A 198.51.100.45 3 A 198.51.100.46 3 A 198.51.100.43 3 A 198.51.100.44 3 A 198.51.100.40 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.40", + "port": 56746 + }, + "dns": { + "question": { + "class": "IN", + "name": "msedge.b.tlu.dl.delivery.mp.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "msedge.b.tlu.dl.delivery.mp", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.40#56746: query: msedge.b.tlu.dl.delivery.mp.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "msedge.b.tlu.dl.delivery.mp.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.40", + "port": 56746 + }, + "dns": { + "answers": [ + { + "data": "star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com.", + "type": "CNAME" + }, + { + "data": "cdp-f-tlu-net.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "wildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1847.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.69", + "type": "A" + }, + { + "data": "96.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "msedge.b.tlu.dl.delivery.mp.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com.", + "type": "CNAME" + }, + { + "data": "cdp-f-tlu-net.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "wildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1847.dscd.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.69", + "type": "A" + }, + { + "data": "96.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.40#56746 (msedge.b.tlu.dl.delivery.mp.microsoft.com.): answer: msedge.b.tlu.dl.delivery.mp.microsoft.com. IN A (10.100.0.1) -> NOERROR 167 CNAME star.b.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com. 5168 CNAME cdp-f-tlu-net.trafficmanager.net. 51 CNAME wildcard.f.tlu.dl.delivery.mp.microsoft.com.edgesuite.net. 3735 CNAME a1847.dscd.akamai.net. 2 A 198.51.100.69 2 A 96.1" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "msedge.b.tlu.dl.delivery.mp.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 55168 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edge", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#55168: query: edge.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 55168 + }, + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "edge.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#55168 (edge.microsoft.com.): answer: edge.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 58590 + }, + "dns": { + "question": { + "class": "IN", + "name": "edge.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edge", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58590: query: edge.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 58590 + }, + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + }, + { + "data": "ax-0002.ax-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.3", + "type": "A" + }, + { + "data": "198.51.100.4", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edge.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-microsoft-com.ax-0002.ax-msedge.net.", + "type": "CNAME" + }, + { + "data": "ax-0002.ax-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.3", + "type": "A" + }, + { + "data": "198.51.100.4", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58590 (edge.microsoft.com.): answer: edge.microsoft.com. IN A (10.100.0.1) -> NOERROR 626 CNAME edge-microsoft-com.ax-0002.ax-msedge.net. 80 CNAME ax-0002.ax-dc-msedge.net. 5 A 198.51.100.3 5 A 198.51.100.4 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edge.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 50468 + }, + "dns": { + "question": { + "class": "IN", + "name": "instagram.c10r.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "instagram.c10r", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#50468: query: instagram.c10r.instagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "instagram.c10r.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 50468 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.27", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "instagram.c10r.instagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.27", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#50468 (instagram.c10r.instagram.com.): answer: instagram.c10r.instagram.com. IN A (10.100.0.1) -> NOERROR 36 A 198.51.100.27 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "instagram.c10r.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 56731 + }, + "dns": { + "question": { + "class": "IN", + "name": "wpad.acds.canon-europe.com.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#56731 (wpad.acds.canon-europe.com.): answer: wpad.acds.canon-europe.com. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "wpad.acds.canon-europe.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.171", + "port": 49449 + }, + "dns": { + "question": { + "class": "IN", + "name": "captive-cidr.origin-apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "captive-cidr.origin-apple.com", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.171#49449: query: captive-cidr.origin-apple.com.akadns.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "captive-cidr.origin-apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.171", + "port": 49449 + }, + "dns": { + "answers": [ + { + "data": "captive-geo.origin-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "captive.g.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.52", + "type": "A" + }, + { + "data": "198.51.100.57", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "captive-cidr.origin-apple.com.akadns.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "captive-geo.origin-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "captive.g.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.52", + "type": "A" + }, + { + "data": "198.51.100.57", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.171#49449 (captive-cidr.origin-apple.com.akadns.net.): answer: captive-cidr.origin-apple.com.akadns.net. IN A (10.100.0.1) -> NOERROR 281 CNAME captive-geo.origin-apple.com.akadns.net. 52 CNAME captive.g.aaplimg.com. 5 A 198.51.100.52 5 A 198.51.100.57 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "captive-cidr.origin-apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.171", + "port": 64568 + }, + "dns": { + "question": { + "class": "IN", + "name": "captive-cidr.origin-apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "captive-cidr.origin-apple.com", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.171#64568: query: captive-cidr.origin-apple.com.akadns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "captive-cidr.origin-apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.159", + "port": 56013 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-teams.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.159#56013: query: eu-teams.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.159", + "port": 56013 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.159#56013 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.75", + "port": 64780 + }, + "dns": { + "question": { + "class": "IN", + "name": "ps.pndsn.com", + "registered_domain": "pndsn.com", + "subdomain": "ps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.75#64780: query: ps.pndsn.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ps.pndsn.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.75", + "port": 64780 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.199", + "type": "A" + }, + { + "data": "198.51.100.200", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ps.pndsn.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.199", + "type": "A" + }, + { + "data": "198.51.100.200", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.75#64780 (ps.pndsn.com.): answer: ps.pndsn.com. IN A (10.100.0.1) -> NOERROR 275 A 198.51.100.199 275 A 198.51.100.200 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ps.pndsn.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.79", + "port": 61599 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.79#61599: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.79", + "port": 61599 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.79#61599 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.80", + "port": 59144 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.80#59144: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.80", + "port": 59144 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.80#59144 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.15", + "port": 53168 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.15#53168: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.15", + "port": 53168 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.15#53168 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 49940 + }, + "dns": { + "answers": [ + { + "data": "configuration.apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "configuration-row-lb.apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "configuration.v.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.57", + "type": "A" + }, + { + "data": "198.51.100.52", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "configuration.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "configuration.apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "configuration-row-lb.apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "configuration.v.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.57", + "type": "A" + }, + { + "data": "198.51.100.52", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#49940 (configuration.apple.com.): answer: configuration.apple.com. IN A (10.100.0.1) -> NOERROR 38606 CNAME configuration.apple.com.akadns.net. 13 CNAME configuration-row-lb.apple.com.akadns.net. 30 CNAME configuration.v.aaplimg.com. 15 A 198.51.100.57 15 A 198.51.100.52 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "configuration.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.171", + "port": 64568 + }, + "dns": { + "answers": [ + { + "data": "captive-geo.origin-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "captive.g.aaplimg.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "captive-cidr.origin-apple.com.akadns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "captive-geo.origin-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "captive.g.aaplimg.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.171#64568 (captive-cidr.origin-apple.com.akadns.net.): answer: captive-cidr.origin-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 281 CNAME captive-geo.origin-apple.com.akadns.net. 52 CNAME captive.g.aaplimg.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "captive-cidr.origin-apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.124", + "port": 54829 + }, + "dns": { + "question": { + "class": "IN", + "name": "host022.host022.example.net", + "registered_domain": "example.net", + "subdomain": "host022.host022", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.124#54829: query: host022.host022.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host022.host022.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.124", + "port": 54829 + }, + "dns": { + "question": { + "class": "IN", + "name": "host023.host023.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.124#54829 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host023.host023.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 61703 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "mask", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61703: query: mask.apple-dns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.133", + "port": 61703 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.133#61703 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 54005 + }, + "dns": { + "question": { + "class": "IN", + "name": "configuration-row-lb.apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "configuration-row-lb.apple.com", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#54005: query: configuration-row-lb.apple.com.akadns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "configuration-row-lb.apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.57", + "port": 60230 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.57#60230: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.57", + "port": 60230 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.57#60230 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.156", + "port": 62018 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.156#62018: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.156", + "port": 62018 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.156#62018 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.57", + "port": 50177 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.57#50177: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.57", + "port": 50177 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.57#50177 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.83", + "port": 59693 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.83#59693: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.83", + "port": 59693 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.83#59693 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.38", + "port": 62332 + }, + "dns": { + "answers": [ + { + "data": "api2geo.cursor.sh.", + "type": "CNAME" + }, + { + "data": "api2direct.cursor.sh.", + "type": "CNAME" + }, + { + "data": "198.51.100.195", + "type": "A" + }, + { + "data": "198.51.100.14", + "type": "A" + }, + { + "data": "198.51.100.186", + "type": "A" + }, + { + "data": "198.51.100.4", + "type": "A" + }, + { + "data": "198.51.100.185", + "type": "A" + }, + { + "data": "198.51.100.83", + "type": "A" + }, + { + "data": "198.51.100.178", + "type": "A" + }, + { + "data": "198.51.100.185", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "api2.cursor.sh.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "api2geo.cursor.sh.", + "type": "CNAME" + }, + { + "data": "api2direct.cursor.sh.", + "type": "CNAME" + }, + { + "data": "198.51.100.195", + "type": "A" + }, + { + "data": "198.51.100.14", + "type": "A" + }, + { + "data": "198.51.100.186", + "type": "A" + }, + { + "data": "198.51.100.4", + "type": "A" + }, + { + "data": "198.51.100.185", + "type": "A" + }, + { + "data": "198.51.100.83", + "type": "A" + }, + { + "data": "198.51.100.178", + "type": "A" + }, + { + "data": "198.51.100.185", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.38#62332 (api2.cursor.sh.): answer: api2.cursor.sh. IN A (10.100.0.1) -> NOERROR 300 CNAME api2geo.cursor.sh. 300 CNAME api2direct.cursor.sh. 12 A 198.51.100.195 12 A 198.51.100.14 12 A 198.51.100.186 12 A 198.51.100.4 12 A 198.51.100.185 12 A 198.51.100.83 12 A 198.51.100.178 12 A 198.51.100.185 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api2.cursor.sh." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 49669 + }, + "dns": { + "question": { + "class": "IN", + "name": "host106.host106.example.net", + "registered_domain": "example.net", + "subdomain": "host106.host106", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669: query: host106.host106.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host106.host106.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 48380 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.236.in-addr.arpa", + "registered_domain": "236.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48380: query: 198.51.100.236.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.236.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 48380 + }, + "dns": { + "answers": [ + { + "data": "host107.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.236.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host107.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48380 (198.51.100.236.in-addr.arpa.): answer: 198.51.100.236.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host107.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.236.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.131", + "port": 63891 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.131#63891: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.131", + "port": 63891 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.131#63891 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.175", + "port": 64788 + }, + "dns": { + "question": { + "class": "IN", + "name": "forum.viva.nl", + "registered_domain": "viva.nl", + "subdomain": "forum", + "top_level_domain": "nl", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#64788: query: forum.viva.nl IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "forum.viva.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.175", + "port": 63931 + }, + "dns": { + "question": { + "class": "IN", + "name": "forum.viva.nl", + "registered_domain": "viva.nl", + "subdomain": "forum", + "top_level_domain": "nl", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#63931: query: forum.viva.nl IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "forum.viva.nl" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 50878 + }, + "dns": { + "question": { + "class": "IN", + "name": "test-gateway.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "test-gateway", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#50878: query: test-gateway.instagram.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "test-gateway.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 50878 + }, + "dns": { + "answers": [ + { + "data": "dgw-ig.c10r.facebook.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "test-gateway.instagram.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dgw-ig.c10r.facebook.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#50878 (test-gateway.instagram.com.): answer: test-gateway.instagram.com. IN TYPE65 (10.100.0.1) -> NOERROR 2033 CNAME dgw-ig.c10r.facebook.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "test-gateway.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.50", + "port": 53836 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#53836: query: host007.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.50", + "port": 53836 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#53836 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 59915 + }, + "dns": { + "question": { + "class": "IN", + "name": "test-gateway.instagram.com", + "registered_domain": "instagram.com", + "subdomain": "test-gateway", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#59915: query: test-gateway.instagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "test-gateway.instagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 59915 + }, + "dns": { + "answers": [ + { + "data": "dgw-ig.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.28", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "test-gateway.instagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dgw-ig.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.28", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#59915 (test-gateway.instagram.com.): answer: test-gateway.instagram.com. IN A (10.100.0.1) -> NOERROR 2033 CNAME dgw-ig.c10r.facebook.com. 8 A 198.51.100.28 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "test-gateway.instagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.62", + "port": 51018 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.62#51018: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.62", + "port": 51018 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.62#51018 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.182", + "port": 60559 + }, + "dns": { + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "browser.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.182#60559: query: browser.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.182", + "port": 60559 + }, + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.182#60559 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.243", + "port": 63757 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.243#63757: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.243", + "port": 63757 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.243#63757 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.125", + "port": 54005 + }, + "dns": { + "answers": [ + { + "data": "configuration.v.aaplimg.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "configuration-row-lb.apple.com.akadns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "configuration.v.aaplimg.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.125#54005 (configuration-row-lb.apple.com.akadns.net.): answer: configuration-row-lb.apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 30 CNAME configuration.v.aaplimg.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "configuration-row-lb.apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52692 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net", + "registered_domain": "example.net", + "subdomain": "host037", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692: query: host037.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52692 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692 (host037.example.net.): answer: host037.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52692 + }, + "dns": { + "question": { + "class": "IN", + "name": "host037.example.net", + "registered_domain": "example.net", + "subdomain": "host037", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692: query: host037.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52692 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.14", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host037.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.14", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692 (host037.example.net.): answer: host037.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.1.14 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host037.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52692 + }, + "dns": { + "question": { + "class": "IN", + "name": "host041.host041.host041.example.net", + "registered_domain": "example.net", + "subdomain": "host041.host041.host041", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692: query: host041.host041.host041.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host041.host041.host041.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.105", + "port": 52692 + }, + "dns": { + "question": { + "class": "IN", + "name": "host041.host041.host041.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.105#52692 (host041.host041.host041.example.net.): answer: host041.host041.host041.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host041.host041.host041.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.136", + "port": 51314 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.136#51314: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.136", + "port": 51314 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.136#51314 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.175", + "port": 64788 + }, + "dns": { + "question": { + "class": "IN", + "name": "forum.viva.nl.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#64788 (forum.viva.nl.): answer: forum.viva.nl. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "forum.viva.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.136", + "port": 65429 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.136#65429: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.136", + "port": 65429 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.136#65429 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.50", + "port": 59089 + }, + "dns": { + "question": { + "class": "IN", + "name": "host008.example.net", + "registered_domain": "example.net", + "subdomain": "host008", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#59089: query: host008.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host008.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.50", + "port": 59089 + }, + "dns": { + "question": { + "class": "IN", + "name": "host008.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#59089 (host008.example.net.): answer: host008.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host008.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.37", + "port": 58764 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-powerpoint.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-powerpoint.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.37#58764: query: euc-powerpoint.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-powerpoint.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.37", + "port": 58764 + }, + "dns": { + "answers": [ + { + "data": "euc-powerpoint-geo.wac.trafficmanager.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "euc-powerpoint.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-powerpoint-geo.wac.trafficmanager.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.37#58764 (euc-powerpoint.officeapps.live.com.): answer: euc-powerpoint.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 2 CNAME euc-powerpoint-geo.wac.trafficmanager.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-powerpoint.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.127", + "port": 49669 + }, + "dns": { + "question": { + "class": "IN", + "name": "host106.host106.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.127#49669 (host106.host106.example.net.): answer: host106.host106.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host106.host106.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.37", + "port": 58331 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-powerpoint.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-powerpoint.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.37#58331: query: euc-powerpoint.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-powerpoint.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.37", + "port": 58331 + }, + "dns": { + "answers": [ + { + "data": "euc-powerpoint-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-powerpoint.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "euc-powerpoint.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-dc-msedge.net", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "euc-powerpoint.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-powerpoint-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-powerpoint.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "euc-powerpoint.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-dc-msedge.net", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.37#58331 (euc-powerpoint.officeapps.live.com.): answer: euc-powerpoint.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 2 CNAME euc-powerpoint-geo.wac.trafficmanager.net. 18 CNAME euc-powerpoint.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 27 CNAME euc-powerpoint.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net. 24 CNAME wac-0003.wac-dc-msedge.net" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-powerpoint.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.137", + "port": 44847 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.python.org", + "registered_domain": "python.org", + "subdomain": "www", + "top_level_domain": "org", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#44847: query: www.python.org IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.python.org" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.198", + "port": 38176 + }, + "dns": { + "question": { + "class": "IN", + "name": "host012.example.net", + "registered_domain": "example.net", + "subdomain": "host012", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.198#38176: query: host012.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host012.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.198", + "port": 58554 + }, + "dns": { + "question": { + "class": "IN", + "name": "host012.example.net", + "registered_domain": "example.net", + "subdomain": "host012", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.198#58554: query: host012.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host012.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.198", + "port": 38176 + }, + "dns": { + "question": { + "class": "IN", + "name": "host012.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.198#38176 (host012.example.net.): answer: host012.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host012.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.198", + "port": 58554 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.196", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host012.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.196", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.198#58554 (host012.example.net.): answer: host012.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.196 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host012.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.151", + "port": 50782 + }, + "dns": { + "question": { + "class": "IN", + "name": "ingestion.smartocto.com", + "registered_domain": "smartocto.com", + "subdomain": "ingestion", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#50782: query: ingestion.smartocto.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ingestion.smartocto.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.151", + "port": 50782 + }, + "dns": { + "question": { + "class": "IN", + "name": "ingestion.smartocto.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#50782 (ingestion.smartocto.com.): answer: ingestion.smartocto.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ingestion.smartocto.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.182", + "port": 56844 + }, + "dns": { + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "browser.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.182#56844: query: browser.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.182", + "port": 56844 + }, + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.182#56844 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. 5 A 198.51.100.214 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 63224 + }, + "dns": { + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "browser.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#63224: query: browser.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 63224 + }, + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#63224 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.151", + "port": 51861 + }, + "dns": { + "question": { + "class": "IN", + "name": "ingestion.smartocto.com", + "registered_domain": "smartocto.com", + "subdomain": "ingestion", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#51861: query: ingestion.smartocto.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ingestion.smartocto.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 62435 + }, + "dns": { + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "browser.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#62435: query: browser.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 62435 + }, + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#62435 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. 5 A 198.51.100.214 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55500 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55500: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55500 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55500 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.50", + "port": 46710 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#46710: query: host007.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.50", + "port": 46710 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#46710 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55501 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55501: query: host036.host036.host036.host036.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55501 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55501 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55502 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55502: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.47", + "port": 53436 + }, + "dns": { + "question": { + "class": "IN", + "name": "mail.yahoo.com", + "registered_domain": "yahoo.com", + "subdomain": "mail", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.47#53436: query: mail.yahoo.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mail.yahoo.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.47", + "port": 53436 + }, + "dns": { + "answers": [ + { + "data": "edge.gycpi.b.yahoodns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "mail.yahoo.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge.gycpi.b.yahoodns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.47#53436 (mail.yahoo.com.): answer: mail.yahoo.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME edge.gycpi.b.yahoodns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mail.yahoo.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55502 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55502 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.47", + "port": 59981 + }, + "dns": { + "question": { + "class": "IN", + "name": "mail.yahoo.com", + "registered_domain": "yahoo.com", + "subdomain": "mail", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.47#59981: query: mail.yahoo.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mail.yahoo.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.47", + "port": 59981 + }, + "dns": { + "answers": [ + { + "data": "edge.gycpi.b.yahoodns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.55", + "type": "A" + }, + { + "data": "198.51.100.54", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mail.yahoo.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge.gycpi.b.yahoodns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.55", + "type": "A" + }, + { + "data": "198.51.100.54", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.47#59981 (mail.yahoo.com.): answer: mail.yahoo.com. IN A (10.100.0.1) -> NOERROR 48 CNAME edge.gycpi.b.yahoodns.net. 17 A 198.51.100.55 17 A 198.51.100.54 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mail.yahoo.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.166", + "port": 63308 + }, + "dns": { + "question": { + "class": "IN", + "name": "host108.host108.host108.host108.host108.example.net", + "registered_domain": "example.net", + "subdomain": "host108.host108.host108.host108.host108", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.166#63308: query: host108.host108.host108.host108.host108.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host108.host108.host108.host108.host108.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.166", + "port": 63308 + }, + "dns": { + "question": { + "class": "IN", + "name": "host109.host109.host109.host109.host109.example.net.", + "type": "SRV" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.166#63308 (host109.host109.host109.host109.host109.example.net.): answer: host109.host109.host109.host109.host109.example.net. IN SRV (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host109.host109.host109.host109.host109.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55503 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55503: query: host038.host038.host038.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55503 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55503 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55504 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55504: query: host038.host038.host038.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.137", + "port": 44847 + }, + "dns": { + "answers": [ + { + "data": "dualstack.python.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.14", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.9", + "type": "A" + }, + { + "data": "198.51.100.5", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.python.org.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dualstack.python.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.14", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.9", + "type": "A" + }, + { + "data": "198.51.100.5", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.137#44847 (www.python.org.): answer: www.python.org. IN A (10.100.0.1) -> NOERROR 260276 CNAME dualstack.python.map.fastly.net. 60 A 198.51.100.14 60 A 198.51.100.6 60 A 198.51.100.9 60 A 198.51.100.5 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.python.org." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55504 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55504 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55505 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55505: query: host039.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55505 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55505 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55506 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55506: query: host039.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.46", + "port": 55506 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.46#55506 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.166", + "port": 63308 + }, + "dns": { + "question": { + "class": "IN", + "name": "host110.host110.host110.example.net", + "registered_domain": "example.net", + "subdomain": "host110.host110.host110", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.166#63308: query: host110.host110.host110.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host110.host110.host110.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.151", + "port": 51861 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.18", + "type": "A" + }, + { + "data": "198.51.100.16", + "type": "A" + }, + { + "data": "198.51.100.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ingestion.smartocto.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.18", + "type": "A" + }, + { + "data": "198.51.100.16", + "type": "A" + }, + { + "data": "198.51.100.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#51861 (ingestion.smartocto.com.): answer: ingestion.smartocto.com. IN A (10.100.0.1) -> NOERROR 57 A 198.51.100.18 57 A 198.51.100.16 57 A 198.51.100.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ingestion.smartocto.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.166", + "port": 63308 + }, + "dns": { + "question": { + "class": "IN", + "name": "host110.host110.host110.example.net.", + "type": "SRV" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.166#63308 (host110.host110.host110.example.net.): answer: host110.host110.host110.example.net. IN SRV (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host110.host110.host110.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.150", + "port": 50204 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.whatsapp.com", + "registered_domain": "whatsapp.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#50204: query: graph.whatsapp.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.whatsapp.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.150", + "port": 50204 + }, + "dns": { + "answers": [ + { + "data": "whatsapp.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "graph.whatsapp.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "whatsapp.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#50204 (graph.whatsapp.com.): answer: graph.whatsapp.com. IN TYPE65 (10.100.0.1) -> NOERROR 780 CNAME whatsapp.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.whatsapp.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.150", + "port": 53023 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.whatsapp.com", + "registered_domain": "whatsapp.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#53023: query: graph.whatsapp.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.whatsapp.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.125", + "port": 56738 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.125#56738: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.150", + "port": 53023 + }, + "dns": { + "answers": [ + { + "data": "whatsapp.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.32", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph.whatsapp.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "whatsapp.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.32", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#53023 (graph.whatsapp.com.): answer: graph.whatsapp.com. IN A (10.100.0.1) -> NOERROR 780 CNAME whatsapp.com. 22 A 198.51.100.32 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.whatsapp.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.125", + "port": 56738 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.125#56738 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.155", + "port": 54459 + }, + "dns": { + "question": { + "class": "IN", + "name": "gateway.fe2.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "gateway.fe2", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.155#54459: query: gateway.fe2.apple-dns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gateway.fe2.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.18", + "port": 50345 + }, + "dns": { + "question": { + "class": "IN", + "name": "api.flightproxy.teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "api.flightproxy.teams", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.18#50345: query: api.flightproxy.teams.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api.flightproxy.teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.155", + "port": 54459 + }, + "dns": { + "question": { + "class": "IN", + "name": "gateway.fe2.apple-dns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.155#54459 (gateway.fe2.apple-dns.net.): answer: gateway.fe2.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gateway.fe2.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.18", + "port": 50345 + }, + "dns": { + "answers": [ + { + "data": "api.flightproxy.teams.trafficmanager.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "api.flightproxy.teams.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "api.flightproxy.teams.trafficmanager.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.18#50345 (api.flightproxy.teams.microsoft.com.): answer: api.flightproxy.teams.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 546 CNAME api.flightproxy.teams.trafficmanager.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api.flightproxy.teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.18", + "port": 60063 + }, + "dns": { + "question": { + "class": "IN", + "name": "api.flightproxy.teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "api.flightproxy.teams", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.18#60063: query: api.flightproxy.teams.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api.flightproxy.teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.18", + "port": 60063 + }, + "dns": { + "answers": [ + { + "data": "api.flightproxy.teams.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ep-euwe-02-prod-aks.flightproxy.teams.microsoft.com.", + "type": "CNAME" + }, + { + "data": "epx.euwe-02.ic3-calling-enterpriseproxy.westeurope-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-westeurope-ns-018d0b8c6998.trafficmanager.net", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "api.flightproxy.teams.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "api.flightproxy.teams.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ep-euwe-02-prod-aks.flightproxy.teams.microsoft.com.", + "type": "CNAME" + }, + { + "data": "epx.euwe-02.ic3-calling-enterpriseproxy.westeurope-prod.cosmic.office.net.", + "type": "CNAME" + }, + { + "data": "cosmic-westeurope-ns-018d0b8c6998.trafficmanager.net", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.18#60063 (api.flightproxy.teams.microsoft.com.): answer: api.flightproxy.teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 545 CNAME api.flightproxy.teams.trafficmanager.net. 6 CNAME ep-euwe-02-prod-aks.flightproxy.teams.microsoft.com. 1468 CNAME epx.euwe-02.ic3-calling-enterpriseproxy.westeurope-prod.cosmic.office.net. 3 CNAME cosmic-westeurope-ns-018d0b8c6998.trafficmanager.net" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "api.flightproxy.teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 52413 + }, + "dns": { + "question": { + "class": "IN", + "name": "dgw-ig.c10r.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "dgw-ig.c10r", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52413: query: dgw-ig.c10r.facebook.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dgw-ig.c10r.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 52413 + }, + "dns": { + "question": { + "class": "IN", + "name": "dgw-ig.c10r.facebook.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#52413 (dgw-ig.c10r.facebook.com.): answer: dgw-ig.c10r.facebook.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dgw-ig.c10r.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.50", + "port": 33649 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#33649: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.50", + "port": 33649 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.50#33649 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.244", + "port": 45654 + }, + "dns": { + "question": { + "class": "IN", + "name": "host111.example.net", + "registered_domain": "example.net", + "subdomain": "host111", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#45654: query: host111.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host111.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.244", + "port": 33638 + }, + "dns": { + "question": { + "class": "IN", + "name": "host111.example.net", + "registered_domain": "example.net", + "subdomain": "host111", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#33638: query: host111.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host111.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.244", + "port": 33638 + }, + "dns": { + "question": { + "class": "IN", + "name": "host111.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#33638 (host111.example.net.): answer: host111.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host111.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.244", + "port": 45654 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.246", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host111.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.246", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#45654 (host111.example.net.): answer: host111.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.246 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host111.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.58", + "port": 58734 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.58#58734: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.58", + "port": 58734 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.58#58734 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.150", + "port": 54182 + }, + "dns": { + "question": { + "class": "IN", + "name": "whatsapp.com", + "registered_domain": "whatsapp.com", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#54182: query: whatsapp.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "whatsapp.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.150", + "port": 54182 + }, + "dns": { + "question": { + "class": "IN", + "name": "whatsapp.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.150#54182 (whatsapp.com.): answer: whatsapp.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "whatsapp.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 56996 + }, + "dns": { + "question": { + "class": "IN", + "name": "_dns.resolver.arpa", + "registered_domain": "resolver.arpa", + "subdomain": "_dns", + "top_level_domain": "arpa", + "type": "TYPE64" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#56996: query: _dns.resolver.arpa IN TYPE64 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "_dns.resolver.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 56996 + }, + "dns": { + "question": { + "class": "IN", + "name": "_dns.resolver.arpa.", + "type": "TYPE64" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#56996 (_dns.resolver.arpa.): answer: _dns.resolver.arpa. IN TYPE64 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "_dns.resolver.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 56638 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-common.online.office.com", + "registered_domain": "office.com", + "subdomain": "euc-common.online", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#56638: query: euc-common.online.office.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-common.online.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 56638 + }, + "dns": { + "answers": [ + { + "data": "euc-common-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "euc-common.online.office.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-common-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#56638 (euc-common.online.office.com.): answer: euc-common.online.office.com. IN TYPE65 (10.100.0.1) -> NOERROR 258 CNAME euc-common-geo.wac.trafficmanager.net. 5 CNAME euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 35 CNAME wac-0003.wac-msedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-common.online.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 49889 + }, + "dns": { + "question": { + "class": "IN", + "name": "gsp85-ssl.ls.apple.com", + "registered_domain": "apple.com", + "subdomain": "gsp85-ssl.ls", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#49889: query: gsp85-ssl.ls.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 49889 + }, + "dns": { + "answers": [ + { + "data": "gsp85-ssl.ls2-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.23", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "gsp85-ssl.ls.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "gsp85-ssl.ls2-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.23", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#49889 (gsp85-ssl.ls.apple.com.): answer: gsp85-ssl.ls.apple.com. IN A (10.100.0.1) -> NOERROR 1017 CNAME gsp85-ssl.ls2-apple.com.akadns.net. 27 A 198.51.100.23 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 50672 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-common.online.office.com", + "registered_domain": "office.com", + "subdomain": "euc-common.online", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#50672: query: euc-common.online.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-common.online.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 50672 + }, + "dns": { + "answers": [ + { + "data": "euc-common-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-common.online.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-common-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#50672 (euc-common.online.office.com.): answer: euc-common.online.office.com. IN A (10.100.0.1) -> NOERROR 258 CNAME euc-common-geo.wac.trafficmanager.net. 5 CNAME euc-common.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 35 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.235 18 A 198.51.100.236 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-common.online.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 64577 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.icloud.com", + "registered_domain": "icloud.com", + "subdomain": "mask", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#64577: query: mask.icloud.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 64577 + }, + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "mask.icloud.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#64577 (mask.icloud.com.): answer: mask.icloud.com. IN TYPE65 (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 57496 + }, + "dns": { + "question": { + "class": "IN", + "name": "gsp85-ssl.ls.apple.com", + "registered_domain": "apple.com", + "subdomain": "gsp85-ssl.ls", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#57496: query: gsp85-ssl.ls.apple.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 57496 + }, + "dns": { + "answers": [ + { + "data": "gsp85-ssl.ls2-apple.com.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "gsp85-ssl.ls.apple.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "gsp85-ssl.ls2-apple.com.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#57496 (gsp85-ssl.ls.apple.com.): answer: gsp85-ssl.ls.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 1017 CNAME gsp85-ssl.ls2-apple.com.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 50637 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.icloud.com", + "registered_domain": "icloud.com", + "subdomain": "mask", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#50637: query: mask.icloud.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 50637 + }, + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mask.icloud.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#50637 (mask.icloud.com.): answer: mask.icloud.com. IN A (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. 3 A 198.51.100.44 3 A 198.51.100.40 3 A 198.51.100.47 3 A 198.51.100.42 3 A 198.51.100.41 3 A 198.51.100.45 3 A 198.51.100.46 3 A 198.51.100.43 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64717 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64717: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.234", + "port": 56863 + }, + "dns": { + "question": { + "class": "IN", + "name": "hbase-rs.node4.isieca.eca.local", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.234#56863: query: hbase-rs.node4.isieca.eca.local IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "hbase-rs.node4.isieca.eca.local" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.234", + "port": 56863 + }, + "dns": { + "question": { + "class": "IN", + "name": "hbase-rs.node4.isieca.eca.local.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.234#56863 (hbase-rs.node4.isieca.eca.local.): answer: hbase-rs.node4.isieca.eca.local. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "hbase-rs.node4.isieca.eca.local." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64717 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64717 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.234", + "port": 44647 + }, + "dns": { + "question": { + "class": "IN", + "name": "hbase-rs.node6.isieca.eca.local", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.234#44647: query: hbase-rs.node6.isieca.eca.local IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "hbase-rs.node6.isieca.eca.local" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.234", + "port": 44647 + }, + "dns": { + "question": { + "class": "IN", + "name": "hbase-rs.node6.isieca.eca.local.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.234#44647 (hbase-rs.node6.isieca.eca.local.): answer: hbase-rs.node6.isieca.eca.local. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "hbase-rs.node6.isieca.eca.local." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.246", + "port": 47119 + }, + "dns": { + "question": { + "class": "IN", + "name": "172.16.2.74.in-addr.arpa", + "registered_domain": "74.in-addr.arpa", + "subdomain": "172.16.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.246#47119: query: 172.16.2.74.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "172.16.2.74.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.246", + "port": 47119 + }, + "dns": { + "answers": [ + { + "data": "host112.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "172.16.2.74.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host112.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.246#47119 (172.16.2.74.in-addr.arpa.): answer: 172.16.2.74.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host112.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "172.16.2.74.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64718 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64718: query: host036.host036.host036.host036.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64718 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64718 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64719 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64719: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64719 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64719 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64720 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64720: query: host038.host038.host038.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64720 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64720 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64721 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64721: query: host038.host038.host038.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64721 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64721 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64722 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64722: query: host039.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64722 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64722 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.44", + "port": 59426 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.44#59426: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.44", + "port": 59426 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.44#59426 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.183", + "port": 50218 + }, + "dns": { + "question": { + "class": "IN", + "name": "oneocsp.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "oneocsp", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.183#50218: query: oneocsp.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "oneocsp.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.183", + "port": 50218 + }, + "dns": { + "answers": [ + { + "data": "oneocsp-microsoft-com.a-0003.a-msedge.net.", + "type": "CNAME" + }, + { + "data": "a-0003.a-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.159", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "oneocsp.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "oneocsp-microsoft-com.a-0003.a-msedge.net.", + "type": "CNAME" + }, + { + "data": "a-0003.a-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.159", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.183#50218 (oneocsp.microsoft.com.): answer: oneocsp.microsoft.com. IN A (10.100.0.1) -> NOERROR 2284 CNAME oneocsp-microsoft-com.a-0003.a-msedge.net. 165 CNAME a-0003.a-msedge.net. 136 A 198.51.100.159 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "oneocsp.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.160", + "port": 63010 + }, + "dns": { + "question": { + "class": "IN", + "name": "mediacloud.xiaohongshu.com", + "registered_domain": "xiaohongshu.com", + "subdomain": "mediacloud", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.160#63010: query: mediacloud.xiaohongshu.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mediacloud.xiaohongshu.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 55581 + }, + "dns": { + "question": { + "class": "IN", + "name": "host113.example.net", + "registered_domain": "example.net", + "subdomain": "host113", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55581: query: host113.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 53076 + }, + "dns": { + "question": { + "class": "IN", + "name": "oauth.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "oauth.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#53076: query: oauth.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "oauth.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 53076 + }, + "dns": { + "answers": [ + { + "data": "oauth-geo.wac.trafficmanager.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "oauth.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "oauth-geo.wac.trafficmanager.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#53076 (oauth.officeapps.live.com.): answer: oauth.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 52 CNAME oauth-geo.wac.trafficmanager.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "oauth.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 55581 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host113.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55581 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64723 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64723: query: host039.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.43", + "port": 64723 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.43#64723 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 50047 + }, + "dns": { + "question": { + "class": "IN", + "name": "oauth.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "oauth.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#50047: query: oauth.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "oauth.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 50047 + }, + "dns": { + "answers": [ + { + "data": "oauth-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "oauth.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "oauth.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "oauth-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "oauth.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#50047 (oauth.officeapps.live.com.): answer: oauth.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 52 CNAME oauth-geo.wac.trafficmanager.net. 57 CNAME oauth.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 12 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.235 18 A 198.51.100.236 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "oauth.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.226", + "port": 64052 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.226#64052: query: example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 59527 + }, + "dns": { + "question": { + "class": "IN", + "name": "host113.example.net", + "registered_domain": "example.net", + "subdomain": "host113", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#59527: query: host113.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.226", + "port": 64052 + }, + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "question": { + "class": "IN", + "name": "example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.226#64052 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 59527 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host113.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#59527 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.39", + "port": 57805 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.39#57805: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.39", + "port": 57805 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.39#57805 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.199", + "port": 39324 + }, + "dns": { + "question": { + "class": "IN", + "name": "host114.example.net", + "registered_domain": "example.net", + "subdomain": "host114", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.199#39324: query: host114.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host114.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.199", + "port": 39324 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.199", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host114.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.199", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.199#39324 (host114.example.net.): answer: host114.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.199 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host114.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.199", + "port": 39324 + }, + "dns": { + "question": { + "class": "IN", + "name": "host114.example.net", + "registered_domain": "example.net", + "subdomain": "host114", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.199#39324: query: host114.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host114.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.199", + "port": 39324 + }, + "dns": { + "question": { + "class": "IN", + "name": "host114.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.199#39324 (host114.example.net.): answer: host114.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host114.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 38653 + }, + "dns": { + "question": { + "class": "IN", + "name": "host115.example.net", + "registered_domain": "example.net", + "subdomain": "host115", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#38653: query: host115.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host115.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 38653 + }, + "dns": { + "answers": [ + { + "data": "host116.example.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "HIxComeZmm-p.EXAMPLE.NET.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host116.example.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#38653 (HIxComeZmm-p.EXAMPLE.NET.): answer: HIxComeZmm-p.EXAMPLE.NET. IN AAAA (10.100.0.1) -> NOERROR 28800 CNAME host116.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "HIxComeZmm-p.EXAMPLE.NET." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 55708 + }, + "dns": { + "question": { + "class": "IN", + "name": "host113.example.net", + "registered_domain": "example.net", + "subdomain": "host113", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55708: query: host113.example.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 55708 + }, + "dns": { + "question": { + "class": "IN", + "name": "host113.example.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55708 (host113.example.net.): answer: host113.example.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 65129 + }, + "dns": { + "question": { + "class": "IN", + "name": "host113.example.net", + "registered_domain": "example.net", + "subdomain": "host113", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#65129: query: host113.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 65129 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host113.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#65129 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.244", + "port": 38406 + }, + "dns": { + "question": { + "class": "IN", + "name": "host117.example.net", + "registered_domain": "example.net", + "subdomain": "host117", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#38406: query: host117.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host117.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.244", + "port": 38406 + }, + "dns": { + "question": { + "class": "IN", + "name": "host117.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#38406 (host117.example.net.): answer: host117.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host117.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.244", + "port": 47531 + }, + "dns": { + "question": { + "class": "IN", + "name": "host117.example.net", + "registered_domain": "example.net", + "subdomain": "host117", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#47531: query: host117.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host117.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.244", + "port": 47531 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.245", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host117.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.245", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.244#47531 (host117.example.net.): answer: host117.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.245 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host117.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 53138 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#53138: query: host013.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 53138 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#53138: query: host013.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 53138 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#53138 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 53138 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#53138 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 61661 + }, + "dns": { + "question": { + "class": "IN", + "name": "sstats.adobe.com", + "registered_domain": "adobe.com", + "subdomain": "sstats", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61661: query: sstats.adobe.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "sstats.adobe.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 61661 + }, + "dns": { + "answers": [ + { + "data": "adobe.com.ssl.d1.sc.omtrdc.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "sstats.adobe.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "adobe.com.ssl.d1.sc.omtrdc.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61661 (sstats.adobe.com.): answer: sstats.adobe.com. IN TYPE65 (10.100.0.1) -> NOERROR 470 CNAME adobe.com.ssl.d1.sc.omtrdc.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "sstats.adobe.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 62336 + }, + "dns": { + "question": { + "class": "IN", + "name": "sstats.adobe.com", + "registered_domain": "adobe.com", + "subdomain": "sstats", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#62336: query: sstats.adobe.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "sstats.adobe.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 62336 + }, + "dns": { + "answers": [ + { + "data": "adobe.com.ssl.d1.sc.omtrdc.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "sstats.adobe.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "adobe.com.ssl.d1.sc.omtrdc.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#62336 (sstats.adobe.com.): answer: sstats.adobe.com. IN A (10.100.0.1) -> NOERROR 470 CNAME adobe.com.ssl.d1.sc.omtrdc.net. 374 A 198.51.100.45 374 A 198.51.100.40 374 A 198.51.100.44 374 A 198.51.100.42 374 A 198.51.100.43 374 A 198.51.100.41 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "sstats.adobe.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54970 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa", + "registered_domain": "52.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54970: query: 198.51.100.52.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54970 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.52.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54970 (198.51.100.52.in-addr.arpa.): answer: 198.51.100.52.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.52.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54971 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54971: query: host036.host036.host036.host036.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54971 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54971 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54972 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net", + "registered_domain": "example.net", + "subdomain": "host036.host036.host036.host036", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54972: query: host036.host036.host036.host036.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 50988 + }, + "dns": { + "question": { + "class": "IN", + "name": "acrobat.adobe.com", + "registered_domain": "adobe.com", + "subdomain": "acrobat", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#50988: query: acrobat.adobe.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 50988 + }, + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "acrobat.adobe.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#50988 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN TYPE65 (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54972 + }, + "dns": { + "question": { + "class": "IN", + "name": "host036.host036.host036.host036.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54972 (host036.host036.host036.host036.example.net.): answer: host036.host036.host036.host036.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host036.host036.host036.host036.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 59257 + }, + "dns": { + "question": { + "class": "IN", + "name": "acrobat.adobe.com", + "registered_domain": "adobe.com", + "subdomain": "acrobat", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#59257: query: acrobat.adobe.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54973 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54973: query: host038.host038.host038.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54973 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54973 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 51802 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.bing.com", + "registered_domain": "bing.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51802: query: www.bing.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.bing.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 51802 + }, + "dns": { + "answers": [ + { + "data": "www-www.bing.com.trafficmanager.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "www.bing.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "www-www.bing.com.trafficmanager.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51802 (www.bing.com.): answer: www.bing.com. IN TYPE65 (10.100.0.1) -> NOERROR 1256 CNAME www-www.bing.com.trafficmanager.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.bing.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54974 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net", + "registered_domain": "example.net", + "subdomain": "host038.host038.host038", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54974: query: host038.host038.host038.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 58772 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.bing.com", + "registered_domain": "bing.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58772: query: www.bing.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.bing.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 58772 + }, + "dns": { + "answers": [ + { + "data": "www-www.bing.com.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "www.bing.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e86303.dscx.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.120", + "type": "A" + }, + { + "data": "198.51.100.119", + "type": "A" + }, + { + "data": "198.51.100.117", + "type": "A" + }, + { + "data": "198.51.100.121", + "type": "A" + }, + { + "data": "198.51.100.118", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.bing.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "www-www.bing.com.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "www.bing.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e86303.dscx.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.120", + "type": "A" + }, + { + "data": "198.51.100.119", + "type": "A" + }, + { + "data": "198.51.100.117", + "type": "A" + }, + { + "data": "198.51.100.121", + "type": "A" + }, + { + "data": "198.51.100.118", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#58772 (www.bing.com.): answer: www.bing.com. IN A (10.100.0.1) -> NOERROR 1256 CNAME www-www.bing.com.trafficmanager.net. 22 CNAME www.bing.com.edgekey.net. 9122 CNAME e86303.dscx.akamaiedge.net. 3 A 198.51.100.120 3 A 198.51.100.119 3 A 198.51.100.117 3 A 198.51.100.121 3 A 198.51.100.118 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.bing.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54974 + }, + "dns": { + "question": { + "class": "IN", + "name": "host038.host038.host038.example.net.", + "type": "AAAA" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54974 (host038.host038.host038.example.net.): answer: host038.host038.host038.example.net. IN AAAA (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host038.host038.host038.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 55257 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55257: query: europe.smartscreen.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 55257 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55257 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54975 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54975: query: host039.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54975 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.205", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54975 (host039.example.net.): answer: host039.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.205 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.245", + "port": 10038 + }, + "dns": { + "question": { + "class": "IN", + "name": "172.16.2.74.in-addr.arpa", + "registered_domain": "74.in-addr.arpa", + "subdomain": "172.16.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.245#10038: query: 172.16.2.74.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "172.16.2.74.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.245", + "port": 10038 + }, + "dns": { + "answers": [ + { + "data": "host112.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "172.16.2.74.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host112.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.245#10038 (172.16.2.74.in-addr.arpa.): answer: 172.16.2.74.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host112.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "172.16.2.74.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 59984 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#59984: query: graph.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 59984 + }, + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "graph.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#59984 (graph.microsoft.com.): answer: graph.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1054 CNAME ags.privatelink.msidentity.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 62382 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#62382: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 62382 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#62382 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54976 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net", + "registered_domain": "example.net", + "subdomain": "host039", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54976: query: host039.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.47", + "port": 54976 + }, + "dns": { + "question": { + "class": "IN", + "name": "host039.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.47#54976 (host039.example.net.): answer: host039.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host039.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 56397 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56397: query: graph.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 56397 + }, + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + }, + { + "data": "198.51.100.141", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + }, + { + "data": "198.51.100.141", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56397 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 122 A 198.51.100.141 122 A 198.51.100.210 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.135", + "port": 50811 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net", + "registered_domain": "example.net", + "subdomain": "host031", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.135#50811: query: host031.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.135", + "port": 50811 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.134", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host031.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.134", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.135#50811 (host031.example.net.): answer: host031.example.net. IN A (10.100.0.1) -> NOERROR 300 A 10.1.1.134 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.135", + "port": 50811 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net", + "registered_domain": "example.net", + "subdomain": "host031", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.135#50811: query: host031.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.135", + "port": 50811 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.135#50811 (host031.example.net.): answer: host031.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 60667 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "mask", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#60667: query: mask.apple-dns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 60667 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#60667 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 54966 + }, + "dns": { + "question": { + "class": "IN", + "name": "gsp85-ssl.ls2-apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "gsp85-ssl.ls2-apple.com", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#54966: query: gsp85-ssl.ls2-apple.com.akadns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls2-apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 50731 + }, + "dns": { + "question": { + "class": "IN", + "name": "host058.host058.host058.host058.host058.host058.example.net", + "registered_domain": "example.net", + "subdomain": "host058.host058.host058.host058.host058.host058", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50731: query: host058.host058.host058.host058.host058.host058.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host058.host058.host058.host058.host058.host058.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 54966 + }, + "dns": { + "question": { + "class": "IN", + "name": "gsp85-ssl.ls2-apple.com.akadns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#54966 (gsp85-ssl.ls2-apple.com.akadns.net.): answer: gsp85-ssl.ls2-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gsp85-ssl.ls2-apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.107", + "port": 50731 + }, + "dns": { + "answers": [ + { + "data": "0 100 389 host034.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host061.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host059.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host060.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host063.example.net.", + "type": "SRV" + } + ], + "question": { + "class": "IN", + "name": "host062.host062.host062.host062.host062.host062.example.net.", + "type": "SRV" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "0 100 389 host034.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host061.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host059.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host060.example.net.", + "type": "SRV" + }, + { + "data": "0 100 389 host063.example.net.", + "type": "SRV" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.107#50731 (host062.host062.host062.host062.host062.host062.example.net.): answer: host062.host062.host062.host062.host062.host062.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host034.example.net. 600 SRV 0 100 389 host005.example.net. 600 SRV 0 100 389 host061.example.net. 600 SRV 0 100 389 host059.example.net. 600 SRV 0 100 389 host060.example.net. 600 SRV 0 100 389 host063.example.net." + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host062.host062.host062.host062.host062.host062.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 50318 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-collabrtc.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-collabrtc.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#50318: query: euc-collabrtc.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-collabrtc.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 50318 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-collabrtc.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#50318 (euc-collabrtc.officeapps.live.com.): answer: euc-collabrtc.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-collabrtc.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 65416 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-collabrtc.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-collabrtc.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#65416: query: euc-collabrtc.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-collabrtc.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 65416 + }, + "dns": { + "answers": [ + { + "data": "euc-collabrtc-geo.rtc.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-collabrtc.rtc.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.236", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-collabrtc.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-collabrtc-geo.rtc.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-collabrtc.rtc.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.236", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#65416 (euc-collabrtc.officeapps.live.com.): answer: euc-collabrtc.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 258 CNAME euc-collabrtc-geo.rtc.trafficmanager.net. 31 CNAME euc-collabrtc.rtc.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 4 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.236 18 A 198.51.100.235 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-collabrtc.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.160", + "port": 63010 + }, + "dns": { + "answers": [ + { + "data": "mediacloud.xiaohongshu.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1674.dscb.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.123", + "type": "A" + }, + { + "data": "198.51.100.115", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mediacloud.xiaohongshu.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mediacloud.xiaohongshu.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1674.dscb.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.123", + "type": "A" + }, + { + "data": "198.51.100.115", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.160#63010 (mediacloud.xiaohongshu.com.): answer: mediacloud.xiaohongshu.com. IN A (10.100.0.1) -> NOERROR 488 CNAME mediacloud.xiaohongshu.com.edgesuite.net. 17503 CNAME a1674.dscb.akamai.net. 20 A 198.51.100.123 20 A 198.51.100.115 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mediacloud.xiaohongshu.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 56684 + }, + "dns": { + "question": { + "class": "IN", + "name": "host118.host118.example.net", + "registered_domain": "example.net", + "subdomain": "host118.host118", + "top_level_domain": "net", + "type": "TXT" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#56684: query: host118.host118.example.net IN TXT (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host118.host118.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 56684 + }, + "dns": { + "question": { + "class": "IN", + "name": "host118.host118.example.net.", + "type": "TXT" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#56684 (host118.host118.example.net.): answer: host118.host118.example.net. IN TXT (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host118.host118.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 51473 + }, + "dns": { + "question": { + "class": "IN", + "name": "host119.host119.example.net", + "registered_domain": "example.net", + "subdomain": "host119.host119", + "top_level_domain": "net", + "type": "TXT" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#51473: query: host119.host119.example.net IN TXT (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host119.host119.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 51473 + }, + "dns": { + "question": { + "class": "IN", + "name": "host119.host119.example.net.", + "type": "TXT" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#51473 (host119.host119.example.net.): answer: host119.host119.example.net. IN TXT (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host119.host119.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 54165 + }, + "dns": { + "question": { + "class": "IN", + "name": "host120.host120.example.net", + "registered_domain": "example.net", + "subdomain": "host120.host120", + "top_level_domain": "net", + "type": "TXT" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#54165: query: host120.host120.example.net IN TXT (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host120.host120.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 54165 + }, + "dns": { + "question": { + "class": "IN", + "name": "host120.host120.example.net.", + "type": "TXT" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#54165 (host120.host120.example.net.): answer: host120.host120.example.net. IN TXT (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host120.host120.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 62819 + }, + "dns": { + "question": { + "class": "IN", + "name": "host121.host121.example.net", + "registered_domain": "example.net", + "subdomain": "host121.host121", + "top_level_domain": "net", + "type": "TXT" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#62819: query: host121.host121.example.net IN TXT (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host121.host121.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 62819 + }, + "dns": { + "question": { + "class": "IN", + "name": "host121.host121.example.net.", + "type": "TXT" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#62819 (host121.host121.example.net.): answer: host121.host121.example.net. IN TXT (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host121.host121.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 51755 + }, + "dns": { + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "browser.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#51755: query: browser.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 51755 + }, + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#51755 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 64640 + }, + "dns": { + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "browser.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#64640: query: browser.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.86", + "port": 64640 + }, + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.86#64640 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. 5 A 198.51.100.214 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 52485 + }, + "dns": { + "question": { + "class": "IN", + "name": "host122.host122.example.net", + "registered_domain": "example.net", + "subdomain": "host122.host122", + "top_level_domain": "net", + "type": "TXT" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#52485: query: host122.host122.example.net IN TXT (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host122.host122.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 52485 + }, + "dns": { + "question": { + "class": "IN", + "name": "host122.host122.example.net.", + "type": "TXT" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#52485 (host122.host122.example.net.): answer: host122.host122.example.net. IN TXT (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host122.host122.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.9", + "port": 63494 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-excel-telemetry.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-excel-telemetry.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.9#63494: query: euc-excel-telemetry.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel-telemetry.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.5", + "port": 63344 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#63344: query: host007.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.5", + "port": 63344 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#63344: query: host007.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.9", + "port": 63494 + }, + "dns": { + "answers": [ + { + "data": "euc-excel-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu4-excel-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.232", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-excel-telemetry.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-excel-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu4-excel-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.232", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.9#63494 (euc-excel-telemetry.officeapps.live.com.): answer: euc-excel-telemetry.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 236 CNAME euc-excel-telemetry.wac.trafficmanager.net. 240 CNAME pgteu4-excel-telemetry-vip.officeapps.live.com. 222 A 198.51.100.232 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel-telemetry.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.5", + "port": 63344 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#63344 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.5", + "port": 63344 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.5#63344 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.9", + "port": 63929 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-excel-telemetry.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-excel-telemetry.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.9#63929: query: euc-excel-telemetry.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel-telemetry.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.9", + "port": 63929 + }, + "dns": { + "answers": [ + { + "data": "euc-excel-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu4-excel-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "euc-excel-telemetry.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-excel-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu4-excel-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.9#63929 (euc-excel-telemetry.officeapps.live.com.): answer: euc-excel-telemetry.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 236 CNAME euc-excel-telemetry.wac.trafficmanager.net. 240 CNAME pgteu4-excel-telemetry-vip.officeapps.live.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel-telemetry.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 59257 + }, + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.124", + "type": "A" + }, + { + "data": "198.51.100.128", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "acrobat.adobe.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.124", + "type": "A" + }, + { + "data": "198.51.100.128", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#59257 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN A (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. 20 A 198.51.100.124 20 A 198.51.100.128 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.59", + "port": 55236 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.59#55236: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.59", + "port": 55236 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.59#55236 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.20", + "port": 52539 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.20#52539: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.20", + "port": 52539 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.20#52539 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 63085 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net", + "registered_domain": "example.net", + "subdomain": "host021.host021.host021", + "top_level_domain": "net", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#63085: query: host021.host021.host021.example.net IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 63085 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#63085 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 51750 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa", + "registered_domain": "2.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#51750: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 56037 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.184.in-addr.arpa", + "registered_domain": "184.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#56037: query: lb._dns-sd._udp.198.51.100.184.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.184.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 59909 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.1.in-addr.arpa", + "registered_domain": "1.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#59909: query: lb._dns-sd._udp.192.0.2.1.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.1.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 51750 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#51750 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 56037 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.184.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#56037 (lb._dns-sd._udp.198.51.100.184.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.184.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.184.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 59909 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.1.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#59909 (lb._dns-sd._udp.192.0.2.1.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.1.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.1.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 49417 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.18.in-addr.arpa", + "registered_domain": "18.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#49417: query: lb._dns-sd._udp.198.51.100.18.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.18.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 49417 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.18.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#49417 (lb._dns-sd._udp.198.51.100.18.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.18.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.18.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.53", + "port": 51166 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.53#51166: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.53", + "port": 51166 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.53#51166 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.67", + "port": 50697 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.google.com", + "registered_domain": "google.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.67#50697: query: www.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.67", + "port": 50697 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.67#50697 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.248 115 A 198.51.100.244 115 A 198.51.100.249 115 A 198.51.100.246 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 39781 + }, + "dns": { + "question": { + "class": "IN", + "name": "host123.example.net", + "registered_domain": "example.net", + "subdomain": "host123", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#39781: query: host123.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host123.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 39781 + }, + "dns": { + "question": { + "class": "IN", + "name": "host123.example.net", + "registered_domain": "example.net", + "subdomain": "host123", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#39781: query: host123.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host123.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 39781 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.97", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host123.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.97", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#39781 (host123.example.net.): answer: host123.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.97 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host123.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 39781 + }, + "dns": { + "question": { + "class": "IN", + "name": "host123.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#39781 (host123.example.net.): answer: host123.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host123.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.22", + "port": 44984 + }, + "dns": { + "question": { + "class": "IN", + "name": "host124.example.net", + "registered_domain": "example.net", + "subdomain": "host124", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#44984: query: host124.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host124.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 50542 + }, + "dns": { + "question": { + "class": "IN", + "name": "host125.example.net", + "registered_domain": "example.net", + "subdomain": "host125", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#50542: query: host125.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host125.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.22", + "port": 44984 + }, + "dns": { + "question": { + "class": "IN", + "name": "host124.example.net", + "registered_domain": "example.net", + "subdomain": "host124", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#44984: query: host124.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host124.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 50542 + }, + "dns": { + "question": { + "class": "IN", + "name": "host125.example.net", + "registered_domain": "example.net", + "subdomain": "host125", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#50542: query: host125.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host125.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.22", + "port": 44984 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.238", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host124.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.238", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#44984 (host124.example.net.): answer: host124.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.238 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host124.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.22", + "port": 44984 + }, + "dns": { + "question": { + "class": "IN", + "name": "host124.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#44984 (host124.example.net.): answer: host124.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host124.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 50542 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.70", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host125.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.70", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#50542 (host125.example.net.): answer: host125.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.70 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host125.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 50542 + }, + "dns": { + "question": { + "class": "IN", + "name": "host125.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#50542 (host125.example.net.): answer: host125.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host125.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 44266 + }, + "dns": { + "question": { + "class": "IN", + "name": "host126.example.net", + "registered_domain": "example.net", + "subdomain": "host126", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#44266: query: host126.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host126.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 44266 + }, + "dns": { + "question": { + "class": "IN", + "name": "host126.example.net", + "registered_domain": "example.net", + "subdomain": "host126", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#44266: query: host126.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host126.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 44266 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.103", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host126.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.103", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#44266 (host126.example.net.): answer: host126.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.103 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host126.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 44266 + }, + "dns": { + "question": { + "class": "IN", + "name": "host126.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#44266 (host126.example.net.): answer: host126.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host126.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.156", + "port": 51387 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.linkedin.com", + "registered_domain": "linkedin.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#51387: query: www.linkedin.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.linkedin.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.156", + "port": 51387 + }, + "dns": { + "answers": [ + { + "data": "cf-afd.www.linkedin.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "www.linkedin.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cf-afd.www.linkedin.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#51387 (www.linkedin.com.): answer: www.linkedin.com. IN TYPE65 (10.100.0.1) -> NOERROR 111 CNAME cf-afd.www.linkedin.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.linkedin.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 43261 + }, + "dns": { + "question": { + "class": "IN", + "name": "host127.example.net", + "registered_domain": "example.net", + "subdomain": "host127", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43261: query: host127.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host127.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 43261 + }, + "dns": { + "question": { + "class": "IN", + "name": "host127.example.net", + "registered_domain": "example.net", + "subdomain": "host127", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43261: query: host127.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host127.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 43261 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.17", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host127.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.17", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43261 (host127.example.net.): answer: host127.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.17 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host127.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 43261 + }, + "dns": { + "question": { + "class": "IN", + "name": "host127.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43261 (host127.example.net.): answer: host127.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host127.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.156", + "port": 56951 + }, + "dns": { + "question": { + "class": "IN", + "name": "media.licdn.com", + "registered_domain": "licdn.com", + "subdomain": "media", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#56951: query: media.licdn.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "media.licdn.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.156", + "port": 56951 + }, + "dns": { + "answers": [ + { + "data": "media.cm.licdn.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "media.licdn.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "media.cm.licdn.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#56951 (media.licdn.com.): answer: media.licdn.com. IN TYPE65 (10.100.0.1) -> NOERROR 227 CNAME media.cm.licdn.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "media.licdn.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.156", + "port": 60501 + }, + "dns": { + "question": { + "class": "IN", + "name": "media.licdn.com", + "registered_domain": "licdn.com", + "subdomain": "media", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#60501: query: media.licdn.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "media.licdn.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.156", + "port": 60501 + }, + "dns": { + "answers": [ + { + "data": "media.cm.licdn.com.", + "type": "CNAME" + }, + { + "data": "media-fsly.sb.lnkdns.net.", + "type": "CNAME" + }, + { + "data": "fs-ak-cf.media.sb.lnkdns.net.", + "type": "CNAME" + }, + { + "data": "linkedin.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.7", + "type": "A" + }, + { + "data": "198.51.100.12", + "type": "A" + }, + { + "data": "198.51.100.15", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "media.licdn.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "media.cm.licdn.com.", + "type": "CNAME" + }, + { + "data": "media-fsly.sb.lnkdns.net.", + "type": "CNAME" + }, + { + "data": "fs-ak-cf.media.sb.lnkdns.net.", + "type": "CNAME" + }, + { + "data": "linkedin.map.fastly.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.7", + "type": "A" + }, + { + "data": "198.51.100.12", + "type": "A" + }, + { + "data": "198.51.100.15", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#60501 (media.licdn.com.): answer: media.licdn.com. IN A (10.100.0.1) -> NOERROR 227 CNAME media.cm.licdn.com. 83 CNAME media-fsly.sb.lnkdns.net. 1563 CNAME fs-ak-cf.media.sb.lnkdns.net. 110 CNAME linkedin.map.fastly.net. 40 A 198.51.100.7 40 A 198.51.100.12 40 A 198.51.100.15 40 A 198.51.100.10 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "media.licdn.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 58534 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph-fallback.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "graph-fallback", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#58534: query: graph-fallback.facebook.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph-fallback.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.161", + "port": 58534 + }, + "dns": { + "answers": [ + { + "data": "star.fallback.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.19", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph-fallback.facebook.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "star.fallback.c10r.facebook.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.19", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.161#58534 (graph-fallback.facebook.com.): answer: graph-fallback.facebook.com. IN A (10.100.0.1) -> NOERROR 3182 CNAME star.fallback.c10r.facebook.com. 22 A 198.51.100.19 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph-fallback.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.156", + "port": 53509 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.linkedin.com", + "registered_domain": "linkedin.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#53509: query: www.linkedin.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.linkedin.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 36049 + }, + "dns": { + "question": { + "class": "IN", + "name": "host128.example.net", + "registered_domain": "example.net", + "subdomain": "host128", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36049: query: host128.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host128.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 36049 + }, + "dns": { + "question": { + "class": "IN", + "name": "host128.example.net", + "registered_domain": "example.net", + "subdomain": "host128", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36049: query: host128.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host128.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.156", + "port": 53509 + }, + "dns": { + "answers": [ + { + "data": "cf-afd.www.linkedin.com.", + "type": "CNAME" + }, + { + "data": "www.linkedin.com.cdn.cloudflare.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.204", + "type": "A" + }, + { + "data": "172.16.2.77", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.linkedin.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cf-afd.www.linkedin.com.", + "type": "CNAME" + }, + { + "data": "www.linkedin.com.cdn.cloudflare.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.204", + "type": "A" + }, + { + "data": "172.16.2.77", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#53509 (www.linkedin.com.): answer: www.linkedin.com. IN A (10.100.0.1) -> NOERROR 111 CNAME cf-afd.www.linkedin.com. 48 CNAME www.linkedin.com.cdn.cloudflare.net. 107 A 198.51.100.204 107 A 172.16.2.77 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.linkedin.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 36049 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.49", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host128.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.49", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36049 (host128.example.net.): answer: host128.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.49 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host128.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 36049 + }, + "dns": { + "question": { + "class": "IN", + "name": "host128.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36049 (host128.example.net.): answer: host128.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host128.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 60817 + }, + "dns": { + "question": { + "class": "IN", + "name": "host129.example.net", + "registered_domain": "example.net", + "subdomain": "host129", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#60817: query: host129.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host129.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 60817 + }, + "dns": { + "question": { + "class": "IN", + "name": "host129.example.net", + "registered_domain": "example.net", + "subdomain": "host129", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#60817: query: host129.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host129.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 60817 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.72", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host129.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.72", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#60817 (host129.example.net.): answer: host129.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.0.72 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host129.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 60817 + }, + "dns": { + "question": { + "class": "IN", + "name": "host129.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#60817 (host129.example.net.): answer: host129.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host129.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 48201 + }, + "dns": { + "question": { + "class": "IN", + "name": "host130.example.net", + "registered_domain": "example.net", + "subdomain": "host130", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48201: query: host130.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host130.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 48201 + }, + "dns": { + "question": { + "class": "IN", + "name": "host130.example.net", + "registered_domain": "example.net", + "subdomain": "host130", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48201: query: host130.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host130.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 48201 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.136", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host130.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.136", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48201 (host130.example.net.): answer: host130.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.1.136 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host130.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 48201 + }, + "dns": { + "question": { + "class": "IN", + "name": "host130.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#48201 (host130.example.net.): answer: host130.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host130.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 51196 + }, + "dns": { + "question": { + "class": "IN", + "name": "host131.example.net", + "registered_domain": "example.net", + "subdomain": "host131", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#51196: query: host131.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host131.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 51196 + }, + "dns": { + "question": { + "class": "IN", + "name": "host131.example.net", + "registered_domain": "example.net", + "subdomain": "host131", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#51196: query: host131.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host131.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 51196 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.139", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host131.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.139", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#51196 (host131.example.net.): answer: host131.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.1.139 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host131.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 51196 + }, + "dns": { + "question": { + "class": "IN", + "name": "host131.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#51196 (host131.example.net.): answer: host131.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host131.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.188", + "port": 45272 + }, + "dns": { + "question": { + "class": "IN", + "name": "host132.example.net", + "registered_domain": "example.net", + "subdomain": "host132", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.188#45272: query: host132.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.188", + "port": 45272 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.224", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host132.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.224", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.188#45272 (host132.example.net.): answer: host132.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.224 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 52227 + }, + "dns": { + "question": { + "class": "IN", + "name": "acrobat.adobe.com", + "registered_domain": "adobe.com", + "subdomain": "acrobat", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52227: query: acrobat.adobe.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 52227 + }, + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.124", + "type": "A" + }, + { + "data": "198.51.100.128", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "acrobat.adobe.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.124", + "type": "A" + }, + { + "data": "198.51.100.128", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#52227 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN A (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. 20 A 198.51.100.124 20 A 198.51.100.128 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 33656 + }, + "dns": { + "question": { + "class": "IN", + "name": "host133.example.net", + "registered_domain": "example.net", + "subdomain": "host133", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#33656: query: host133.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host133.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 33656 + }, + "dns": { + "question": { + "class": "IN", + "name": "host133.example.net", + "registered_domain": "example.net", + "subdomain": "host133", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#33656: query: host133.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host133.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 33656 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.103", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host133.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.103", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#33656 (host133.example.net.): answer: host133.example.net. IN A (10.100.0.1) -> NOERROR 1800 A 10.1.1.103 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host133.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 33656 + }, + "dns": { + "question": { + "class": "IN", + "name": "host133.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#33656 (host133.example.net.): answer: host133.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host133.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 36788 + }, + "dns": { + "question": { + "class": "IN", + "name": "host134.example.net", + "registered_domain": "example.net", + "subdomain": "host134", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36788: query: host134.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host134.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 36788 + }, + "dns": { + "question": { + "class": "IN", + "name": "host134.example.net", + "registered_domain": "example.net", + "subdomain": "host134", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36788: query: host134.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host134.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 36788 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.57", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host134.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.57", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36788 (host134.example.net.): answer: host134.example.net. IN A (10.100.0.1) -> NOERROR 3600 A 10.1.0.57 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host134.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 36788 + }, + "dns": { + "question": { + "class": "IN", + "name": "host134.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#36788 (host134.example.net.): answer: host134.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host134.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 53681 + }, + "dns": { + "question": { + "class": "IN", + "name": "host135.example.net", + "registered_domain": "example.net", + "subdomain": "host135", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53681: query: host135.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host135.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 53681 + }, + "dns": { + "question": { + "class": "IN", + "name": "host135.example.net", + "registered_domain": "example.net", + "subdomain": "host135", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53681: query: host135.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host135.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 53681 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.98", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host135.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.98", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53681 (host135.example.net.): answer: host135.example.net. IN A (10.100.0.1) -> NOERROR 600 A 10.1.0.98 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host135.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 53681 + }, + "dns": { + "question": { + "class": "IN", + "name": "host135.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53681 (host135.example.net.): answer: host135.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host135.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.188", + "port": 45272 + }, + "dns": { + "question": { + "class": "IN", + "name": "host132.example.net", + "registered_domain": "example.net", + "subdomain": "host132", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.188#45272: query: host132.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.188", + "port": 45272 + }, + "dns": { + "question": { + "class": "IN", + "name": "host132.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.188#45272 (host132.example.net.): answer: host132.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 55918 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.youtube.com", + "registered_domain": "youtube.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#55918: query: www.youtube.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.youtube.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 55918 + }, + "dns": { + "answers": [ + { + "data": "youtube-ui.l.google.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "www.youtube.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "youtube-ui.l.google.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#55918 (www.youtube.com.): answer: www.youtube.com. IN TYPE65 (10.100.0.1) -> NOERROR 256 CNAME youtube-ui.l.google.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.youtube.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 63506 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.youtube.com", + "registered_domain": "youtube.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#63506: query: www.youtube.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.youtube.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.69", + "port": 63506 + }, + "dns": { + "answers": [ + { + "data": "youtube-ui.l.google.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.251", + "type": "A" + }, + { + "data": "198.51.100.109", + "type": "A" + }, + { + "data": "198.51.100.253", + "type": "A" + }, + { + "data": "198.51.100.238", + "type": "A" + }, + { + "data": "172.16.2.68", + "type": "A" + }, + { + "data": "198.51.100.241", + "type": "A" + }, + { + "data": "172.16.2.70", + "type": "A" + }, + { + "data": "172.16.2.71", + "type": "A" + }, + { + "data": "198.51.100.164", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.youtube.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "youtube-ui.l.google.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.251", + "type": "A" + }, + { + "data": "198.51.100.109", + "type": "A" + }, + { + "data": "198.51.100.253", + "type": "A" + }, + { + "data": "198.51.100.238", + "type": "A" + }, + { + "data": "172.16.2.68", + "type": "A" + }, + { + "data": "198.51.100.241", + "type": "A" + }, + { + "data": "172.16.2.70", + "type": "A" + }, + { + "data": "172.16.2.71", + "type": "A" + }, + { + "data": "198.51.100.164", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.69#63506 (www.youtube.com.): answer: www.youtube.com. IN A (10.100.0.1) -> NOERROR 256 CNAME youtube-ui.l.google.com. 92 A 198.51.100.251 92 A 198.51.100.109 92 A 198.51.100.253 92 A 198.51.100.238 92 A 172.16.2.68 92 A 198.51.100.241 92 A 172.16.2.70 92 A 172.16.2.71 92 A 198.51.100.164 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.youtube.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 53418 + }, + "dns": { + "question": { + "class": "IN", + "name": "host136.example.net", + "registered_domain": "example.net", + "subdomain": "host136", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53418: query: host136.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host136.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 53418 + }, + "dns": { + "question": { + "class": "IN", + "name": "host136.example.net", + "registered_domain": "example.net", + "subdomain": "host136", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53418: query: host136.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host136.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 53418 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.111", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host136.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.111", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53418 (host136.example.net.): answer: host136.example.net. IN A (10.100.0.1) -> NOERROR 3600 A 10.1.1.111 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host136.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 53418 + }, + "dns": { + "question": { + "class": "IN", + "name": "host136.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#53418 (host136.example.net.): answer: host136.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host136.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.108", + "port": 58804 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.108#58804: query: graph.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.108", + "port": 58804 + }, + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + }, + { + "data": "198.51.100.141", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + }, + { + "data": "198.51.100.141", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.108#58804 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 122 A 198.51.100.141 122 A 198.51.100.210 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.54", + "port": 50880 + }, + "dns": { + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com", + "registered_domain": "msftconnecttest.com", + "subdomain": "ipv6", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#50880: query: ipv6.msftconnecttest.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.54", + "port": 50880 + }, + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#50880 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.78", + "port": 60581 + }, + "dns": { + "question": { + "class": "IN", + "name": "login.microsoftonline.com", + "registered_domain": "microsoftonline.com", + "subdomain": "login", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.78#60581: query: login.microsoftonline.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.78", + "port": 60581 + }, + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "login.microsoftonline.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.78#60581 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.54", + "port": 49940 + }, + "dns": { + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com", + "registered_domain": "msftconnecttest.com", + "subdomain": "ipv6", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#49940: query: ipv6.msftconnecttest.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.54", + "port": 49940 + }, + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#49940 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.170", + "port": 51917 + }, + "dns": { + "question": { + "class": "IN", + "name": "trk.pinterest.com", + "registered_domain": "pinterest.com", + "subdomain": "trk", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.170#51917: query: trk.pinterest.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "trk.pinterest.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.170", + "port": 51917 + }, + "dns": { + "answers": [ + { + "data": "vpc-trk-10d1b1f8032805fc.elb.us-east-1.amazonaws.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.228", + "type": "A" + }, + { + "data": "198.51.100.12", + "type": "A" + }, + { + "data": "198.51.100.179", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "trk.pinterest.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "vpc-trk-10d1b1f8032805fc.elb.us-east-1.amazonaws.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.228", + "type": "A" + }, + { + "data": "198.51.100.12", + "type": "A" + }, + { + "data": "198.51.100.179", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.170#51917 (trk.pinterest.com.): answer: trk.pinterest.com. IN A (10.100.0.1) -> NOERROR 6 CNAME vpc-trk-10d1b1f8032805fc.elb.us-east-1.amazonaws.com. 11 A 198.51.100.228 11 A 198.51.100.12 11 A 198.51.100.179 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "trk.pinterest.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.59", + "port": 58408 + }, + "dns": { + "question": { + "class": "IN", + "name": "host034.example.net", + "registered_domain": "example.net", + "subdomain": "host034", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.59#58408: query: host034.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host034.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.59", + "port": 58408 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host034.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.59#58408 (host034.example.net.): answer: host034.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host034.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.91", + "port": 59678 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.91#59678: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.91", + "port": 59678 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.91#59678 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.178", + "port": 50620 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.178#50620: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.178", + "port": 50620 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.178#50620 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.102", + "port": 57874 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.102#57874: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.102", + "port": 57874 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.102#57874 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.142", + "port": 55587 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-onenote.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-onenote.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.142#55587: query: euc-onenote.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-onenote.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.142", + "port": 55587 + }, + "dns": { + "answers": [ + { + "data": "euc-onenote-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-onenote.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "euc-onenote.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-onenote-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-onenote.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.142#55587 (euc-onenote.officeapps.live.com.): answer: euc-onenote.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 23 CNAME euc-onenote-geo.wac.trafficmanager.net. 2 CNAME euc-onenote.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 33 CNAME wac-0003.wac-msedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-onenote.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.185", + "port": 56945 + }, + "dns": { + "question": { + "class": "IN", + "name": "host004.host004.host004.host004.example.net", + "registered_domain": "example.net", + "subdomain": "host004.host004.host004.host004", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.185#56945: query: host004.host004.host004.host004.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host004.host004.host004.host004.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.185", + "port": 56945 + }, + "dns": { + "answers": [ + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + } + ], + "question": { + "class": "IN", + "name": "host004.host004.host004.host004.example.net.", + "type": "SRV" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.185#56945 (host004.host004.host004.host004.example.net.): answer: host004.host004.host004.host004.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host005.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host004.host004.host004.host004.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.46", + "port": 63775 + }, + "dns": { + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com", + "registered_domain": "msftconnecttest.com", + "subdomain": "ipv6", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#63775: query: ipv6.msftconnecttest.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.46", + "port": 63775 + }, + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#63775 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.9", + "port": 60908 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#60908: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.9", + "port": 60908 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#60908 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.60", + "port": 54515 + }, + "dns": { + "question": { + "class": "IN", + "name": "euro03.azure-devices.net", + "registered_domain": "azure-devices.net", + "subdomain": "euro03", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.60#54515: query: euro03.azure-devices.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euro03.azure-devices.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.54", + "port": 50308 + }, + "dns": { + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com", + "registered_domain": "msftconnecttest.com", + "subdomain": "ipv6", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#50308: query: ipv6.msftconnecttest.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.54", + "port": 50308 + }, + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.54#50308 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.142", + "port": 62302 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-onenote.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-onenote.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.142#62302: query: euc-onenote.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-onenote.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.142", + "port": 62302 + }, + "dns": { + "answers": [ + { + "data": "euc-onenote-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-onenote.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-onenote.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-onenote-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-onenote.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.235", + "type": "A" + }, + { + "data": "198.51.100.236", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.142#62302 (euc-onenote.officeapps.live.com.): answer: euc-onenote.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 22 CNAME euc-onenote-geo.wac.trafficmanager.net. 1 CNAME euc-onenote.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 32 CNAME wac-0003.wac-msedge.net. 17 A 198.51.100.235 17 A 198.51.100.236 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-onenote.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.9", + "port": 44483 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#44483: query: edr-weu.eu.endpoint.security.microsoft.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.9", + "port": 44483 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#44483 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 177 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.58", + "port": 62896 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-office.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.58#62896: query: eu-office.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.58", + "port": 62896 + }, + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.58#62896 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.46", + "port": 63775 + }, + "dns": { + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com", + "registered_domain": "msftconnecttest.com", + "subdomain": "ipv6", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#63775: query: ipv6.msftconnecttest.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.46", + "port": 63775 + }, + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#63775 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.46", + "port": 62119 + }, + "dns": { + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com", + "registered_domain": "msftconnecttest.com", + "subdomain": "ipv6", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#62119: query: ipv6.msftconnecttest.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.46", + "port": 62119 + }, + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "ipv6.msftconnecttest.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ncsiv6-geo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ipv6.msftconnecttest.com.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1968.i6g1.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.46#62119 (ipv6.msftconnecttest.com.): answer: ipv6.msftconnecttest.com. IN A (10.100.0.1) -> NOERROR 358 CNAME ncsiv6-geo.trafficmanager.net. 70242 CNAME ipv6.msftconnecttest.com.edgesuite.net. 11153 CNAME a1968.i6g1.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ipv6.msftconnecttest.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.9", + "port": 52258 + }, + "dns": { + "question": { + "class": "IN", + "name": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com", + "registered_domain": "azure.com", + "subdomain": "md-prod-simcon-ip128.westeurope.cloudapp", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#52258: query: md-prod-simcon-ip128.westeurope.cloudapp.azure.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "md-prod-simcon-ip128.westeurope.cloudapp.azure.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.9", + "port": 52258 + }, + "dns": { + "question": { + "class": "IN", + "name": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.9#52258 (md-prod-simcon-ip128.westeurope.cloudapp.azure.com.): answer: md-prod-simcon-ip128.westeurope.cloudapp.azure.com. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "md-prod-simcon-ip128.westeurope.cloudapp.azure.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.170", + "port": 51218 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.170#51218: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.170", + "port": 51218 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.170#51218 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.149", + "port": 61768 + }, + "dns": { + "question": { + "class": "IN", + "name": "outlook.office.com", + "registered_domain": "office.com", + "subdomain": "outlook", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.149#61768: query: outlook.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.149", + "port": 61768 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "outlook.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.149#61768 (outlook.office.com.): answer: outlook.office.com. IN A (10.100.0.1) -> NOERROR 31 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.6 7 A 198.51.100.218 7 A 198.51.100.11 7 A 198.51.100.10 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.185", + "port": 51248 + }, + "dns": { + "question": { + "class": "IN", + "name": "host005.example.net", + "registered_domain": "example.net", + "subdomain": "host005", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.185#51248: query: host005.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host005.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.185", + "port": 51248 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.228", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host005.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.228", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.185#51248 (host005.example.net.): answer: host005.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.228 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host005.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.14", + "port": 50334 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.cp.wd.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.cp.wd", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.14#50334: query: europe.cp.wd.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.cp.wd.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.14", + "port": 50334 + }, + "dns": { + "answers": [ + { + "data": "wd-prod-cp-eu.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.227", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.cp.wd.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "wd-prod-cp-eu.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.227", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.14#50334 (europe.cp.wd.microsoft.com.): answer: europe.cp.wd.microsoft.com. IN A (10.100.0.1) -> NOERROR 982 CNAME wd-prod-cp-eu.trafficmanager.net. 208 CNAME wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com. 5 A 198.51.100.227 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.cp.wd.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.174", + "port": 51527 + }, + "dns": { + "question": { + "class": "IN", + "name": "msedge.api.cdp.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "msedge.api.cdp", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.174#51527: query: msedge.api.cdp.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "msedge.api.cdp.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.174", + "port": 51527 + }, + "dns": { + "answers": [ + { + "data": "api.cdp.microsoft.com.", + "type": "CNAME" + }, + { + "data": "glb.api.prod.dcat.dsp.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.51", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "msedge.api.cdp.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "api.cdp.microsoft.com.", + "type": "CNAME" + }, + { + "data": "glb.api.prod.dcat.dsp.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.51", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.174#51527 (msedge.api.cdp.microsoft.com.): answer: msedge.api.cdp.microsoft.com. IN A (10.100.0.1) -> NOERROR 180 CNAME api.cdp.microsoft.com. 3078 CNAME glb.api.prod.dcat.dsp.trafficmanager.net. 43 A 198.51.100.51 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "msedge.api.cdp.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.60", + "port": 54515 + }, + "dns": { + "answers": [ + { + "data": "gateway-prod-gw-uksouth-3-tls10-g2.uksouth.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.229", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "EURO03.azure-devices.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "gateway-prod-gw-uksouth-3-tls10-g2.uksouth.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.229", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.60#54515 (EURO03.azure-devices.net.): answer: EURO03.azure-devices.net. IN A (10.100.0.1) -> NOERROR 95 CNAME gateway-prod-gw-uksouth-3-tls10-g2.uksouth.cloudapp.azure.com. 10 A 198.51.100.229 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "EURO03.azure-devices.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 51568 + }, + "dns": { + "question": { + "class": "IN", + "name": "acrobat.adobe.com", + "registered_domain": "adobe.com", + "subdomain": "acrobat", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51568: query: acrobat.adobe.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 51568 + }, + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.128", + "type": "A" + }, + { + "data": "198.51.100.124", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "acrobat.adobe.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.128", + "type": "A" + }, + { + "data": "198.51.100.124", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51568 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN A (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. 20 A 198.51.100.128 20 A 198.51.100.124 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 56743 + }, + "dns": { + "question": { + "class": "IN", + "name": "acrobat.adobe.com", + "registered_domain": "adobe.com", + "subdomain": "acrobat", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56743: query: acrobat.adobe.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 56743 + }, + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "acrobat.adobe.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56743 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN TYPE65 (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 56053 + }, + "dns": { + "question": { + "class": "IN", + "name": "lcdn-locator.apple.com", + "registered_domain": "apple.com", + "subdomain": "lcdn-locator", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#56053: query: lcdn-locator.apple.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lcdn-locator.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 56053 + }, + "dns": { + "answers": [ + { + "data": "lcdn-locator.apple.com.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "lcdn-locator.apple.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "lcdn-locator.apple.com.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#56053 (lcdn-locator.apple.com.): answer: lcdn-locator.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 27514 CNAME lcdn-locator.apple.com.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lcdn-locator.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 44665 + }, + "dns": { + "question": { + "class": "IN", + "name": "host137.example.net", + "registered_domain": "example.net", + "subdomain": "host137", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#44665: query: host137.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host137.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 44665 + }, + "dns": { + "question": { + "class": "IN", + "name": "host137.example.net", + "registered_domain": "example.net", + "subdomain": "host137", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#44665: query: host137.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host137.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 44665 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.210", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host137.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.210", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#44665 (host137.example.net.): answer: host137.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.210 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host137.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 44665 + }, + "dns": { + "question": { + "class": "IN", + "name": "host137.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#44665 (host137.example.net.): answer: host137.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host137.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 64579 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.umbrella.com", + "registered_domain": "umbrella.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#64579: query: dns.umbrella.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.umbrella.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 64579 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.161", + "type": "A" + }, + { + "data": "198.51.100.160", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "dns.umbrella.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.161", + "type": "A" + }, + { + "data": "198.51.100.160", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#64579 (dns.umbrella.com.): answer: dns.umbrella.com. IN A (10.100.0.1) -> NOERROR 376 A 198.51.100.161 376 A 198.51.100.160 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.umbrella.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.45", + "port": 51416 + }, + "dns": { + "question": { + "class": "IN", + "name": "host059.example.net", + "registered_domain": "example.net", + "subdomain": "host059", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.45#51416: query: host059.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host059.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.190", + "port": 63182 + }, + "dns": { + "question": { + "class": "IN", + "name": "host138.host138.example.net", + "registered_domain": "example.net", + "subdomain": "host138.host138", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.190#63182: query: host138.host138.example.net IN A (10.1.0.189)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host138.host138.example.net" + ], + "ip": [ + "10.1.0.189" + ] + }, + "server": { + "ip": "10.1.0.189" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.45", + "port": 51416 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.227", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host059.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.227", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.45#51416 (host059.example.net.): answer: host059.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.227 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host059.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 57694 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.opendns.com", + "registered_domain": "opendns.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#57694: query: dns.opendns.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.opendns.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 57694 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.opendns.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#57694 (dns.opendns.com.): answer: dns.opendns.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.opendns.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 50294 + }, + "dns": { + "question": { + "class": "IN", + "name": "_dns.resolver.arpa", + "registered_domain": "resolver.arpa", + "subdomain": "_dns", + "top_level_domain": "arpa", + "type": "TYPE64" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#50294: query: _dns.resolver.arpa IN TYPE64 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "_dns.resolver.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 50294 + }, + "dns": { + "question": { + "class": "IN", + "name": "_dns.resolver.arpa.", + "type": "TYPE64" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#50294 (_dns.resolver.arpa.): answer: _dns.resolver.arpa. IN TYPE64 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "_dns.resolver.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 50260 + }, + "dns": { + "question": { + "class": "IN", + "name": "lcdn-locator.apple.com", + "registered_domain": "apple.com", + "subdomain": "lcdn-locator", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#50260: query: lcdn-locator.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lcdn-locator.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 50260 + }, + "dns": { + "answers": [ + { + "data": "lcdn-locator.apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "lcdn-locator-usuqo.apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.22", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "lcdn-locator.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "lcdn-locator.apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "lcdn-locator-usuqo.apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.22", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#50260 (lcdn-locator.apple.com.): answer: lcdn-locator.apple.com. IN A (10.100.0.1) -> NOERROR 27514 CNAME lcdn-locator.apple.com.akadns.net. 15 CNAME lcdn-locator-usuqo.apple.com.akadns.net. 38 A 198.51.100.22 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lcdn-locator.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 61200 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.opendns.com", + "registered_domain": "opendns.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#61200: query: dns.opendns.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.opendns.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 61200 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.160", + "type": "A" + }, + { + "data": "198.51.100.161", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "dns.opendns.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.160", + "type": "A" + }, + { + "data": "198.51.100.161", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#61200 (dns.opendns.com.): answer: dns.opendns.com. IN A (10.100.0.1) -> NOERROR 2380 A 198.51.100.160 2380 A 198.51.100.161 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.opendns.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.178", + "port": 60709 + }, + "dns": { + "question": { + "class": "IN", + "name": "mira-ofc.tm-4.office.com", + "registered_domain": "office.com", + "subdomain": "mira-ofc.tm-4", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#60709: query: mira-ofc.tm-4.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mira-ofc.tm-4.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.178", + "port": 60709 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.238", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mira-ofc.tm-4.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.238", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#60709 (mira-ofc.tm-4.office.com.): answer: mira-ofc.tm-4.office.com. IN A (10.100.0.1) -> NOERROR 6 A 198.51.100.248 6 A 198.51.100.247 6 A 198.51.100.245 6 A 198.51.100.238 6 A 198.51.100.242 6 A 198.51.100.246 6 A 198.51.100.243 6 A 198.51.100.244 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mira-ofc.tm-4.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 55760 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.umbrella.com", + "registered_domain": "umbrella.com", + "subdomain": "doh", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#55760: query: doh.umbrella.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.umbrella.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 55760 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.umbrella.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#55760 (doh.umbrella.com.): answer: doh.umbrella.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.umbrella.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 62432 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.opendns.com", + "registered_domain": "opendns.com", + "subdomain": "doh", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#62432: query: doh.opendns.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.opendns.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 62432 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.254", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "doh.opendns.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.254", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#62432 (doh.opendns.com.): answer: doh.opendns.com. IN A (10.100.0.1) -> NOERROR 114 A 198.51.100.254 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.opendns.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 65243 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.umbrella.com", + "registered_domain": "umbrella.com", + "subdomain": "doh", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#65243: query: doh.umbrella.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.umbrella.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 65243 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.255", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "doh.umbrella.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.255", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#65243 (doh.umbrella.com.): answer: doh.umbrella.com. IN A (10.100.0.1) -> NOERROR 1 A 198.51.100.255 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.umbrella.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 49322 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.opendns.com", + "registered_domain": "opendns.com", + "subdomain": "doh", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#49322: query: doh.opendns.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.opendns.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 49322 + }, + "dns": { + "question": { + "class": "IN", + "name": "doh.opendns.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#49322 (doh.opendns.com.): answer: doh.opendns.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "doh.opendns.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.84", + "port": 62056 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-word-telemetry.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-word-telemetry.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.84#62056: query: euc-word-telemetry.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-telemetry.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.84", + "port": 62056 + }, + "dns": { + "answers": [ + { + "data": "euc-word-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu5-word-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.233", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-word-telemetry.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-word-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu5-word-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.233", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.84#62056 (euc-word-telemetry.officeapps.live.com.): answer: euc-word-telemetry.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 5 CNAME euc-word-telemetry.wac.trafficmanager.net. 1 CNAME pgteu5-word-telemetry-vip.officeapps.live.com. 5 A 198.51.100.233 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-telemetry.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.84", + "port": 63242 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-word-telemetry.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-word-telemetry.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.84#63242: query: euc-word-telemetry.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-telemetry.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.84", + "port": 63242 + }, + "dns": { + "answers": [ + { + "data": "euc-word-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu5-word-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "euc-word-telemetry.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-word-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu5-word-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.84#63242 (euc-word-telemetry.officeapps.live.com.): answer: euc-word-telemetry.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 5 CNAME euc-word-telemetry.wac.trafficmanager.net. 1 CNAME pgteu5-word-telemetry-vip.officeapps.live.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-telemetry.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.150", + "port": 59826 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.150#59826: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.150", + "port": 59826 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.150#59826 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.193", + "port": 46619 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.193#46619: query: edr-weu.eu.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.193", + "port": 46619 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.158", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.193#46619 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 15 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. 3 A 198.51.100.158 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.193", + "port": 46619 + }, + "dns": { + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "edr-weu.eu.endpoint.security", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.193#46619: query: edr-weu.eu.endpoint.security.microsoft.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.193", + "port": 46619 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "edr-weu.eu.endpoint.security.microsoft.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip128.westeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.193#46619 (edr-weu.eu.endpoint.security.microsoft.com.): answer: edr-weu.eu.endpoint.security.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 177 CNAME md-prod-simcon-geoedr-tm-westeurope.trafficmanager.net. 269 CNAME md-prod-simcon-ip128.westeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "edr-weu.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.61", + "port": 63557 + }, + "dns": { + "question": { + "class": "IN", + "name": "substrate.office.com", + "registered_domain": "office.com", + "subdomain": "substrate", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#63557: query: substrate.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.61", + "port": 63557 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "substrate.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.61#63557 (substrate.office.com.): answer: substrate.office.com. IN A (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.11 7 A 198.51.100.10 7 A 198.51.100.218 7 A 198.51.100.6 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.152", + "port": 56843 + }, + "dns": { + "question": { + "class": "IN", + "name": "host139.example.net", + "registered_domain": "example.net", + "subdomain": "host139", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.152#56843: query: host139.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host139.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.152", + "port": 56843 + }, + "dns": { + "question": { + "class": "IN", + "name": "host140.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.152#56843 (host140.example.net.): answer: host140.example.net. IN A (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host140.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.152", + "port": 55122 + }, + "dns": { + "question": { + "class": "IN", + "name": "host141.host141.host141.example.net", + "registered_domain": "example.net", + "subdomain": "host141.host141.host141", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.152#55122: query: host141.host141.host141.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host141.host141.host141.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.152", + "port": 55122 + }, + "dns": { + "question": { + "class": "IN", + "name": "host142.host142.host142.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.152#55122 (host142.host142.host142.example.net.): answer: host142.host142.host142.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host142.host142.host142.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.131", + "port": 65073 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-word-edit.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-word-edit.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.131#65073: query: euc-word-edit.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-edit.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.131", + "port": 65073 + }, + "dns": { + "answers": [ + { + "data": "euc-word-edit-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.236", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-word-edit.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-word-edit-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.236", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.131#65073 (euc-word-edit.officeapps.live.com.): answer: euc-word-edit.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 3 CNAME euc-word-edit-geo.wac.trafficmanager.net. 14 CNAME euc-word-edit.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 20 CNAME wac-0003.wac-msedge.net. 18 A 198.51.100.236 18 A 198.51.100.235 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-edit.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.87", + "port": 50122 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.87#50122: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.87", + "port": 50122 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.87#50122 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.177", + "port": 57792 + }, + "dns": { + "question": { + "class": "IN", + "name": "array514.prod.do.dsp.mp.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "array514.prod.do.dsp.mp", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.177#57792: query: array514.prod.do.dsp.mp.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "array514.prod.do.dsp.mp.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.177", + "port": 57792 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.50", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "array514.prod.do.dsp.mp.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.50", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.177#57792 (array514.prod.do.dsp.mp.microsoft.com.): answer: array514.prod.do.dsp.mp.microsoft.com. IN A (10.100.0.1) -> NOERROR 2679 A 198.51.100.50 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "array514.prod.do.dsp.mp.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.99", + "port": 58671 + }, + "dns": { + "question": { + "class": "IN", + "name": "features.netscalergateway.net", + "registered_domain": "netscalergateway.net", + "subdomain": "features", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.99#58671: query: features.netscalergateway.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "features.netscalergateway.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.99", + "port": 58671 + }, + "dns": { + "answers": [ + { + "data": "features.netscalergateway.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "az-eu-w-features.netscalergateway.net.", + "type": "CNAME" + }, + { + "data": "lb-traefik-ngs-production-client.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.34", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "features.netscalergateway.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "features.netscalergateway.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "az-eu-w-features.netscalergateway.net.", + "type": "CNAME" + }, + { + "data": "lb-traefik-ngs-production-client.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.34", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.99#58671 (features.netscalergateway.net.): answer: features.netscalergateway.net. IN A (10.100.0.1) -> NOERROR 21 CNAME features.netscalergateway.net.akadns.net. 13 CNAME az-eu-w-features.netscalergateway.net. 1 CNAME lb-traefik-ngs-production-client.westeurope.cloudapp.azure.com. 3 A 198.51.100.34 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "features.netscalergateway.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.67", + "port": 53210 + }, + "dns": { + "question": { + "class": "IN", + "name": "host004.host004.host004.host004.example.net", + "registered_domain": "example.net", + "subdomain": "host004.host004.host004.host004", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.67#53210: query: host004.host004.host004.host004.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host004.host004.host004.host004.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.67", + "port": 53210 + }, + "dns": { + "answers": [ + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + } + ], + "question": { + "class": "IN", + "name": "host004.host004.host004.host004.example.net.", + "type": "SRV" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.67#53210 (host004.host004.host004.host004.example.net.): answer: host004.host004.host004.host004.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host005.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host004.host004.host004.host004.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 56173 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.umbrella.com", + "registered_domain": "umbrella.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#56173: query: dns.umbrella.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.umbrella.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.173", + "port": 56173 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.umbrella.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.173#56173 (dns.umbrella.com.): answer: dns.umbrella.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.umbrella.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.151", + "port": 50235 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.151#50235: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.151", + "port": 50235 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.151#50235 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.19", + "port": 62903 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.19#62903: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.19", + "port": 62903 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.19#62903 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.152", + "port": 53256 + }, + "dns": { + "question": { + "class": "IN", + "name": "partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net", + "registered_domain": "office.net", + "subdomain": "partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#53256: query: partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.116", + "port": 57937 + }, + "dns": { + "question": { + "class": "IN", + "name": "login.microsoftonline.com", + "registered_domain": "microsoftonline.com", + "subdomain": "login", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.116#57937: query: login.microsoftonline.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.116", + "port": 57937 + }, + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "login.microsoftonline.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.116#57937 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.208 99 A 198.51.100.148 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.90", + "port": 49563 + }, + "dns": { + "question": { + "class": "IN", + "name": "host004.host004.host004.host004.example.net", + "registered_domain": "example.net", + "subdomain": "host004.host004.host004.host004", + "top_level_domain": "net", + "type": "SRV" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.90#49563: query: host004.host004.host004.host004.example.net IN SRV (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host004.host004.host004.host004.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.90", + "port": 49563 + }, + "dns": { + "answers": [ + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + } + ], + "question": { + "class": "IN", + "name": "host004.host004.host004.host004.example.net.", + "type": "SRV" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "0 100 389 host005.example.net.", + "type": "SRV" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.90#49563 (host004.host004.host004.host004.example.net.): answer: host004.host004.host004.host004.example.net. IN SRV (10.100.0.1) -> NOERROR 600 SRV 0 100 389 host005.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host004.host004.host004.host004.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.35", + "port": 50843 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.booking.com", + "registered_domain": "booking.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#50843: query: www.booking.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.booking.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.35", + "port": 50843 + }, + "dns": { + "answers": [ + { + "data": "d1of1hbywxxm65.cloudfront.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.107", + "type": "A" + }, + { + "data": "198.51.100.104", + "type": "A" + }, + { + "data": "198.51.100.106", + "type": "A" + }, + { + "data": "198.51.100.105", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.booking.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "d1of1hbywxxm65.cloudfront.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.107", + "type": "A" + }, + { + "data": "198.51.100.104", + "type": "A" + }, + { + "data": "198.51.100.106", + "type": "A" + }, + { + "data": "198.51.100.105", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#50843 (www.booking.com.): answer: www.booking.com. IN A (10.100.0.1) -> NOERROR 467 CNAME d1of1hbywxxm65.cloudfront.net. 24 A 198.51.100.107 24 A 198.51.100.104 24 A 198.51.100.106 24 A 198.51.100.105 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.booking.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.191", + "port": 55015 + }, + "dns": { + "question": { + "class": "IN", + "name": "host132.example.net", + "registered_domain": "example.net", + "subdomain": "host132", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#55015: query: host132.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.191", + "port": 55015 + }, + "dns": { + "question": { + "class": "IN", + "name": "host132.example.net", + "registered_domain": "example.net", + "subdomain": "host132", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#55015: query: host132.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.191", + "port": 55015 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.224", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host132.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.224", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#55015 (host132.example.net.): answer: host132.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.224 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.191", + "port": 55015 + }, + "dns": { + "question": { + "class": "IN", + "name": "host132.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#55015 (host132.example.net.): answer: host132.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.152", + "port": 51053 + }, + "dns": { + "question": { + "class": "IN", + "name": "partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net", + "registered_domain": "office.net", + "subdomain": "partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#51053: query: partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.67", + "port": 53210 + }, + "dns": { + "question": { + "class": "IN", + "name": "host005.example.net", + "registered_domain": "example.net", + "subdomain": "host005", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.67#53210: query: host005.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host005.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.67", + "port": 53210 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.228", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host005.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.228", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.67#53210 (host005.example.net.): answer: host005.example.net. IN A (10.100.0.1) -> NOERROR 1200 A 10.1.0.228 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host005.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.21", + "port": 60618 + }, + "dns": { + "question": { + "class": "IN", + "name": "config.edge.skype.com", + "registered_domain": "skype.com", + "subdomain": "config.edge", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.21#60618: query: config.edge.skype.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "config.edge.skype.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.21", + "port": 60618 + }, + "dns": { + "answers": [ + { + "data": "config.edge.skype.com.trafficmanager.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "config.edge.skype.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "config.edge.skype.com.trafficmanager.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.21#60618 (config.edge.skype.com.): answer: config.edge.skype.com. IN TYPE65 (10.100.0.1) -> NOERROR 7182 CNAME config.edge.skype.com.trafficmanager.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "config.edge.skype.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.21", + "port": 58136 + }, + "dns": { + "question": { + "class": "IN", + "name": "config.edge.skype.com", + "registered_domain": "skype.com", + "subdomain": "config.edge", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.21#58136: query: config.edge.skype.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "config.edge.skype.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.21", + "port": 58136 + }, + "dns": { + "answers": [ + { + "data": "config.edge.skype.com.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ln-0007.config.skype.com.", + "type": "CNAME" + }, + { + "data": "config-edge-skype.ln-0007.ln-msedge.net.", + "type": "CNAME" + }, + { + "data": "ln-0007.ln-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.2", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "config.edge.skype.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "config.edge.skype.com.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "ln-0007.config.skype.com.", + "type": "CNAME" + }, + { + "data": "config-edge-skype.ln-0007.ln-msedge.net.", + "type": "CNAME" + }, + { + "data": "ln-0007.ln-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.2", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.21#58136 (config.edge.skype.com.): answer: config.edge.skype.com. IN A (10.100.0.1) -> NOERROR 7182 CNAME config.edge.skype.com.trafficmanager.net. 37 CNAME ln-0007.config.skype.com. 2449 CNAME config-edge-skype.ln-0007.ln-msedge.net. 207 CNAME ln-0007.ln-msedge.net. 108 A 198.51.100.2 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "config.edge.skype.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 51564 + }, + "dns": { + "question": { + "class": "IN", + "name": "substrate.office.com", + "registered_domain": "office.com", + "subdomain": "substrate", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#51564: query: substrate.office.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 51564 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "substrate.office.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#51564 (substrate.office.com.): answer: substrate.office.com. IN TYPE65 (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 53605 + }, + "dns": { + "question": { + "class": "IN", + "name": "substrate.office.com", + "registered_domain": "office.com", + "subdomain": "substrate", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#53605: query: substrate.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.48", + "port": 53605 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "substrate.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.48#53605 (substrate.office.com.): answer: substrate.office.com. IN A (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.11 7 A 198.51.100.10 7 A 198.51.100.218 7 A 198.51.100.6 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 60953 + }, + "dns": { + "question": { + "class": "IN", + "name": "lcdn-locator.apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "lcdn-locator.apple.com", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#60953: query: lcdn-locator.apple.com.akadns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lcdn-locator.apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.134", + "port": 60953 + }, + "dns": { + "question": { + "class": "IN", + "name": "lcdn-locator.apple.com.akadns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.134#60953 (lcdn-locator.apple.com.akadns.net.): answer: lcdn-locator.apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lcdn-locator.apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.152", + "port": 53256 + }, + "dns": { + "answers": [ + { + "data": "cosmic-northeurope-ns-5ad59b4881b2.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cosmic-northeurope-ns-5ad59b4881b2.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#53256 (partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net.): answer: partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net. IN AAAA (10.100.0.1) -> NOERROR 6 CNAME cosmic-northeurope-ns-5ad59b4881b2.trafficmanager.net. 18 CNAME partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.121", + "port": 65384 + }, + "dns": { + "question": { + "class": "IN", + "name": "gew4-spclient.spotify.com", + "registered_domain": "spotify.com", + "subdomain": "gew4-spclient", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.121#65384: query: gew4-spclient.spotify.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-spclient.spotify.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.121", + "port": 65384 + }, + "dns": { + "answers": [ + { + "data": "edge-web-gew4.dual-gslb.spotify.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "gew4-spclient.spotify.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-web-gew4.dual-gslb.spotify.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.121#65384 (gew4-spclient.spotify.com.): answer: gew4-spclient.spotify.com. IN TYPE65 (10.100.0.1) -> NOERROR 139 CNAME edge-web-gew4.dual-gslb.spotify.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-spclient.spotify.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.121", + "port": 55641 + }, + "dns": { + "question": { + "class": "IN", + "name": "gew4-spclient.spotify.com", + "registered_domain": "spotify.com", + "subdomain": "gew4-spclient", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.121#55641: query: gew4-spclient.spotify.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-spclient.spotify.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.121", + "port": 55641 + }, + "dns": { + "answers": [ + { + "data": "edge-web-gew4.dual-gslb.spotify.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.202", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "gew4-spclient.spotify.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "edge-web-gew4.dual-gslb.spotify.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.202", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.121#55641 (gew4-spclient.spotify.com.): answer: gew4-spclient.spotify.com. IN A (10.100.0.1) -> NOERROR 138 CNAME edge-web-gew4.dual-gslb.spotify.com. 37 A 198.51.100.202 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gew4-spclient.spotify.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.35", + "port": 62386 + }, + "dns": { + "question": { + "class": "IN", + "name": "cdn.cookielaw.org", + "registered_domain": "cookielaw.org", + "subdomain": "cdn", + "top_level_domain": "org", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#62386: query: cdn.cookielaw.org IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cdn.cookielaw.org" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.35", + "port": 62386 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.206", + "type": "A" + }, + { + "data": "198.51.100.205", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "cdn.cookielaw.org.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.206", + "type": "A" + }, + { + "data": "198.51.100.205", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#62386 (cdn.cookielaw.org.): answer: cdn.cookielaw.org. IN A (10.100.0.1) -> NOERROR 207 A 198.51.100.206 207 A 198.51.100.205 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "cdn.cookielaw.org." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 43628 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.80.in-addr.arpa", + "registered_domain": "80.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43628: query: 198.51.100.80.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.80.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.222", + "port": 43628 + }, + "dns": { + "answers": [ + { + "data": "host143.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.80.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host143.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.222#43628 (198.51.100.80.in-addr.arpa.): answer: 198.51.100.80.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host143.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.80.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.220", + "port": 51327 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.220#51327: query: example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.220", + "port": 51327 + }, + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "question": { + "class": "IN", + "name": "example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.220#51327 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.152", + "port": 51053 + }, + "dns": { + "answers": [ + { + "data": "cosmic-northeurope-ns-5ad59b4881b2.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "partition-cname-trouter-ic3-edf-trouter-service-trouter-2.d02-027.ic3-edf-tr", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cosmic-northeurope-ns-5ad59b4881b2.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "partition-cname-trouter-ic3-edf-trouter-service-trouter-2.d02-027.ic3-edf-tr", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#51053 (partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net.): answer: partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net. IN A (10.100.0.1) -> NOERROR 6 CNAME cosmic-northeurope-ns-5ad59b4881b2.trafficmanager.net. 15 CNAME partition-cname-trouter-ic3-edf-trouter-service-trouter-2.d02-027.ic3-edf-tr" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "partition-cname-trouter.pub-ent-euno-06.ic3-edf-trouter.northeurope-prod.cosmic.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.35", + "port": 53568 + }, + "dns": { + "question": { + "class": "IN", + "name": "t-cf.bstatic.com", + "registered_domain": "bstatic.com", + "subdomain": "t-cf", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#53568: query: t-cf.bstatic.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "t-cf.bstatic.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.35", + "port": 53568 + }, + "dns": { + "answers": [ + { + "data": "d2i5gg36g14bzn.cloudfront.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.85", + "type": "A" + }, + { + "data": "198.51.100.86", + "type": "A" + }, + { + "data": "198.51.100.91", + "type": "A" + }, + { + "data": "198.51.100.88", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "t-cf.bstatic.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "d2i5gg36g14bzn.cloudfront.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.85", + "type": "A" + }, + { + "data": "198.51.100.86", + "type": "A" + }, + { + "data": "198.51.100.91", + "type": "A" + }, + { + "data": "198.51.100.88", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.35#53568 (t-cf.bstatic.com.): answer: t-cf.bstatic.com. IN A (10.100.0.1) -> NOERROR 1668 CNAME d2i5gg36g14bzn.cloudfront.net. 11 A 198.51.100.85 11 A 198.51.100.86 11 A 198.51.100.91 11 A 198.51.100.88 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "t-cf.bstatic.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 42167 + }, + "dns": { + "question": { + "class": "IN", + "name": "host144.example.net", + "registered_domain": "example.net", + "subdomain": "host144", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#42167: query: host144.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host144.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 42167 + }, + "dns": { + "question": { + "class": "IN", + "name": "host144.example.net", + "registered_domain": "example.net", + "subdomain": "host144", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#42167: query: host144.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host144.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 42167 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.211", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host144.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.211", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#42167 (host144.example.net.): answer: host144.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.211 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host144.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 42167 + }, + "dns": { + "question": { + "class": "IN", + "name": "host144.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#42167 (host144.example.net.): answer: host144.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host144.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.158", + "port": 57886 + }, + "dns": { + "question": { + "class": "IN", + "name": "weatherkit.apple.com", + "registered_domain": "apple.com", + "subdomain": "weatherkit", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#57886: query: weatherkit.apple.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "weatherkit.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.158", + "port": 57886 + }, + "dns": { + "answers": [ + { + "data": "weatherkit.apple.com.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "weatherkit.apple.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "weatherkit.apple.com.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#57886 (weatherkit.apple.com.): answer: weatherkit.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 2881 CNAME weatherkit.apple.com.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "weatherkit.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.169", + "port": 56746 + }, + "dns": { + "question": { + "class": "IN", + "name": "host145.example.net", + "registered_domain": "example.net", + "subdomain": "host145", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.169#56746: query: host145.example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host145.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.169", + "port": 56746 + }, + "dns": { + "question": { + "class": "IN", + "name": "host146.example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.169#56746 (host146.example.net.): answer: host146.example.net. IN SOA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host146.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.190", + "port": 57427 + }, + "dns": { + "question": { + "class": "IN", + "name": "182.10.in-addr.arpa", + "registered_domain": "10.in-addr.arpa", + "subdomain": "182", + "top_level_domain": "in-addr.arpa", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.190#57427: query: 182.10.in-addr.arpa IN SOA (10.1.0.189)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "182.10.in-addr.arpa" + ], + "ip": [ + "10.1.0.189" + ] + }, + "server": { + "ip": "10.1.0.189" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.158", + "port": 58840 + }, + "dns": { + "question": { + "class": "IN", + "name": "weatherkit.apple.com", + "registered_domain": "apple.com", + "subdomain": "weatherkit", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#58840: query: weatherkit.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "weatherkit.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.158", + "port": 58840 + }, + "dns": { + "answers": [ + { + "data": "weatherkit.apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "weather-data.apple.com.akamaized.net.", + "type": "CNAME" + }, + { + "data": "a2047.dscapi9.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.195", + "type": "A" + }, + { + "data": "198.51.100.194", + "type": "A" + }, + { + "data": "198.51.100.192", + "type": "A" + }, + { + "data": "198.51.100.199", + "type": "A" + }, + { + "data": "198.51.100.198", + "type": "A" + }, + { + "data": "198.51.100.196", + "type": "A" + }, + { + "data": "198.51.100.193", + "type": "A" + }, + { + "data": "198.51.100.197", + "type": "A" + }, + { + "data": "104.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "weatherkit.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "weatherkit.apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "weather-data.apple.com.akamaized.net.", + "type": "CNAME" + }, + { + "data": "a2047.dscapi9.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.195", + "type": "A" + }, + { + "data": "198.51.100.194", + "type": "A" + }, + { + "data": "198.51.100.192", + "type": "A" + }, + { + "data": "198.51.100.199", + "type": "A" + }, + { + "data": "198.51.100.198", + "type": "A" + }, + { + "data": "198.51.100.196", + "type": "A" + }, + { + "data": "198.51.100.193", + "type": "A" + }, + { + "data": "198.51.100.197", + "type": "A" + }, + { + "data": "104.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#58840 (weatherkit.apple.com.): answer: weatherkit.apple.com. IN A (10.100.0.1) -> NOERROR 2881 CNAME weatherkit.apple.com.akadns.net. 52 CNAME weather-data.apple.com.akamaized.net. 9385 CNAME a2047.dscapi9.akamai.net. 5 A 198.51.100.195 5 A 198.51.100.194 5 A 198.51.100.192 5 A 198.51.100.199 5 A 198.51.100.198 5 A 198.51.100.196 5 A 198.51.100.193 5 A 198.51.100.197 5 A 104.1" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "weatherkit.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 35013 + }, + "dns": { + "question": { + "class": "IN", + "name": "host147.example.net", + "registered_domain": "example.net", + "subdomain": "host147", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#35013: query: host147.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host147.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 35013 + }, + "dns": { + "question": { + "class": "IN", + "name": "host147.example.net", + "registered_domain": "example.net", + "subdomain": "host147", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#35013: query: host147.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host147.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 35013 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.212", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host147.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.212", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#35013 (host147.example.net.): answer: host147.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.212 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host147.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.202", + "port": 35013 + }, + "dns": { + "question": { + "class": "IN", + "name": "host147.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.202#35013 (host147.example.net.): answer: host147.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host147.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.184", + "port": 52456 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa", + "registered_domain": "2.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.192.0.2", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#52456: query: lb._dns-sd._udp.192.0.2.2.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.184", + "port": 52456 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.192.0.2.2.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#52456 (lb._dns-sd._udp.192.0.2.2.in-addr.arpa.): answer: lb._dns-sd._udp.192.0.2.2.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.192.0.2.2.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.184", + "port": 63628 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net", + "registered_domain": "example.net", + "subdomain": "host021.host021.host021", + "top_level_domain": "net", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#63628: query: host021.host021.host021.example.net IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.184", + "port": 63628 + }, + "dns": { + "question": { + "class": "IN", + "name": "host021.host021.host021.example.net.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#63628 (host021.host021.host021.example.net.): answer: host021.host021.host021.example.net. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host021.host021.host021.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.87", + "port": 62518 + }, + "dns": { + "question": { + "class": "IN", + "name": "host022.host022.example.net", + "registered_domain": "example.net", + "subdomain": "host022.host022", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.87#62518: query: host022.host022.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host022.host022.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.184", + "port": 60235 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.162.in-addr.arpa", + "registered_domain": "162.in-addr.arpa", + "subdomain": "lb._dns-sd._udp.198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#60235: query: lb._dns-sd._udp.198.51.100.162.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.162.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.184", + "port": 60235 + }, + "dns": { + "question": { + "class": "IN", + "name": "lb._dns-sd._udp.198.51.100.162.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.184#60235 (lb._dns-sd._udp.198.51.100.162.in-addr.arpa.): answer: lb._dns-sd._udp.198.51.100.162.in-addr.arpa. IN PTR (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "lb._dns-sd._udp.198.51.100.162.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.87", + "port": 62518 + }, + "dns": { + "question": { + "class": "IN", + "name": "host023.host023.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.87#62518 (host023.host023.example.net.): answer: host023.host023.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host023.host023.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.29", + "port": 56153 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.29#56153: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.29", + "port": 56153 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.29#56153 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.71", + "port": 60092 + }, + "dns": { + "question": { + "class": "IN", + "name": "self.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "self.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.71#60092: query: self.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "self.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.71", + "port": 60092 + }, + "dns": { + "answers": [ + { + "data": "self-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdweu03.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.213", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "self.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "self-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdweu03.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.213", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.71#60092 (self.events.data.microsoft.com.): answer: self.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 37 CNAME self-events-data.trafficmanager.net. 7 CNAME onedscolprdweu03.westeurope.cloudapp.azure.com. 0 A 198.51.100.213 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "self.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.169", + "port": 56746 + }, + "dns": { + "question": { + "class": "IN", + "name": "host015.example.net", + "registered_domain": "example.net", + "subdomain": "host015", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.169#56746: query: host015.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host015.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.169", + "port": 56746 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.189", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host015.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.189", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.169#56746 (host015.example.net.): answer: host015.example.net. IN A (10.100.0.1) -> NOERROR 600 A 10.1.0.189 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host015.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.65", + "port": 52118 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.65#52118: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.65", + "port": 52118 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.65#52118 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.158", + "port": 51428 + }, + "dns": { + "question": { + "class": "IN", + "name": "weatherkit.apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "weatherkit.apple.com", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#51428: query: weatherkit.apple.com.akadns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "weatherkit.apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.158", + "port": 51428 + }, + "dns": { + "answers": [ + { + "data": "weather-data.apple.com.akamaized.net.", + "type": "CNAME" + }, + { + "data": "a2047.dscapi9.akamai.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "weatherkit.apple.com.akadns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "weather-data.apple.com.akamaized.net.", + "type": "CNAME" + }, + { + "data": "a2047.dscapi9.akamai.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.158#51428 (weatherkit.apple.com.akadns.net.): answer: weatherkit.apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 10 CNAME weather-data.apple.com.akamaized.net. 9385 CNAME a2047.dscapi9.akamai.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "weatherkit.apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.104", + "port": 57182 + }, + "dns": { + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "browser.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.104#57182: query: browser.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.104", + "port": 57182 + }, + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.104#57182 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.104", + "port": 51027 + }, + "dns": { + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "browser.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.104#51027: query: browser.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.104", + "port": 51027 + }, + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.104#51027 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. 5 A 198.51.100.214 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.146", + "port": 64835 + }, + "dns": { + "question": { + "class": "IN", + "name": "turbo.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "turbo", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#64835: query: turbo.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.146", + "port": 64835 + }, + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "turbo.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#64835 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.107", + "port": 51019 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.107#51019: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.107", + "port": 51019 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.107#51019 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.146", + "port": 60279 + }, + "dns": { + "question": { + "class": "IN", + "name": "turbo.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "turbo", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#60279: query: turbo.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.146", + "port": 60279 + }, + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-b01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "turbo.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-b01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#60279 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN A (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. 5 CNAME mr-b01.tm-azurefd.net. 28 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.211 35 A 198.51.100.210 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.152", + "port": 60989 + }, + "dns": { + "question": { + "class": "IN", + "name": "partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic.office.net", + "registered_domain": "office.net", + "subdomain": "partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#60989: query: partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic.office.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.52", + "port": 58498 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.52#58498: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.52", + "port": 58498 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.52#58498 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.18", + "port": 51279 + }, + "dns": { + "question": { + "class": "IN", + "name": "host148.example.net", + "registered_domain": "example.net", + "subdomain": "host148", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.18#51279: query: host148.example.net IN SOA (10.1.0.189)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host148.example.net" + ], + "ip": [ + "10.1.0.189" + ] + }, + "server": { + "ip": "10.1.0.189" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.18", + "port": 51279 + }, + "dns": { + "question": { + "class": "IN", + "name": "host148.example.net.", + "type": "SOA" + }, + "response_code": "SERVFAIL" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.18#51279 (host148.example.net.): answer: host148.example.net. IN SOA (10.1.0.189) -> SERVFAIL " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host148.example.net." + ], + "ip": [ + "10.1.0.189" + ] + }, + "server": { + "ip": "10.1.0.189" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 63962 + }, + "dns": { + "question": { + "class": "IN", + "name": "signaler-pa.clients6.google.com", + "registered_domain": "google.com", + "subdomain": "signaler-pa.clients6", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#63962: query: signaler-pa.clients6.google.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "signaler-pa.clients6.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 63962 + }, + "dns": { + "question": { + "class": "IN", + "name": "signaler-pa.clients6.google.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#63962 (signaler-pa.clients6.google.com.): answer: signaler-pa.clients6.google.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "signaler-pa.clients6.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.146", + "port": 55732 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#55732: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.146", + "port": 55732 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.146#55732 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.152", + "port": 60989 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.253", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic.office.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.253", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.152#60989 (partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic.office.net.): answer: partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic.office.net. IN A (10.100.0.1) -> NOERROR 18 A 198.51.100.253 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "partition-cname-trouter-ic3-edf-trouter-service-trouter-1.d02-027.ic3-edf-trouter.01-northeurope-prod.cosmic.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.156", + "port": 64836 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.linkedin.com.cdn.cloudflare.net", + "registered_domain": "cloudflare.net", + "subdomain": "www.linkedin.com.cdn", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#64836: query: www.linkedin.com.cdn.cloudflare.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.linkedin.com.cdn.cloudflare.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.156", + "port": 64836 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.linkedin.com.cdn.cloudflare.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.156#64836 (www.linkedin.com.cdn.cloudflare.net.): answer: www.linkedin.com.cdn.cloudflare.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.linkedin.com.cdn.cloudflare.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.169", + "port": 60715 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "denied" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<27>Apr 17 12:39:52 eip-dns-test01 named[38626]: client @0x22b4a6b66d10 10.1.1.169#60715: update 'example.net/IN' denied" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 27 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 38626 + }, + "related": { + "hosts": [ + "example.net" + ] + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 53686 + }, + "dns": { + "question": { + "class": "IN", + "name": "signaler-pa.clients6.google.com", + "registered_domain": "google.com", + "subdomain": "signaler-pa.clients6", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#53686: query: signaler-pa.clients6.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "signaler-pa.clients6.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 53686 + }, + "dns": { + "answers": [ + { + "data": "172.16.2.69", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "signaler-pa.clients6.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "172.16.2.69", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#53686 (signaler-pa.clients6.google.com.): answer: signaler-pa.clients6.google.com. IN A (10.100.0.1) -> NOERROR 196 A 172.16.2.69 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "signaler-pa.clients6.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.144", + "port": 57844 + }, + "dns": { + "question": { + "class": "IN", + "name": "login.microsoftonline.com", + "registered_domain": "microsoftonline.com", + "subdomain": "login", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.144#57844: query: login.microsoftonline.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.144", + "port": 57844 + }, + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "login.microsoftonline.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.144#57844 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.181", + "port": 63814 + }, + "dns": { + "question": { + "class": "IN", + "name": "faster.typekit.net", + "registered_domain": "typekit.net", + "subdomain": "faster", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.181#63814: query: faster.typekit.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "faster.typekit.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.150", + "port": 61251 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.150#61251: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.150", + "port": 61251 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.150#61251 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.178", + "port": 53617 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-office.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#53617: query: eu-office.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.178", + "port": 53617 + }, + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#53617 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.180", + "port": 57956 + }, + "dns": { + "question": { + "class": "IN", + "name": "self.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "self.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.180#57956: query: self.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "self.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.180", + "port": 57956 + }, + "dns": { + "answers": [ + { + "data": "self-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdweu03.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.213", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "self.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "self-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdweu03.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.213", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.180#57956 (self.events.data.microsoft.com.): answer: self.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 37 CNAME self-events-data.trafficmanager.net. 7 CNAME onedscolprdweu03.westeurope.cloudapp.azure.com. 0 A 198.51.100.213 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "self.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.170", + "port": 56918 + }, + "dns": { + "question": { + "class": "IN", + "name": "notify.bugsnag.com", + "registered_domain": "bugsnag.com", + "subdomain": "notify", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.170#56918: query: notify.bugsnag.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "notify.bugsnag.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.170", + "port": 56918 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.201", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "notify.bugsnag.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.201", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.170#56918 (notify.bugsnag.com.): answer: notify.bugsnag.com. IN A (10.100.0.1) -> NOERROR 9 A 198.51.100.201 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "notify.bugsnag.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.10", + "port": 55264 + }, + "dns": { + "question": { + "class": "IN", + "name": "host029.host029.example.net", + "registered_domain": "example.net", + "subdomain": "host029.host029", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.10#55264: query: host029.host029.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host029.host029.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.10", + "port": 55264 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.29", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host029.host029.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.29", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.10#55264 (host029.host029.example.net.): answer: host029.host029.example.net. IN A (10.100.0.1) -> NOERROR 0 A 10.1.1.29 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host029.host029.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.36", + "port": 59974 + }, + "dns": { + "question": { + "class": "IN", + "name": "v10.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "v10.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.36#59974: query: v10.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v10.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.36", + "port": 59974 + }, + "dns": { + "answers": [ + { + "data": "win-global-asimov-leafs-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdeus11.eastus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.154", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "v10.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "win-global-asimov-leafs-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdeus11.eastus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.154", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.36#59974 (v10.events.data.microsoft.com.): answer: v10.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 22 CNAME win-global-asimov-leafs-events-data.trafficmanager.net. 6 CNAME onedscolprdeus11.eastus.cloudapp.azure.com. 5 A 198.51.100.154 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v10.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.178", + "port": 62530 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-office.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#62530: query: eu-office.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.178", + "port": 62530 + }, + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-office.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.aria.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.155", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#62530 (eu-office.events.data.microsoft.com.): answer: eu-office.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 88 CNAME eu.aria.events.data.trafficmanager.net. 11 CNAME onedscolprdneu02.northeurope.cloudapp.azure.com. 2 A 198.51.100.155 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-office.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 51117 + }, + "dns": { + "question": { + "class": "IN", + "name": "m365.cloud.microsoft", + "registered_domain": "cloud.microsoft", + "subdomain": "m365", + "top_level_domain": "microsoft", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51117: query: m365.cloud.microsoft IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "m365.cloud.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 51117 + }, + "dns": { + "question": { + "class": "IN", + "name": "m365.cloud.microsoft.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#51117 (m365.cloud.microsoft.): answer: m365.cloud.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "m365.cloud.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 56538 + }, + "dns": { + "question": { + "class": "IN", + "name": "m365.cloud.microsoft", + "registered_domain": "cloud.microsoft", + "subdomain": "m365", + "top_level_domain": "microsoft", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56538: query: m365.cloud.microsoft IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "m365.cloud.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 56538 + }, + "dns": { + "answers": [ + { + "data": "officehomemcm.anc.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "officehomemcm.afdcafe.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "home-office365-com.b-0004.b-msedge.net.", + "type": "CNAME" + }, + { + "data": "b-0004.b-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.212", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "m365.cloud.microsoft.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "officehomemcm.anc.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "officehomemcm.afdcafe.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "home-office365-com.b-0004.b-msedge.net.", + "type": "CNAME" + }, + { + "data": "b-0004.b-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.212", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#56538 (m365.cloud.microsoft.): answer: m365.cloud.microsoft. IN A (10.100.0.1) -> NOERROR 53 CNAME officehomemcm.anc.tm.svc.cloud.microsoft. 8 CNAME officehomemcm.afdcafe.tm.svc.cloud.microsoft. 41 CNAME home-office365-com.b-0004.b-msedge.net. 118 CNAME b-0004.b-msedge.net. 11 A 198.51.100.212 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "m365.cloud.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.23", + "port": 40411 + }, + "dns": { + "question": { + "class": "IN", + "name": "host149.example.net", + "registered_domain": "example.net", + "subdomain": "host149", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.23#40411: query: host149.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host149.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.23", + "port": 40411 + }, + "dns": { + "question": { + "class": "IN", + "name": "host149.example.net", + "registered_domain": "example.net", + "subdomain": "host149", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.23#40411: query: host149.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host149.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.23", + "port": 40411 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.242", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host149.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.242", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.23#40411 (host149.example.net.): answer: host149.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.242 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host149.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.23", + "port": 40411 + }, + "dns": { + "question": { + "class": "IN", + "name": "host149.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.23#40411 (host149.example.net.): answer: host149.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host149.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.24", + "port": 60102 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.24#60102: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.24", + "port": 60102 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.24#60102 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.178", + "port": 51651 + }, + "dns": { + "question": { + "class": "IN", + "name": "onedscolprdneu02.northeurope.cloudapp.azure.com", + "registered_domain": "azure.com", + "subdomain": "onedscolprdneu02.northeurope.cloudapp", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#51651: query: onedscolprdneu02.northeurope.cloudapp.azure.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "onedscolprdneu02.northeurope.cloudapp.azure.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.77", + "port": 50190 + }, + "dns": { + "question": { + "class": "IN", + "name": "identity.osi.office.net", + "registered_domain": "office.net", + "subdomain": "identity.osi", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.77#50190: query: identity.osi.office.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "identity.osi.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.77", + "port": 50190 + }, + "dns": { + "answers": [ + { + "data": "prod.identity1.osi.office.net.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "identity.osi.office.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod.identity1.osi.office.net.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.77#50190 (identity.osi.office.net.): answer: identity.osi.office.net. IN TYPE65 (10.100.0.1) -> NOERROR 904 CNAME prod.identity1.osi.office.net.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "identity.osi.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.77", + "port": 52190 + }, + "dns": { + "question": { + "class": "IN", + "name": "identity.osi.office.net", + "registered_domain": "office.net", + "subdomain": "identity.osi", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.77#52190: query: identity.osi.office.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "identity.osi.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.77", + "port": 52190 + }, + "dns": { + "answers": [ + { + "data": "prod.identity1.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "eur.identity1.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "3pidentity-prod-defaultgeo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "atm.office.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "198.51.100.237", + "type": "A" + }, + { + "data": "198.51.100.240", + "type": "A" + }, + { + "data": "198.51.100.239", + "type": "A" + }, + { + "data": "198.51.100.241", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "identity.osi.office.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod.identity1.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "eur.identity1.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "3pidentity-prod-defaultgeo.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "atm.office.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "198.51.100.237", + "type": "A" + }, + { + "data": "198.51.100.240", + "type": "A" + }, + { + "data": "198.51.100.239", + "type": "A" + }, + { + "data": "198.51.100.241", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.77#52190 (identity.osi.office.net.): answer: identity.osi.office.net. IN A (10.100.0.1) -> NOERROR 904 CNAME prod.identity1.osi.office.net.akadns.net. 142 CNAME eur.identity1.osi.office.net.akadns.net. 246 CNAME 3pidentity-prod-defaultgeo.trafficmanager.net. 49 CNAME atm.office.mira.tm.svc.cloud.microsoft. 9 A 198.51.100.237 9 A 198.51.100.240 9 A 198.51.100.239 9 A 198.51.100.241 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "identity.osi.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.72", + "port": 52371 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.google.com", + "registered_domain": "google.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#52371: query: www.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.72", + "port": 52371 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#52371 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 115 A 198.51.100.248 115 A 198.51.100.244 115 A 198.51.100.249 115 A 198.51.100.246 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.181", + "port": 63814 + }, + "dns": { + "answers": [ + { + "data": "faster.typekit.net-stls-v3.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1962.dscg.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.114", + "type": "A" + }, + { + "data": "198.51.100.122", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "faster.typekit.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "faster.typekit.net-stls-v3.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1962.dscg.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.114", + "type": "A" + }, + { + "data": "198.51.100.122", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.181#63814 (faster.typekit.net.): answer: faster.typekit.net. IN A (10.100.0.1) -> NOERROR 49 CNAME faster.typekit.net-stls-v3.edgesuite.net. 15555 CNAME a1962.dscg.akamai.net. 20 A 198.51.100.114 20 A 198.51.100.122 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "faster.typekit.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.72", + "port": 64444 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.google.com", + "registered_domain": "google.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#64444: query: www.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.72", + "port": 64444 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + }, + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.72#64444 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.249 115 A 198.51.100.246 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 115 A 198.51.100.248 115 A 198.51.100.244 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.171", + "port": 64564 + }, + "dns": { + "question": { + "class": "IN", + "name": "outlook.office.com", + "registered_domain": "office.com", + "subdomain": "outlook", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.171#64564: query: outlook.office.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.171", + "port": 64564 + }, + "dns": { + "question": { + "class": "IN", + "name": "outlook.office.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.171#64564 (outlook.office.com.): answer: outlook.office.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.171", + "port": 59964 + }, + "dns": { + "question": { + "class": "IN", + "name": "outlook.office.com", + "registered_domain": "office.com", + "subdomain": "outlook", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.171#59964: query: outlook.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.171", + "port": 59964 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "outlook.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.171#59964 (outlook.office.com.): answer: outlook.office.com. IN A (10.100.0.1) -> NOERROR 31 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.10 7 A 198.51.100.6 7 A 198.51.100.218 7 A 198.51.100.11 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.104", + "port": 57193 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.104#57193: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.104", + "port": 57193 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.104#57193 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.127", + "port": 51465 + }, + "dns": { + "question": { + "class": "IN", + "name": "host150.example.net", + "registered_domain": "example.net", + "subdomain": "host150", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.127#51465: query: host150.example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host150.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.175", + "port": 63931 + }, + "dns": { + "answers": [ + { + "data": "cf-viva.viva-forum.production.183295429382.eu-west-1.cloud.kompas.services.", + "type": "CNAME" + }, + { + "data": "djornz5oeyhvf.cloudfront.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.87", + "type": "A" + }, + { + "data": "198.51.100.90", + "type": "A" + }, + { + "data": "198.51.100.84", + "type": "A" + }, + { + "data": "198.51.100.89", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "forum.viva.nl.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "cf-viva.viva-forum.production.183295429382.eu-west-1.cloud.kompas.services.", + "type": "CNAME" + }, + { + "data": "djornz5oeyhvf.cloudfront.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.87", + "type": "A" + }, + { + "data": "198.51.100.90", + "type": "A" + }, + { + "data": "198.51.100.84", + "type": "A" + }, + { + "data": "198.51.100.89", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#63931 (forum.viva.nl.): answer: forum.viva.nl. IN A (10.100.0.1) -> NOERROR 300 CNAME cf-viva.viva-forum.production.183295429382.eu-west-1.cloud.kompas.services. 300 CNAME djornz5oeyhvf.cloudfront.net. 60 A 198.51.100.87 60 A 198.51.100.90 60 A 198.51.100.84 60 A 198.51.100.89 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "forum.viva.nl." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.127", + "port": 51465 + }, + "dns": { + "question": { + "class": "IN", + "name": "host151.example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.127#51465 (host151.example.net.): answer: host151.example.net. IN SOA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host151.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.146", + "port": 54240 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-teams.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#54240: query: eu-teams.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.146", + "port": 54240 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#54240 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.154", + "port": 65052 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.154#65052: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.154", + "port": 65052 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.154#65052 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.146", + "port": 56805 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-teams.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#56805: query: eu-teams.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.146", + "port": 56805 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#56805 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.127", + "port": 51465 + }, + "dns": { + "question": { + "class": "IN", + "name": "host015.example.net", + "registered_domain": "example.net", + "subdomain": "host015", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.127#51465: query: host015.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host015.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.127", + "port": 51465 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.189", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host015.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.189", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.127#51465 (host015.example.net.): answer: host015.example.net. IN A (10.100.0.1) -> NOERROR 600 A 10.1.0.189 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host015.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.178", + "port": 51651 + }, + "dns": { + "question": { + "class": "IN", + "name": "onedscolprdneu02.northeurope.cloudapp.azure.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.178#51651 (onedscolprdneu02.northeurope.cloudapp.azure.com.): answer: onedscolprdneu02.northeurope.cloudapp.azure.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "onedscolprdneu02.northeurope.cloudapp.azure.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.113", + "port": 50510 + }, + "dns": { + "question": { + "class": "IN", + "name": "10-courier.push.apple.com", + "registered_domain": "apple.com", + "subdomain": "10-courier.push", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.113#50510: query: 10-courier.push.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "10-courier.push.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.113", + "port": 50510 + }, + "dns": { + "answers": [ + { + "data": "10.courier-push-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "eu-nw-courier-4.push-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.38", + "type": "A" + }, + { + "data": "198.51.100.35", + "type": "A" + }, + { + "data": "198.51.100.33", + "type": "A" + }, + { + "data": "198.51.100.34", + "type": "A" + }, + { + "data": "198.51.100.37", + "type": "A" + }, + { + "data": "198.51.100.36", + "type": "A" + }, + { + "data": "198.51.100.32", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "10-courier.push.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.courier-push-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "eu-nw-courier-4.push-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.38", + "type": "A" + }, + { + "data": "198.51.100.35", + "type": "A" + }, + { + "data": "198.51.100.33", + "type": "A" + }, + { + "data": "198.51.100.34", + "type": "A" + }, + { + "data": "198.51.100.37", + "type": "A" + }, + { + "data": "198.51.100.36", + "type": "A" + }, + { + "data": "198.51.100.32", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.113#50510 (10-courier.push.apple.com.): answer: 10-courier.push.apple.com. IN A (10.100.0.1) -> NOERROR 12363 CNAME 10.courier-push-apple.com.akadns.net. 42 CNAME eu-nw-courier-4.push-apple.com.akadns.net. 22 A 198.51.100.38 22 A 198.51.100.35 22 A 198.51.100.33 22 A 198.51.100.34 22 A 198.51.100.37 22 A 198.51.100.36 22 A 198.51.100.32 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "10-courier.push.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.74", + "port": 55478 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.74#55478: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.74", + "port": 55478 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.74#55478 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.167", + "port": 62016 + }, + "dns": { + "question": { + "class": "IN", + "name": "dns.msftncsi.com", + "registered_domain": "msftncsi.com", + "subdomain": "dns", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.167#62016: query: dns.msftncsi.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.msftncsi.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.167", + "port": 62016 + }, + "dns": { + "answers": [ + { + "data": "fd12:3456:789a::1", + "type": "AAAA" + } + ], + "question": { + "class": "IN", + "name": "dns.msftncsi.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "fd12:3456:789a::1", + "type": "AAAA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.167#62016 (dns.msftncsi.com.): answer: dns.msftncsi.com. IN AAAA (10.100.0.1) -> NOERROR 428 AAAA fd12:3456:789a::1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "dns.msftncsi.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 49664 + }, + "dns": { + "question": { + "class": "IN", + "name": "turbo.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "turbo", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49664: query: turbo.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 49664 + }, + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-b01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "turbo.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-b01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#49664 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN A (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. 5 CNAME mr-b01.tm-azurefd.net. 28 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.211 35 A 198.51.100.210 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.127", + "port": 65381 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "denied" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<27>Apr 17 12:39:52 eip-dns-test01 named[38626]: client @0x22b4aaca8650 10.1.1.127#65381: update 'example.net/IN' denied" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 27 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 38626 + }, + "related": { + "hosts": [ + "example.net" + ] + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 62584 + }, + "dns": { + "question": { + "class": "IN", + "name": "turbo.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "turbo", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#62584: query: turbo.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 62584 + }, + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "turbo.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#62584 (turbo.microsoft.com.): answer: turbo.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 892 CNAME turbo-api-pe-e7dqbdh2bzgwg5fw.b01.azurefd.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "turbo.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 55489 + }, + "dns": { + "question": { + "class": "IN", + "name": "host113.example.net", + "registered_domain": "example.net", + "subdomain": "host113", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55489: query: host113.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 55489 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host113.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#55489 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 62798 + }, + "dns": { + "question": { + "class": "IN", + "name": "host113.example.net", + "registered_domain": "example.net", + "subdomain": "host113", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#62798: query: host113.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 62798 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host113.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#62798 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 52097 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#52097: query: host013.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 52097 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#52097: query: host013.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 52097 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#52097 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 52097 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#52097 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 63159 + }, + "dns": { + "question": { + "class": "IN", + "name": "host113.example.net", + "registered_domain": "example.net", + "subdomain": "host113", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#63159: query: host113.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 63159 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host113.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.207", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#63159 (host113.example.net.): answer: host113.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.207 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 60083 + }, + "dns": { + "question": { + "class": "IN", + "name": "host113.example.net", + "registered_domain": "example.net", + "subdomain": "host113", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#60083: query: host113.example.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.143", + "port": 60083 + }, + "dns": { + "question": { + "class": "IN", + "name": "host113.example.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.143#60083 (host113.example.net.): answer: host113.example.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host113.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.114", + "port": 13540 + }, + "dns": { + "question": { + "class": "IN", + "name": "4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy.fbcdn.net", + "registered_domain": "fbcdn.net", + "subdomain": "4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#13540: query: 4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy.fbcdn.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy.fbcdn.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.175", + "port": 65116 + }, + "dns": { + "question": { + "class": "IN", + "name": "djornz5oeyhvf.cloudfront.net", + "registered_domain": "cloudfront.net", + "subdomain": "djornz5oeyhvf", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#65116: query: djornz5oeyhvf.cloudfront.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "djornz5oeyhvf.cloudfront.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.65", + "port": 57857 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.65#57857: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.65", + "port": 57857 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.65#57857 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.32", + "port": 61185 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.32#61185: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.32", + "port": 61185 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.32#61185 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.146", + "port": 57244 + }, + "dns": { + "question": { + "class": "IN", + "name": "onedscolprdfrc01.francecentral.cloudapp.azure.com", + "registered_domain": "azure.com", + "subdomain": "onedscolprdfrc01.francecentral.cloudapp", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#57244: query: onedscolprdfrc01.francecentral.cloudapp.azure.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "onedscolprdfrc01.francecentral.cloudapp.azure.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.146", + "port": 57244 + }, + "dns": { + "question": { + "class": "IN", + "name": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.146#57244 (onedscolprdfrc01.francecentral.cloudapp.azure.com.): answer: onedscolprdfrc01.francecentral.cloudapp.azure.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "onedscolprdfrc01.francecentral.cloudapp.azure.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.31", + "port": 57376 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-word-telemetry.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-word-telemetry.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#57376: query: euc-word-telemetry.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-telemetry.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.31", + "port": 57376 + }, + "dns": { + "answers": [ + { + "data": "euc-word-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu5-word-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "euc-word-telemetry.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-word-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu5-word-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#57376 (euc-word-telemetry.officeapps.live.com.): answer: euc-word-telemetry.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR 5 CNAME euc-word-telemetry.wac.trafficmanager.net. 1 CNAME pgteu5-word-telemetry-vip.officeapps.live.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-telemetry.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.31", + "port": 56033 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-word-telemetry.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-word-telemetry.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#56033: query: euc-word-telemetry.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-telemetry.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.31", + "port": 56033 + }, + "dns": { + "answers": [ + { + "data": "euc-word-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu5-word-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.233", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-word-telemetry.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-word-telemetry.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pgteu5-word-telemetry-vip.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.233", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.31#56033 (euc-word-telemetry.officeapps.live.com.): answer: euc-word-telemetry.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 5 CNAME euc-word-telemetry.wac.trafficmanager.net. 1 CNAME pgteu5-word-telemetry-vip.officeapps.live.com. 5 A 198.51.100.233 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-word-telemetry.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.8", + "port": 58393 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.8#58393: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.8", + "port": 58393 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.8#58393 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.174", + "port": 62207 + }, + "dns": { + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "browser.events.data", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.174#62207: query: browser.events.data.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.174", + "port": 62207 + }, + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.174#62207 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.174", + "port": 56671 + }, + "dns": { + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "browser.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.174#56671: query: browser.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.174", + "port": 56671 + }, + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "browser.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "browser.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdcus03.centralus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.174#56671 (browser.events.data.microsoft.com.): answer: browser.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 48 CNAME browser.events.data.trafficmanager.net. 47 CNAME onedscolprdcus03.centralus.cloudapp.azure.com. 5 A 198.51.100.214 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "browser.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.163", + "port": 64873 + }, + "dns": { + "question": { + "class": "IN", + "name": "substrate.office.com", + "registered_domain": "office.com", + "subdomain": "substrate", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.163#64873: query: substrate.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.163", + "port": 64873 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "substrate.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.163#64873 (substrate.office.com.): answer: substrate.office.com. IN A (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.218 7 A 198.51.100.6 7 A 198.51.100.11 7 A 198.51.100.10 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.175", + "port": 65116 + }, + "dns": { + "question": { + "class": "IN", + "name": "djornz5oeyhvf.cloudfront.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.175#65116 (djornz5oeyhvf.cloudfront.net.): answer: djornz5oeyhvf.cloudfront.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "djornz5oeyhvf.cloudfront.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.117", + "port": 49320 + }, + "dns": { + "question": { + "class": "IN", + "name": "tm-sdk.platinumai.net", + "registered_domain": "platinumai.net", + "subdomain": "tm-sdk", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.117#49320: query: tm-sdk.platinumai.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "tm-sdk.platinumai.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.117", + "port": 49320 + }, + "dns": { + "question": { + "class": "IN", + "name": "tm-sdk.platinumai.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.117#49320 (tm-sdk.platinumai.net.): answer: tm-sdk.platinumai.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "tm-sdk.platinumai.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.132", + "port": 50989 + }, + "dns": { + "question": { + "class": "IN", + "name": "settings-win.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "settings-win.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.132#50989: query: settings-win.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "settings-win.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.132", + "port": 50989 + }, + "dns": { + "answers": [ + { + "data": "atm-settingsfe-prod-geo2.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "settings-prod-weu-1.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.231", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "settings-win.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "atm-settingsfe-prod-geo2.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "settings-prod-weu-1.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.231", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.132#50989 (settings-win.data.microsoft.com.): answer: settings-win.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 454 CNAME atm-settingsfe-prod-geo2.trafficmanager.net. 1 CNAME settings-prod-weu-1.westeurope.cloudapp.azure.com. 2 A 198.51.100.231 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "settings-win.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.68", + "port": 55642 + }, + "dns": { + "question": { + "class": "IN", + "name": "excelonline.nel.measure.office.net", + "registered_domain": "office.net", + "subdomain": "excelonline.nel.measure", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.68#55642: query: excelonline.nel.measure.office.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "excelonline.nel.measure.office.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.68", + "port": 55642 + }, + "dns": { + "answers": [ + { + "data": "nel.measure.office.net.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1894.dscb.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.116", + "type": "A" + }, + { + "data": "198.51.100.114", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "excelonline.nel.measure.office.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "nel.measure.office.net.edgesuite.net.", + "type": "CNAME" + }, + { + "data": "a1894.dscb.akamai.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.116", + "type": "A" + }, + { + "data": "198.51.100.114", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.68#55642 (excelonline.nel.measure.office.net.): answer: excelonline.nel.measure.office.net. IN A (10.100.0.1) -> NOERROR 8 CNAME nel.measure.office.net.edgesuite.net. 5049 CNAME a1894.dscb.akamai.net. 14 A 198.51.100.116 14 A 198.51.100.114 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "excelonline.nel.measure.office.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.28", + "port": 50745 + }, + "dns": { + "question": { + "class": "IN", + "name": "testorg.hive.templafy.com", + "registered_domain": "templafy.com", + "subdomain": "testorg.hive", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.28#50745: query: testorg.hive.templafy.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.hive.templafy.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.28", + "port": 50745 + }, + "dns": { + "answers": [ + { + "data": "templafyprod1.templafy.com.", + "type": "CNAME" + }, + { + "data": "templafyprod1.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "backendpooltemplafyprod1-3.templafy.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.153", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "testorg.hive.templafy.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "templafyprod1.templafy.com.", + "type": "CNAME" + }, + { + "data": "templafyprod1.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "backendpooltemplafyprod1-3.templafy.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.153", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.28#50745 (testorg.hive.templafy.com.): answer: testorg.hive.templafy.com. IN A (10.100.0.1) -> NOERROR 2800 CNAME templafyprod1.templafy.com. 40 CNAME templafyprod1.trafficmanager.net. 47 CNAME backendpooltemplafyprod1-3.templafy.com. 53 A 198.51.100.153 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.hive.templafy.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.173", + "port": 59994 + }, + "dns": { + "question": { + "class": "IN", + "name": "media-ams2-1.cdn.whatsapp.net", + "registered_domain": "whatsapp.net", + "subdomain": "media-ams2-1.cdn", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.173#59994: query: media-ams2-1.cdn.whatsapp.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "media-ams2-1.cdn.whatsapp.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.173", + "port": 59994 + }, + "dns": { + "question": { + "class": "IN", + "name": "media-ams2-1.cdn.whatsapp.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.173#59994 (media-ams2-1.cdn.whatsapp.net.): answer: media-ams2-1.cdn.whatsapp.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "media-ams2-1.cdn.whatsapp.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.173", + "port": 63733 + }, + "dns": { + "question": { + "class": "IN", + "name": "media-ams2-1.cdn.whatsapp.net", + "registered_domain": "whatsapp.net", + "subdomain": "media-ams2-1.cdn", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.173#63733: query: media-ams2-1.cdn.whatsapp.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "media-ams2-1.cdn.whatsapp.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.173", + "port": 63733 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.31", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "media-ams2-1.cdn.whatsapp.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.31", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.173#63733 (media-ams2-1.cdn.whatsapp.net.): answer: media-ams2-1.cdn.whatsapp.net. IN A (10.100.0.1) -> NOERROR 2211 A 198.51.100.31 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "media-ams2-1.cdn.whatsapp.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.44", + "port": 53603 + }, + "dns": { + "question": { + "class": "IN", + "name": "teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "teams", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.44#53603: query: teams.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.44", + "port": 53603 + }, + "dns": { + "answers": [ + { + "data": "teams.office.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "teams.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "teams.office.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.44#53603 (teams.microsoft.com.): answer: teams.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 95863 CNAME teams.office.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.44", + "port": 62020 + }, + "dns": { + "question": { + "class": "IN", + "name": "teams.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "teams", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.44#62020: query: teams.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.44", + "port": 62020 + }, + "dns": { + "answers": [ + { + "data": "teams.office.com.", + "type": "CNAME" + }, + { + "data": "tmc-g2.tm-4.office.com.", + "type": "CNAME" + }, + { + "data": "teams-office-com.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.251", + "type": "A" + }, + { + "data": "198.51.100.252", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "teams.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "teams.office.com.", + "type": "CNAME" + }, + { + "data": "tmc-g2.tm-4.office.com.", + "type": "CNAME" + }, + { + "data": "teams-office-com.s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "s-0005.dual-s-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.251", + "type": "A" + }, + { + "data": "198.51.100.252", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.44#62020 (teams.microsoft.com.): answer: teams.microsoft.com. IN A (10.100.0.1) -> NOERROR 95863 CNAME teams.office.com. 29 CNAME tmc-g2.tm-4.office.com. 22 CNAME teams-office-com.s-0005.dual-s-msedge.net. 101 CNAME s-0005.dual-s-msedge.net. 25 A 198.51.100.251 25 A 198.51.100.252 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "teams.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.158", + "port": 55420 + }, + "dns": { + "question": { + "class": "IN", + "name": "testorg.hive.templafy.com", + "registered_domain": "templafy.com", + "subdomain": "testorg.hive", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.158#55420: query: testorg.hive.templafy.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.hive.templafy.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.158", + "port": 55420 + }, + "dns": { + "answers": [ + { + "data": "templafyprod1.templafy.com.", + "type": "CNAME" + }, + { + "data": "templafyprod1.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "backendpooltemplafyprod1-3.templafy.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.153", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "testorg.hive.templafy.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "templafyprod1.templafy.com.", + "type": "CNAME" + }, + { + "data": "templafyprod1.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "backendpooltemplafyprod1-3.templafy.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.153", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.158#55420 (testorg.hive.templafy.com.): answer: testorg.hive.templafy.com. IN A (10.100.0.1) -> NOERROR 2800 CNAME templafyprod1.templafy.com. 40 CNAME templafyprod1.trafficmanager.net. 47 CNAME backendpooltemplafyprod1-3.templafy.com. 53 A 198.51.100.153 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "testorg.hive.templafy.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.151", + "port": 62818 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-mobile.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#62818: query: eu-mobile.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.151", + "port": 62818 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#62818 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.151", + "port": 54788 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-mobile.events.data", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#54788: query: eu-mobile.events.data.microsoft.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.151", + "port": 54788 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "eu-mobile.events.data.microsoft.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#54788 (eu-mobile.events.data.microsoft.com.): answer: eu-mobile.events.data.microsoft.com. IN AAAA (10.100.0.1) -> NOERROR 8 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-mobile.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.114", + "port": 13540 + }, + "dns": { + "question": { + "class": "IN", + "name": "4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy.fbcdn.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#13540 (4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy.fbcdn.net.): answer: 4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy.fbcdn.net. IN A (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "4f8e09fa-adbd-4aae-838f-eb74857a9643-netseer-ipaddr-assoc.xy.fbcdn.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.62", + "port": 50678 + }, + "dns": { + "question": { + "class": "IN", + "name": "uploads.cdn.biorender.com", + "registered_domain": "biorender.com", + "subdomain": "uploads.cdn", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.62#50678: query: uploads.cdn.biorender.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "uploads.cdn.biorender.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.62", + "port": 50678 + }, + "dns": { + "answers": [ + { + "data": "dw09pkmvpczpb.cloudfront.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "uploads.cdn.biorender.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dw09pkmvpczpb.cloudfront.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.62#50678 (uploads.cdn.biorender.com.): answer: uploads.cdn.biorender.com. IN TYPE65 (10.100.0.1) -> NOERROR 10 CNAME dw09pkmvpczpb.cloudfront.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "uploads.cdn.biorender.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.62", + "port": 65274 + }, + "dns": { + "question": { + "class": "IN", + "name": "uploads.cdn.biorender.com", + "registered_domain": "biorender.com", + "subdomain": "uploads.cdn", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.62#65274: query: uploads.cdn.biorender.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "uploads.cdn.biorender.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.41", + "port": 60316 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.41#60316: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.41", + "port": 60316 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.41#60316 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 59320 + }, + "dns": { + "question": { + "class": "IN", + "name": "pfr1-collabhubrtc.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "pfr1-collabhubrtc.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#59320: query: pfr1-collabhubrtc.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pfr1-collabhubrtc.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 59320 + }, + "dns": { + "answers": [ + { + "data": "pfr1-collabhubrtc-split.rtc.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pfr1-vipcollabrtc.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.234", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "pfr1-collabhubrtc.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "pfr1-collabhubrtc-split.rtc.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "pfr1-vipcollabrtc.officeapps.live.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.234", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#59320 (pfr1-collabhubrtc.officeapps.live.com.): answer: pfr1-collabhubrtc.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 79 CNAME pfr1-collabhubrtc-split.rtc.trafficmanager.net. 10 CNAME pfr1-vipcollabrtc.officeapps.live.com. 182 A 198.51.100.234 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pfr1-collabhubrtc.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 60305 + }, + "dns": { + "question": { + "class": "IN", + "name": "pfr1-collabhubrtc.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "pfr1-collabhubrtc.officeapps", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#60305: query: pfr1-collabhubrtc.officeapps.live.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pfr1-collabhubrtc.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.100", + "port": 60305 + }, + "dns": { + "question": { + "class": "IN", + "name": "pfr1-collabhubrtc.officeapps.live.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.100#60305 (pfr1-collabhubrtc.officeapps.live.com.): answer: pfr1-collabhubrtc.officeapps.live.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "pfr1-collabhubrtc.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.13", + "port": 48460 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net", + "registered_domain": "example.net", + "subdomain": "host031", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.13#48460: query: host031.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.13", + "port": 42494 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net", + "registered_domain": "example.net", + "subdomain": "host031", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.13#42494: query: host031.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.13", + "port": 48460 + }, + "dns": { + "question": { + "class": "IN", + "name": "host031.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.13#48460 (host031.example.net.): answer: host031.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.13", + "port": 42494 + }, + "dns": { + "answers": [ + { + "data": "10.1.1.134", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host031.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.1.134", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.13#42494 (host031.example.net.): answer: host031.example.net. IN A (10.100.0.1) -> NOERROR 300 A 10.1.1.134 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host031.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.114", + "port": 60260 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.114#60260: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.114", + "port": 49973 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.114#49973: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.114", + "port": 49973 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.114#49973 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.114", + "port": 60260 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.114#60260 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.10", + "port": 50807 + }, + "dns": { + "question": { + "class": "IN", + "name": "example.net", + "registered_domain": "example.net", + "top_level_domain": "net", + "type": "SOA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.10#50807: query: example.net IN SOA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.10", + "port": 50807 + }, + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "question": { + "class": "IN", + "name": "example.net.", + "type": "SOA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host015.example.net. empty.empty. 1438828 3600 600 1209600 3600", + "type": "SOA" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.10#50807 (example.net.): answer: example.net. IN SOA (10.100.0.1) -> NOERROR 3600 SOA host015.example.net. empty.empty. 1438828 3600 600 1209600 3600 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.130", + "port": 64737 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.130#64737: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.130", + "port": 64737 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.130#64737 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.89", + "port": 50723 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.89#50723: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.89", + "port": 50723 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.89#50723 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.73", + "port": 58165 + }, + "dns": { + "question": { + "class": "IN", + "name": "editor.svc.cloud.microsoft", + "registered_domain": "cloud.microsoft", + "subdomain": "editor.svc", + "top_level_domain": "microsoft", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.73#58165: query: editor.svc.cloud.microsoft IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "editor.svc.cloud.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.73", + "port": 58165 + }, + "dns": { + "answers": [ + { + "data": "prod1.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "editor.svc.cloud.microsoft.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod1.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.73#58165 (editor.svc.cloud.microsoft.): answer: editor.svc.cloud.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR 20 CNAME prod1.naturallanguageeditorservice.osi.office.net.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "editor.svc.cloud.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.73", + "port": 62974 + }, + "dns": { + "question": { + "class": "IN", + "name": "editor.svc.cloud.microsoft", + "registered_domain": "cloud.microsoft", + "subdomain": "editor.svc", + "top_level_domain": "microsoft", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.73#62974: query: editor.svc.cloud.microsoft IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "editor.svc.cloud.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "172.16.2.73", + "port": 62974 + }, + "dns": { + "answers": [ + { + "data": "prod1.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.49", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "editor.svc.cloud.microsoft.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod1.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.49", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 172.16.2.73#62974 (editor.svc.cloud.microsoft.): answer: editor.svc.cloud.microsoft. IN A (10.100.0.1) -> NOERROR 20 CNAME prod1.naturallanguageeditorservice.osi.office.net.akadns.net. 4 CNAME prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net. 4 A 198.51.100.49 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "editor.svc.cloud.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.122", + "port": 51055 + }, + "dns": { + "question": { + "class": "IN", + "name": "tas01.cwsapp.update.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "tas01.cwsapp.update", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.122#51055: query: tas01.cwsapp.update.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "tas01.cwsapp.update.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.122", + "port": 51055 + }, + "dns": { + "answers": [ + { + "data": "glb.tas01.cwsapp-prod.dcat.dsp.mp.microsoft.com.", + "type": "CNAME" + }, + { + "data": "glb.cwsapp.prod.dcat.dsp.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.226", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "tas01.cwsapp.update.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "glb.tas01.cwsapp-prod.dcat.dsp.mp.microsoft.com.", + "type": "CNAME" + }, + { + "data": "glb.cwsapp.prod.dcat.dsp.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.226", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.122#51055 (tas01.cwsapp.update.microsoft.com.): answer: tas01.cwsapp.update.microsoft.com. IN A (10.100.0.1) -> NOERROR 125 CNAME glb.tas01.cwsapp-prod.dcat.dsp.mp.microsoft.com. 621 CNAME glb.cwsapp.prod.dcat.dsp.trafficmanager.net. 18 A 198.51.100.226 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "tas01.cwsapp.update.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.89", + "port": 55853 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.89#55853: query: eu-v20.events.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.89", + "port": 55853 + }, + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu-v20.events.data.microsoft.com.", + "type": "CNAME" + }, + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.89#55853 (eu-v20.events.endpoint.security.microsoft.com.): answer: eu-v20.events.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 162 CNAME eu-v20.events.data.microsoft.com. 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.151", + "port": 49510 + }, + "dns": { + "question": { + "class": "IN", + "name": "onedscolprdfrc01.francecentral.cloudapp.azure.com", + "registered_domain": "azure.com", + "subdomain": "onedscolprdfrc01.francecentral.cloudapp", + "top_level_domain": "com", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#49510: query: onedscolprdfrc01.francecentral.cloudapp.azure.com IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "onedscolprdfrc01.francecentral.cloudapp.azure.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.151", + "port": 49510 + }, + "dns": { + "question": { + "class": "IN", + "name": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.151#49510 (onedscolprdfrc01.francecentral.cloudapp.azure.com.): answer: onedscolprdfrc01.francecentral.cloudapp.azure.com. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "onedscolprdfrc01.francecentral.cloudapp.azure.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.123", + "port": 58803 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.123#58803: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.123", + "port": 58803 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.123#58803 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.114", + "port": 41461 + }, + "dns": { + "question": { + "class": "IN", + "name": "host152.host152.host152.host152.example.net", + "registered_domain": "example.net", + "subdomain": "host152.host152.host152.host152", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#41461: query: host152.host152.host152.host152.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host152.host152.host152.host152.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.114", + "port": 41461 + }, + "dns": { + "question": { + "class": "IN", + "name": "host152.host152.host152.host152.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.114#41461 (host152.host152.host152.host152.example.net.): answer: host152.host152.host152.host152.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host152.host152.host152.host152.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.120", + "port": 52852 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.120#52852: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.120", + "port": 52852 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.120#52852 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.94", + "port": 62361 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.94#62361: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.94", + "port": 62361 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.94#62361 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 59427 + }, + "dns": { + "question": { + "class": "IN", + "name": "www.google.com", + "registered_domain": "google.com", + "subdomain": "www", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#59427: query: www.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 59427 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "www.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.247", + "type": "A" + }, + { + "data": "198.51.100.243", + "type": "A" + }, + { + "data": "198.51.100.245", + "type": "A" + }, + { + "data": "198.51.100.242", + "type": "A" + }, + { + "data": "198.51.100.248", + "type": "A" + }, + { + "data": "198.51.100.244", + "type": "A" + }, + { + "data": "198.51.100.249", + "type": "A" + }, + { + "data": "198.51.100.246", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#59427 (www.google.com.): answer: www.google.com. IN A (10.100.0.1) -> NOERROR 115 A 198.51.100.247 115 A 198.51.100.243 115 A 198.51.100.245 115 A 198.51.100.242 115 A 198.51.100.248 115 A 198.51.100.244 115 A 198.51.100.249 115 A 198.51.100.246 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "www.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 53826 + }, + "dns": { + "question": { + "class": "IN", + "name": "apple.com", + "registered_domain": "apple.com", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#53826: query: apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 53826 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.53", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.53", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#53826 (apple.com.): answer: apple.com. IN A (10.100.0.1) -> NOERROR 244 A 198.51.100.53 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.172", + "port": 56085 + }, + "dns": { + "question": { + "class": "IN", + "name": "enterpriseregistration.windows.net", + "registered_domain": "windows.net", + "subdomain": "enterpriseregistration", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.172#56085: query: enterpriseregistration.windows.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "enterpriseregistration.windows.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.172", + "port": 56085 + }, + "dns": { + "answers": [ + { + "data": "na.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "prdf.aadg.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.f.prd.aadg.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.212", + "type": "A" + }, + { + "data": "198.51.100.213", + "type": "A" + }, + { + "data": "198.51.100.150", + "type": "A" + }, + { + "data": "198.51.100.215", + "type": "A" + }, + { + "data": "198.51.100.152", + "type": "A" + }, + { + "data": "20.190.181", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "enterpriseregistration.windows.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "na.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "prdf.aadg.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.f.prd.aadg.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.214", + "type": "A" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.212", + "type": "A" + }, + { + "data": "198.51.100.213", + "type": "A" + }, + { + "data": "198.51.100.150", + "type": "A" + }, + { + "data": "198.51.100.215", + "type": "A" + }, + { + "data": "198.51.100.152", + "type": "A" + }, + { + "data": "20.190.181", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.172#56085 (enterpriseregistration.windows.net.): answer: enterpriseregistration.windows.net. IN A (10.100.0.1) -> NOERROR 1792 CNAME na.privatelink.msidentity.com. 129 CNAME prdf.aadg.msidentity.com. 21 CNAME www.tm.f.prd.aadg.akadns.net. 291 A 198.51.100.214 291 A 198.51.100.211 291 A 198.51.100.212 291 A 198.51.100.213 291 A 198.51.100.150 291 A 198.51.100.215 291 A 198.51.100.152 291 A 20.190.181" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "enterpriseregistration.windows.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.55", + "port": 57471 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.55#57471: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.55", + "port": 57471 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.55#57471 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.115", + "port": 30425 + }, + "dns": { + "question": { + "class": "IN", + "name": "gos-api.gos-gsp.io", + "registered_domain": "gos-gsp.io", + "subdomain": "gos-api", + "top_level_domain": "io", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.115#30425: query: gos-api.gos-gsp.io IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gos-api.gos-gsp.io" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.115", + "port": 30425 + }, + "dns": { + "answers": [ + { + "data": "gos-api-pew1.gos-gsp.io.", + "type": "CNAME" + }, + { + "data": "gos-api-pew1-a.gos-gsp.io.", + "type": "CNAME" + }, + { + "data": "198.51.100.197", + "type": "A" + }, + { + "data": "198.51.100.255", + "type": "A" + }, + { + "data": "198.51.100.17", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "gos-api.gos-gsp.io.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "gos-api-pew1.gos-gsp.io.", + "type": "CNAME" + }, + { + "data": "gos-api-pew1-a.gos-gsp.io.", + "type": "CNAME" + }, + { + "data": "198.51.100.197", + "type": "A" + }, + { + "data": "198.51.100.255", + "type": "A" + }, + { + "data": "198.51.100.17", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.115#30425 (gos-api.gos-gsp.io.): answer: gos-api.gos-gsp.io. IN A (10.100.0.1) -> NOERROR 27 CNAME gos-api-pew1.gos-gsp.io. 4 CNAME gos-api-pew1-a.gos-gsp.io. 13 A 198.51.100.197 13 A 198.51.100.255 13 A 198.51.100.17 13 A 198.51.100.46 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gos-api.gos-gsp.io." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.229", + "port": 54956 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.229#54956: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.229", + "port": 54956 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.229#54956 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.121", + "port": 62632 + }, + "dns": { + "question": { + "class": "IN", + "name": "keepalive.softether.org", + "registered_domain": "softether.org", + "subdomain": "keepalive", + "top_level_domain": "org", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.121#62632: query: keepalive.softether.org IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "keepalive.softether.org" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.121", + "port": 62632 + }, + "dns": { + "question": { + "class": "IN", + "name": "keepalive.softether.org.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.121#62632 (keepalive.softether.org.): answer: keepalive.softether.org. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "keepalive.softether.org." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.164", + "port": 60877 + }, + "dns": { + "question": { + "class": "IN", + "name": "ams-efz.ms-acdc.office.com", + "registered_domain": "office.com", + "subdomain": "ams-efz.ms-acdc", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.164#60877: query: ams-efz.ms-acdc.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ams-efz.ms-acdc.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.164", + "port": 60877 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ams-efz.ms-acdc.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.164#60877 (ams-efz.ms-acdc.office.com.): answer: ams-efz.ms-acdc.office.com. IN A (10.100.0.1) -> NOERROR 6 A 198.51.100.218 6 A 198.51.100.11 6 A 198.51.100.10 6 A 198.51.100.6 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ams-efz.ms-acdc.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.110", + "port": 65215 + }, + "dns": { + "question": { + "class": "IN", + "name": "ws-m2m.prs.healthcare.philips.com", + "registered_domain": "philips.com", + "subdomain": "ws-m2m.prs.healthcare", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.110#65215: query: ws-m2m.prs.healthcare.philips.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ws-m2m.prs.healthcare.philips.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.110", + "port": 65215 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.163", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ws-m2m.prs.healthcare.philips.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.163", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.110#65215 (ws-m2m.prs.healthcare.philips.com.): answer: ws-m2m.prs.healthcare.philips.com. IN A (10.100.0.1) -> NOERROR 1545 A 198.51.100.163 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ws-m2m.prs.healthcare.philips.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.112", + "port": 59837 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.icloud.com", + "registered_domain": "icloud.com", + "subdomain": "mask", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#59837: query: mask.icloud.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.112", + "port": 59837 + }, + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "mask.icloud.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#59837 (mask.icloud.com.): answer: mask.icloud.com. IN TYPE65 (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 51279 + }, + "dns": { + "question": { + "class": "IN", + "name": "waa-pa.clients6.google.com", + "registered_domain": "google.com", + "subdomain": "waa-pa.clients6", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#51279: query: waa-pa.clients6.google.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "waa-pa.clients6.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 51279 + }, + "dns": { + "question": { + "class": "IN", + "name": "waa-pa.clients6.google.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#51279 (waa-pa.clients6.google.com.): answer: waa-pa.clients6.google.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "waa-pa.clients6.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 49743 + }, + "dns": { + "question": { + "class": "IN", + "name": "waa-pa.clients6.google.com", + "registered_domain": "google.com", + "subdomain": "waa-pa.clients6", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#49743: query: waa-pa.clients6.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "waa-pa.clients6.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 49743 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.250", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "waa-pa.clients6.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.250", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#49743 (waa-pa.clients6.google.com.): answer: waa-pa.clients6.google.com. IN A (10.100.0.1) -> NOERROR 74 A 198.51.100.250 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "waa-pa.clients6.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.112", + "port": 62214 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.icloud.com", + "registered_domain": "icloud.com", + "subdomain": "mask", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#62214: query: mask.icloud.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.112", + "port": 62214 + }, + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mask.icloud.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "mask.apple-dns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.42", + "type": "A" + }, + { + "data": "198.51.100.41", + "type": "A" + }, + { + "data": "198.51.100.45", + "type": "A" + }, + { + "data": "198.51.100.46", + "type": "A" + }, + { + "data": "198.51.100.43", + "type": "A" + }, + { + "data": "198.51.100.44", + "type": "A" + }, + { + "data": "198.51.100.40", + "type": "A" + }, + { + "data": "198.51.100.47", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#62214 (mask.icloud.com.): answer: mask.icloud.com. IN A (10.100.0.1) -> NOERROR 9366 CNAME mask.apple-dns.net. 3 A 198.51.100.42 3 A 198.51.100.41 3 A 198.51.100.45 3 A 198.51.100.46 3 A 198.51.100.43 3 A 198.51.100.44 3 A 198.51.100.40 3 A 198.51.100.47 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.icloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 51237 + }, + "dns": { + "question": { + "class": "IN", + "name": "star.c10r.facebook.com", + "registered_domain": "facebook.com", + "subdomain": "star.c10r", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#51237: query: star.c10r.facebook.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "star.c10r.facebook.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 51237 + }, + "dns": { + "question": { + "class": "IN", + "name": "star.c10r.facebook.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#51237 (star.c10r.facebook.com.): answer: star.c10r.facebook.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "star.c10r.facebook.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 54810 + }, + "dns": { + "question": { + "class": "IN", + "name": "xp.apple.com", + "registered_domain": "apple.com", + "subdomain": "xp", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#54810: query: xp.apple.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "xp.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.60", + "port": 64556 + }, + "dns": { + "question": { + "class": "IN", + "name": "mdav.eu.endpoint.security.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "mdav.eu.endpoint.security", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.60#64556: query: mdav.eu.endpoint.security.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mdav.eu.endpoint.security.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 54810 + }, + "dns": { + "answers": [ + { + "data": "xp.itunes-apple.com.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "xp.apple.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "xp.itunes-apple.com.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#54810 (xp.apple.com.): answer: xp.apple.com. IN TYPE65 (10.100.0.1) -> NOERROR 2500 CNAME xp.itunes-apple.com.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "xp.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.60", + "port": 64556 + }, + "dns": { + "answers": [ + { + "data": "md-prod-simcon-atm-epp-eu.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip0.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.157", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mdav.eu.endpoint.security.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "md-prod-simcon-atm-epp-eu.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "md-prod-simcon-ip0.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.157", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.60#64556 (mdav.eu.endpoint.security.microsoft.com.): answer: mdav.eu.endpoint.security.microsoft.com. IN A (10.100.0.1) -> NOERROR 106 CNAME md-prod-simcon-atm-epp-eu.trafficmanager.net. 269 CNAME md-prod-simcon-ip0.westeurope.cloudapp.azure.com. 1 A 198.51.100.157 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mdav.eu.endpoint.security.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.4", + "port": 60140 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-excel.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-excel.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.4#60140: query: euc-excel.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.4", + "port": 60140 + }, + "dns": { + "answers": [ + { + "data": "euc-excel-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.236", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-excel.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-excel-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.236", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.4#60140 (euc-excel.officeapps.live.com.): answer: euc-excel.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 49 CNAME euc-excel-geo.wac.trafficmanager.net. 55 CNAME euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 44 CNAME wac-0003.wac-msedge.net. 17 A 198.51.100.236 17 A 198.51.100.235 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.4", + "port": 58957 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-excel.officeapps.live.com", + "registered_domain": "live.com", + "subdomain": "euc-excel.officeapps", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.4#58957: query: euc-excel.officeapps.live.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel.officeapps.live.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.4", + "port": 58957 + }, + "dns": { + "answers": [ + { + "data": "euc-excel-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.236", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "euc-excel.officeapps.live.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "euc-excel-geo.wac.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "wac-0003.wac-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.236", + "type": "A" + }, + { + "data": "198.51.100.235", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.4#58957 (euc-excel.officeapps.live.com.): answer: euc-excel.officeapps.live.com. IN A (10.100.0.1) -> NOERROR 49 CNAME euc-excel-geo.wac.trafficmanager.net. 55 CNAME euc-excel.wac.trafficmanager.net.wac-0003.wac-dc-msedge.net.wac-0003.wac-msedge.net. 44 CNAME wac-0003.wac-msedge.net. 17 A 198.51.100.236 17 A 198.51.100.235 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-excel.officeapps.live.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 52105 + }, + "dns": { + "question": { + "class": "IN", + "name": "ssl.gstatic.com", + "registered_domain": "gstatic.com", + "subdomain": "ssl", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#52105: query: ssl.gstatic.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ssl.gstatic.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 52105 + }, + "dns": { + "question": { + "class": "IN", + "name": "ssl.gstatic.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#52105 (ssl.gstatic.com.): answer: ssl.gstatic.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ssl.gstatic.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 58669 + }, + "dns": { + "question": { + "class": "IN", + "name": "ssl.gstatic.com", + "registered_domain": "gstatic.com", + "subdomain": "ssl", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#58669: query: ssl.gstatic.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ssl.gstatic.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 58669 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.165", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ssl.gstatic.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.165", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#58669 (ssl.gstatic.com.): answer: ssl.gstatic.com. IN A (10.100.0.1) -> NOERROR 4 A 198.51.100.165 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ssl.gstatic.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.110", + "port": 59967 + }, + "dns": { + "question": { + "class": "IN", + "name": "ws-m2m.prs.healthcare.philips.com", + "registered_domain": "philips.com", + "subdomain": "ws-m2m.prs.healthcare", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.110#59967: query: ws-m2m.prs.healthcare.philips.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ws-m2m.prs.healthcare.philips.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.110", + "port": 59967 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.163", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "ws-m2m.prs.healthcare.philips.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.163", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.110#59967 (ws-m2m.prs.healthcare.philips.com.): answer: ws-m2m.prs.healthcare.philips.com. IN A (10.100.0.1) -> NOERROR 1545 A 198.51.100.163 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "ws-m2m.prs.healthcare.philips.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.100", + "port": 62713 + }, + "dns": { + "question": { + "class": "IN", + "name": "outlook.office.com", + "registered_domain": "office.com", + "subdomain": "outlook", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.100#62713: query: outlook.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.100", + "port": 62713 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "outlook.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.10", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.100#62713 (outlook.office.com.): answer: outlook.office.com. IN A (10.100.0.1) -> NOERROR 31 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.10 7 A 198.51.100.6 7 A 198.51.100.218 7 A 198.51.100.11 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "outlook.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.88", + "port": 59170 + }, + "dns": { + "question": { + "class": "IN", + "name": "gacs-discovery.cloud.com", + "registered_domain": "cloud.com", + "subdomain": "gacs-discovery", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.88#59170: query: gacs-discovery.cloud.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gacs-discovery.cloud.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.63", + "port": 62901 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.63#62901: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.63", + "port": 62901 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.63#62901 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 49874 + }, + "dns": { + "question": { + "class": "IN", + "name": "xp.apple.com", + "registered_domain": "apple.com", + "subdomain": "xp", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#49874: query: xp.apple.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "xp.apple.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 49874 + }, + "dns": { + "answers": [ + { + "data": "xp.itunes-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "xp-cdn-lb.itunes-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "xp.v.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.55", + "type": "A" + }, + { + "data": "198.51.100.54", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "xp.apple.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "xp.itunes-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "xp-cdn-lb.itunes-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "xp.v.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.55", + "type": "A" + }, + { + "data": "198.51.100.54", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#49874 (xp.apple.com.): answer: xp.apple.com. IN A (10.100.0.1) -> NOERROR 2500 CNAME xp.itunes-apple.com.akadns.net. 77 CNAME xp-cdn-lb.itunes-apple.com.akadns.net. 25 CNAME xp.v.aaplimg.com. 11 A 198.51.100.55 11 A 198.51.100.54 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "xp.apple.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.112", + "port": 51115 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net", + "registered_domain": "apple-dns.net", + "subdomain": "mask", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#51115: query: mask.apple-dns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.112", + "port": 51115 + }, + "dns": { + "question": { + "class": "IN", + "name": "mask.apple-dns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.112#51115 (mask.apple-dns.net.): answer: mask.apple-dns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mask.apple-dns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.38", + "port": 60453 + }, + "dns": { + "question": { + "class": "IN", + "name": "substrate.office.com", + "registered_domain": "office.com", + "subdomain": "substrate", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.38#60453: query: substrate.office.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.38", + "port": 60453 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "substrate.office.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.38#60453 (substrate.office.com.): answer: substrate.office.com. IN TYPE65 (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.38", + "port": 54881 + }, + "dns": { + "question": { + "class": "IN", + "name": "substrate.office.com", + "registered_domain": "office.com", + "subdomain": "substrate", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.38#54881: query: substrate.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.38", + "port": 54881 + }, + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "substrate.office.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "outlook.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "acdcatm.outlook.mira.tm.svc.cloud.microsoft.", + "type": "CNAME" + }, + { + "data": "outlook.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "ams-efz.ms-acdc.office.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.218", + "type": "A" + }, + { + "data": "198.51.100.6", + "type": "A" + }, + { + "data": "198.51.100.11", + "type": "A" + }, + { + "data": "198.51.100.10", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.38#54881 (substrate.office.com.): answer: substrate.office.com. IN A (10.100.0.1) -> NOERROR 46 CNAME outlook.cloud.microsoft. 175 CNAME acdcatm.outlook.mira.tm.svc.cloud.microsoft. 11 CNAME outlook.ms-acdc.office.com. 13 CNAME ams-efz.ms-acdc.office.com. 7 A 198.51.100.218 7 A 198.51.100.6 7 A 198.51.100.11 7 A 198.51.100.10 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "substrate.office.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.62", + "port": 65274 + }, + "dns": { + "answers": [ + { + "data": "dw09pkmvpczpb.cloudfront.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.93", + "type": "A" + }, + { + "data": "198.51.100.95", + "type": "A" + }, + { + "data": "198.51.100.92", + "type": "A" + }, + { + "data": "198.51.100.94", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "uploads.cdn.biorender.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "dw09pkmvpczpb.cloudfront.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.93", + "type": "A" + }, + { + "data": "198.51.100.95", + "type": "A" + }, + { + "data": "198.51.100.92", + "type": "A" + }, + { + "data": "198.51.100.94", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.62#65274 (uploads.cdn.biorender.com.): answer: uploads.cdn.biorender.com. IN A (10.100.0.1) -> NOERROR 10 CNAME dw09pkmvpczpb.cloudfront.net. 60 A 198.51.100.93 60 A 198.51.100.95 60 A 198.51.100.92 60 A 198.51.100.94 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "uploads.cdn.biorender.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.120", + "port": 62227 + }, + "dns": { + "question": { + "class": "IN", + "name": "v10.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "v10.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.120#62227: query: v10.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v10.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.120", + "port": 62227 + }, + "dns": { + "answers": [ + { + "data": "win-global-asimov-leafs-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdeus11.eastus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.154", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "v10.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "win-global-asimov-leafs-events-data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdeus11.eastus.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.154", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.120#62227 (v10.events.data.microsoft.com.): answer: v10.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 22 CNAME win-global-asimov-leafs-events-data.trafficmanager.net. 6 CNAME onedscolprdeus11.eastus.cloudapp.azure.com. 5 A 198.51.100.154 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "v10.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.88", + "port": 59170 + }, + "dns": { + "answers": [ + { + "data": "appconfig-ffb2c4are9abh3fa.a01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-a01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "gacs-discovery.cloud.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "appconfig-ffb2c4are9abh3fa.a01.azurefd.net.", + "type": "CNAME" + }, + { + "data": "mr-a01.tm-azurefd.net.", + "type": "CNAME" + }, + { + "data": "dual.part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "part-0017.t-0009.fb-t-msedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.211", + "type": "A" + }, + { + "data": "198.51.100.210", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.88#59170 (gacs-discovery.cloud.com.): answer: gacs-discovery.cloud.com. IN A (10.100.0.1) -> NOERROR 242 CNAME appconfig-ffb2c4are9abh3fa.a01.azurefd.net. 18 CNAME mr-a01.tm-azurefd.net. 25 CNAME dual.part-0017.t-0009.fb-t-msedge.net. 37 CNAME part-0017.t-0009.fb-t-msedge.net. 35 A 198.51.100.211 35 A 198.51.100.210 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "gacs-discovery.cloud.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.160", + "port": 53191 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.160#53191: query: graph.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.160", + "port": 53191 + }, + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + }, + { + "data": "198.51.100.141", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "graph.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.prd.ags.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.210", + "type": "A" + }, + { + "data": "198.51.100.139", + "type": "A" + }, + { + "data": "198.51.100.138", + "type": "A" + }, + { + "data": "198.51.100.149", + "type": "A" + }, + { + "data": "198.51.100.142", + "type": "A" + }, + { + "data": "198.51.100.140", + "type": "A" + }, + { + "data": "198.51.100.143", + "type": "A" + }, + { + "data": "198.51.100.141", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.160#53191 (graph.microsoft.com.): answer: graph.microsoft.com. IN A (10.100.0.1) -> NOERROR 1055 CNAME ags.privatelink.msidentity.com. 165 CNAME www.tm.prd.ags.akadns.net. 122 A 198.51.100.210 122 A 198.51.100.139 122 A 198.51.100.138 122 A 198.51.100.149 122 A 198.51.100.142 122 A 198.51.100.140 122 A 198.51.100.143 122 A 198.51.100.141 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.160", + "port": 50737 + }, + "dns": { + "question": { + "class": "IN", + "name": "graph.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "graph", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.160#50737: query: graph.microsoft.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.160", + "port": 50737 + }, + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "graph.microsoft.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "ags.privatelink.msidentity.com.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.160#50737 (graph.microsoft.com.): answer: graph.microsoft.com. IN TYPE65 (10.100.0.1) -> NOERROR 1054 CNAME ags.privatelink.msidentity.com. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "graph.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.132", + "port": 53090 + }, + "dns": { + "question": { + "class": "IN", + "name": "iphone-ld.origin-apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "iphone-ld.origin-apple.com", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#53090: query: iphone-ld.origin-apple.com.akadns.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "iphone-ld.origin-apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.132", + "port": 53090 + }, + "dns": { + "answers": [ + { + "data": "iphone-ld-migration.origin-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "iphone-ld.v.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.54", + "type": "A" + }, + { + "data": "198.51.100.57", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "iphone-ld.origin-apple.com.akadns.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "iphone-ld-migration.origin-apple.com.akadns.net.", + "type": "CNAME" + }, + { + "data": "iphone-ld.v.aaplimg.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.54", + "type": "A" + }, + { + "data": "198.51.100.57", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#53090 (iphone-ld.origin-apple.com.akadns.net.): answer: iphone-ld.origin-apple.com.akadns.net. IN A (10.100.0.1) -> NOERROR 292 CNAME iphone-ld-migration.origin-apple.com.akadns.net. 23 CNAME iphone-ld.v.aaplimg.com. 8 A 198.51.100.54 8 A 198.51.100.57 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "iphone-ld.origin-apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.132", + "port": 51249 + }, + "dns": { + "question": { + "class": "IN", + "name": "iphone-ld.origin-apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "iphone-ld.origin-apple.com", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#51249: query: iphone-ld.origin-apple.com.akadns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "iphone-ld.origin-apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.132", + "port": 51249 + }, + "dns": { + "question": { + "class": "IN", + "name": "iphone-ld.origin-apple.com.akadns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#51249 (iphone-ld.origin-apple.com.akadns.net.): answer: iphone-ld.origin-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "iphone-ld.origin-apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.110", + "port": 64771 + }, + "dns": { + "question": { + "class": "IN", + "name": "locate-europe-west-azure-1.devicetrust.com", + "registered_domain": "devicetrust.com", + "subdomain": "locate-europe-west-azure-1", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.110#64771: query: locate-europe-west-azure-1.devicetrust.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "locate-europe-west-azure-1.devicetrust.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.110", + "port": 64771 + }, + "dns": { + "answers": [ + { + "data": "whois-eu-west-1.azurewebsites.net.", + "type": "CNAME" + }, + { + "data": "hosts.whois-eu-west-1.azurewebsites.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.134", + "type": "A" + }, + { + "data": "198.51.100.135", + "type": "A" + }, + { + "data": "198.51.100.132", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.207", + "type": "A" + }, + { + "data": "198.51.100.133", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "locate-europe-west-azure-1.devicetrust.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "whois-eu-west-1.azurewebsites.net.", + "type": "CNAME" + }, + { + "data": "hosts.whois-eu-west-1.azurewebsites.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.134", + "type": "A" + }, + { + "data": "198.51.100.135", + "type": "A" + }, + { + "data": "198.51.100.132", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.207", + "type": "A" + }, + { + "data": "198.51.100.133", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.110#64771 (locate-europe-west-azure-1.devicetrust.com.): answer: locate-europe-west-azure-1.devicetrust.com. IN A (10.100.0.1) -> NOERROR 146 CNAME whois-eu-west-1.azurewebsites.net. 16 CNAME hosts.whois-eu-west-1.azurewebsites.net. 29 A 198.51.100.134 29 A 198.51.100.135 29 A 198.51.100.132 29 A 198.51.100.208 29 A 198.51.100.207 29 A 198.51.100.133 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "locate-europe-west-azure-1.devicetrust.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.219", + "port": 56542 + }, + "dns": { + "question": { + "class": "IN", + "name": "198.51.100.39.in-addr.arpa", + "registered_domain": "39.in-addr.arpa", + "subdomain": "198.51.100", + "top_level_domain": "in-addr.arpa", + "type": "PTR" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#56542: query: 198.51.100.39.in-addr.arpa IN PTR (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.39.in-addr.arpa" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.219", + "port": 56542 + }, + "dns": { + "answers": [ + { + "data": "host153.host153.example.net.", + "type": "PTR" + } + ], + "question": { + "class": "IN", + "name": "198.51.100.39.in-addr.arpa.", + "type": "PTR" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host153.host153.example.net.", + "type": "PTR" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#56542 (198.51.100.39.in-addr.arpa.): answer: 198.51.100.39.in-addr.arpa. IN PTR (10.100.0.1) -> NOERROR 28800 PTR host153.host153.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "198.51.100.39.in-addr.arpa." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.219", + "port": 57577 + }, + "dns": { + "question": { + "class": "IN", + "name": "host153.host153.example.net", + "registered_domain": "example.net", + "subdomain": "host153.host153", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#57577: query: host153.host153.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host153.host153.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.219", + "port": 57577 + }, + "dns": { + "question": { + "class": "IN", + "name": "host153.host153.example.net", + "registered_domain": "example.net", + "subdomain": "host153.host153", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#57577: query: host153.host153.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host153.host153.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 48628 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#48628: query: host013.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 48628 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net", + "registered_domain": "example.net", + "subdomain": "host013", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#48628: query: host013.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.219", + "port": 57577 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.218", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host153.host153.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.218", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#57577 (host153.host153.example.net.): answer: host153.host153.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.218 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host153.host153.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.219", + "port": 57577 + }, + "dns": { + "question": { + "class": "IN", + "name": "host153.host153.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.219#57577 (host153.host153.example.net.): answer: host153.host153.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host153.host153.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 48628 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.217", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#48628 (host013.example.net.): answer: host013.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.217 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.20", + "port": 48628 + }, + "dns": { + "question": { + "class": "IN", + "name": "host013.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.20#48628 (host013.example.net.): answer: host013.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host013.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 64723 + }, + "dns": { + "question": { + "class": "IN", + "name": "g.whatsapp.net", + "registered_domain": "whatsapp.net", + "subdomain": "g", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#64723: query: g.whatsapp.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "g.whatsapp.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 62816 + }, + "dns": { + "question": { + "class": "IN", + "name": "xp.itunes-apple.com.akadns.net", + "registered_domain": "akadns.net", + "subdomain": "xp.itunes-apple.com", + "top_level_domain": "net", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#62816: query: xp.itunes-apple.com.akadns.net IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "xp.itunes-apple.com.akadns.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.172", + "port": 64723 + }, + "dns": { + "answers": [ + { + "data": "chat.cdn.whatsapp.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.33", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "g.whatsapp.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "chat.cdn.whatsapp.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.33", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.172#64723 (g.whatsapp.net.): answer: g.whatsapp.net. IN A (10.100.0.1) -> NOERROR 299 CNAME chat.cdn.whatsapp.net. 6 A 198.51.100.33 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "g.whatsapp.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 62816 + }, + "dns": { + "answers": [ + { + "data": "xp-cdn-lb.itunes-apple.com.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "xp.itunes-apple.com.akadns.net.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "xp-cdn-lb.itunes-apple.com.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#62816 (xp.itunes-apple.com.akadns.net.): answer: xp.itunes-apple.com.akadns.net. IN TYPE65 (10.100.0.1) -> NOERROR 76 CNAME xp-cdn-lb.itunes-apple.com.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "xp.itunes-apple.com.akadns.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.141", + "port": 53995 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.141#53995: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.141", + "port": 53995 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.141#53995 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.141", + "port": 51396 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net", + "registered_domain": "example.net", + "subdomain": "host001", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.141#51396: query: host001.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.141", + "port": 51396 + }, + "dns": { + "question": { + "class": "IN", + "name": "host001.example.net.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.141#51396 (host001.example.net.): answer: host001.example.net. IN A (10.100.0.1) -> NXDOMAIN " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host001.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.155", + "port": 60368 + }, + "dns": { + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "winatp-gw-weu", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.155#60368: query: winatp-gw-weu.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.155", + "port": 60368 + }, + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "winatp-gw-weu.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "sevillecloudgateway-weu-prd.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.48", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.155#60368 (winatp-gw-weu.microsoft.com.): answer: winatp-gw-weu.microsoft.com. IN A (10.100.0.1) -> NOERROR 340 CNAME sevillecloudgateway-weu-prd.trafficmanager.net. 37 CNAME mps-mde-prd-weu-16-service-tag.westeurope.cloudapp.azure.com. 4 A 198.51.100.48 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "winatp-gw-weu.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.42", + "port": 59690 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-teams.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.42#59690: query: eu-teams.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.42", + "port": 59690 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-teams.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.42#59690 (eu-teams.events.data.microsoft.com.): answer: eu-teams.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 9 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-teams.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.22", + "port": 42840 + }, + "dns": { + "question": { + "class": "IN", + "name": "host124.example.net", + "registered_domain": "example.net", + "subdomain": "host124", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#42840: query: host124.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host124.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.22", + "port": 42840 + }, + "dns": { + "question": { + "class": "IN", + "name": "host124.example.net", + "registered_domain": "example.net", + "subdomain": "host124", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#42840: query: host124.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host124.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.22", + "port": 42840 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.238", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host124.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.238", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#42840 (host124.example.net.): answer: host124.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.238 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host124.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.22", + "port": 42840 + }, + "dns": { + "question": { + "class": "IN", + "name": "host124.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.22#42840 (host124.example.net.): answer: host124.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host124.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 61589 + }, + "dns": { + "question": { + "class": "IN", + "name": "scontent-ams2-1.cdninstagram.com", + "registered_domain": "cdninstagram.com", + "subdomain": "scontent-ams2-1", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#61589: query: scontent-ams2-1.cdninstagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "scontent-ams2-1.cdninstagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 61589 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.27", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "scontent-ams2-1.cdninstagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.27", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#61589 (scontent-ams2-1.cdninstagram.com.): answer: scontent-ams2-1.cdninstagram.com. IN A (10.100.0.1) -> NOERROR 90 A 198.51.100.27 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "scontent-ams2-1.cdninstagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.132", + "port": 54332 + }, + "dns": { + "question": { + "class": "IN", + "name": "iphone-ld.v.aaplimg.com", + "registered_domain": "aaplimg.com", + "subdomain": "iphone-ld.v", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#54332: query: iphone-ld.v.aaplimg.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "iphone-ld.v.aaplimg.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.132", + "port": 54332 + }, + "dns": { + "question": { + "class": "IN", + "name": "iphone-ld.v.aaplimg.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.132#54332 (iphone-ld.v.aaplimg.com.): answer: iphone-ld.v.aaplimg.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "iphone-ld.v.aaplimg.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.17", + "port": 63349 + }, + "dns": { + "question": { + "class": "IN", + "name": "host154.example.net", + "registered_domain": "example.net", + "subdomain": "host154", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.17#63349: query: host154.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host154.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.182", + "port": 51869 + }, + "dns": { + "question": { + "class": "IN", + "name": "login.microsoftonline.com", + "registered_domain": "microsoftonline.com", + "subdomain": "login", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.182#51869: query: login.microsoftonline.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.182", + "port": 51869 + }, + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "login.microsoftonline.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "login.mso.msidentity.com.", + "type": "CNAME" + }, + { + "data": "ak.privatelink.msidentity.com.", + "type": "CNAME" + }, + { + "data": "www.tm.a.prd.aadg.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.145", + "type": "A" + }, + { + "data": "198.51.100.147", + "type": "A" + }, + { + "data": "198.51.100.209", + "type": "A" + }, + { + "data": "198.51.100.144", + "type": "A" + }, + { + "data": "198.51.100.137", + "type": "A" + }, + { + "data": "198.51.100.146", + "type": "A" + }, + { + "data": "198.51.100.208", + "type": "A" + }, + { + "data": "198.51.100.148", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.182#51869 (login.microsoftonline.com.): answer: login.microsoftonline.com. IN A (10.100.0.1) -> NOERROR 7955 CNAME login.mso.msidentity.com. 71 CNAME ak.privatelink.msidentity.com. 41 CNAME www.tm.a.prd.aadg.trafficmanager.net. 99 A 198.51.100.145 99 A 198.51.100.147 99 A 198.51.100.209 99 A 198.51.100.144 99 A 198.51.100.137 99 A 198.51.100.146 99 A 198.51.100.208 99 A 198.51.100.148 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "login.microsoftonline.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.17", + "port": 63349 + }, + "dns": { + "question": { + "class": "IN", + "name": "host155.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.17#63349 (host155.example.net.): answer: host155.example.net. IN A (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host155.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.191", + "port": 45557 + }, + "dns": { + "question": { + "class": "IN", + "name": "host132.example.net", + "registered_domain": "example.net", + "subdomain": "host132", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#45557: query: host132.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.191", + "port": 45557 + }, + "dns": { + "answers": [ + { + "data": "10.1.0.224", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host132.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "10.1.0.224", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#45557 (host132.example.net.): answer: host132.example.net. IN A (10.100.0.1) -> NOERROR 28800 A 10.1.0.224 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.191", + "port": 45557 + }, + "dns": { + "question": { + "class": "IN", + "name": "host132.example.net", + "registered_domain": "example.net", + "subdomain": "host132", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#45557: query: host132.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.191", + "port": 45557 + }, + "dns": { + "question": { + "class": "IN", + "name": "host132.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.191#45557 (host132.example.net.): answer: host132.example.net. IN AAAA (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host132.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 59092 + }, + "dns": { + "question": { + "class": "IN", + "name": "xp.v.aaplimg.com", + "registered_domain": "aaplimg.com", + "subdomain": "xp.v", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#59092: query: xp.v.aaplimg.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "xp.v.aaplimg.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.141", + "port": 59092 + }, + "dns": { + "question": { + "class": "IN", + "name": "xp.v.aaplimg.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.141#59092 (xp.v.aaplimg.com.): answer: xp.v.aaplimg.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "xp.v.aaplimg.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 52577 + }, + "dns": { + "question": { + "class": "IN", + "name": "scontent-lhr6-2.cdninstagram.com", + "registered_domain": "cdninstagram.com", + "subdomain": "scontent-lhr6-2", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#52577: query: scontent-lhr6-2.cdninstagram.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "scontent-lhr6-2.cdninstagram.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.165", + "port": 52577 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.20", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "scontent-lhr6-2.cdninstagram.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.20", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.165#52577 (scontent-lhr6-2.cdninstagram.com.): answer: scontent-lhr6-2.cdninstagram.com. IN A (10.100.0.1) -> NOERROR 695 A 198.51.100.20 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "scontent-lhr6-2.cdninstagram.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.204", + "port": 52449 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.204#52449: query: host007.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.204", + "port": 52449 + }, + "dns": { + "question": { + "class": "IN", + "name": "host007.example.net", + "registered_domain": "example.net", + "subdomain": "host007", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.204#52449: query: host007.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.204", + "port": 52449 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + }, + { + "data": "10.100.0.1", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.204#52449 (host007.example.net.): answer: host007.example.net. IN A (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. 3600 A 10.100.0.1 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.204", + "port": 52449 + }, + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "host007.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host008.example.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.204#52449 (host007.example.net.): answer: host007.example.net. IN AAAA (10.100.0.1) -> NOERROR 3600 CNAME host008.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host007.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.81", + "port": 50648 + }, + "dns": { + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com", + "registered_domain": "citrix.com", + "subdomain": "downloadplugins", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.81#50648: query: downloadplugins.citrix.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.81", + "port": 50648 + }, + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "downloadplugins.citrix.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "downloadplugins.citrix.com.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e8793.g.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.183", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.81#50648 (downloadplugins.citrix.com.): answer: downloadplugins.citrix.com. IN A (10.100.0.1) -> NOERROR 1605 CNAME downloadplugins.citrix.com.edgekey.net. 1506 CNAME e8793.g.akamaiedge.net. 13 A 198.51.100.183 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "downloadplugins.citrix.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 61572 + }, + "dns": { + "question": { + "class": "IN", + "name": "mail.google.com", + "registered_domain": "google.com", + "subdomain": "mail", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#61572: query: mail.google.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mail.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 52908 + }, + "dns": { + "question": { + "class": "IN", + "name": "mail.google.com", + "registered_domain": "google.com", + "subdomain": "mail", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#52908: query: mail.google.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mail.google.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 52908 + }, + "dns": { + "answers": [ + { + "data": "198.51.100.240", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "mail.google.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "198.51.100.240", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#52908 (mail.google.com.): answer: mail.google.com. IN A (10.100.0.1) -> NOERROR 233 A 198.51.100.240 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mail.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.190", + "port": 53302 + }, + "dns": { + "question": { + "class": "IN", + "name": "host156.host156.example.net", + "registered_domain": "example.net", + "subdomain": "host156.host156", + "top_level_domain": "net", + "type": "AAAA" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.190#53302: query: host156.host156.example.net IN AAAA (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host156.host156.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.190", + "port": 53302 + }, + "dns": { + "answers": [ + { + "data": "host157.host157.example.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "host156.host156.example.net.", + "type": "AAAA" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host157.host157.example.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.190#53302 (host156.host156.example.net.): answer: host156.host156.example.net. IN AAAA (10.100.0.1) -> NOERROR 28800 CNAME host157.host157.example.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host156.host156.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.190", + "port": 39280 + }, + "dns": { + "question": { + "class": "IN", + "name": "host156.host156.example.net", + "registered_domain": "example.net", + "subdomain": "host156.host156", + "top_level_domain": "net", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.190#39280: query: host156.host156.example.net IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host156.host156.example.net" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "as": { + "number": 64501, + "organization": { + "name": "Documentation ASN" + } + }, + "geo": { + "city_name": "Amsterdam", + "continent_name": "Europe", + "country_iso_code": "NL", + "country_name": "Netherlands", + "location": { + "lat": 52.37404, + "lon": 4.88969 + }, + "region_iso_code": "NL-NH", + "region_name": "North Holland" + }, + "ip": "198.51.100.190", + "port": 39280 + }, + "dns": { + "answers": [ + { + "data": "host157.host157.example.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.189", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "host156.host156.example.net.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "host157.host157.example.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.189", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 198.51.100.190#39280 (host156.host156.example.net.): answer: host156.host156.example.net. IN A (10.100.0.1) -> NOERROR 28800 CNAME host157.host157.example.net. 28800 A 198.51.100.189 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "host156.host156.example.net." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.161", + "port": 55971 + }, + "dns": { + "question": { + "class": "IN", + "name": "editor.svc.cloud.microsoft", + "registered_domain": "cloud.microsoft", + "subdomain": "editor.svc", + "top_level_domain": "microsoft", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.161#55971: query: editor.svc.cloud.microsoft IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "editor.svc.cloud.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.161", + "port": 55971 + }, + "dns": { + "answers": [ + { + "data": "prod1.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "editor.svc.cloud.microsoft.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod1.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.161#55971 (editor.svc.cloud.microsoft.): answer: editor.svc.cloud.microsoft. IN TYPE65 (10.100.0.1) -> NOERROR 20 CNAME prod1.naturallanguageeditorservice.osi.office.net.akadns.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "editor.svc.cloud.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.149", + "port": 49773 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.149#49773: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.149", + "port": 49773 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.149#49773 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.161", + "port": 62709 + }, + "dns": { + "question": { + "class": "IN", + "name": "editor.svc.cloud.microsoft", + "registered_domain": "cloud.microsoft", + "subdomain": "editor.svc", + "top_level_domain": "microsoft", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.161#62709: query: editor.svc.cloud.microsoft IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "editor.svc.cloud.microsoft" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.161", + "port": 62709 + }, + "dns": { + "answers": [ + { + "data": "prod1.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.49", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "editor.svc.cloud.microsoft.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod1.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.49", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.161#62709 (editor.svc.cloud.microsoft.): answer: editor.svc.cloud.microsoft. IN A (10.100.0.1) -> NOERROR 20 CNAME prod1.naturallanguageeditorservice.osi.office.net.akadns.net. 4 CNAME prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net. 4 A 198.51.100.49 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "editor.svc.cloud.microsoft." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.126", + "port": 52802 + }, + "dns": { + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "eu-v20.events.data", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.126#52802: query: eu-v20.events.data.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.126", + "port": 52802 + }, + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "eu-v20.events.data.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "eu.events.data.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "onedscolprdfrc01.francecentral.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.230", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.126#52802 (eu-v20.events.data.microsoft.com.): answer: eu-v20.events.data.microsoft.com. IN A (10.100.0.1) -> NOERROR 67 CNAME eu.events.data.trafficmanager.net. 6 CNAME onedscolprdfrc01.francecentral.cloudapp.azure.com. 2 A 198.51.100.230 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "eu-v20.events.data.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 61559 + }, + "dns": { + "question": { + "class": "IN", + "name": "acrobat.adobe.com", + "registered_domain": "adobe.com", + "subdomain": "acrobat", + "top_level_domain": "com", + "type": "TYPE65" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61559: query: acrobat.adobe.com IN TYPE65 (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 61559 + }, + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + } + ], + "question": { + "class": "IN", + "name": "acrobat.adobe.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61559 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN TYPE65 (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.112", + "port": 56686 + }, + "dns": { + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com", + "registered_domain": "microsoft.com", + "subdomain": "europe.smartscreen", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.112#56686: query: europe.smartscreen.microsoft.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.1.112", + "port": 56686 + }, + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "europe.smartscreen.microsoft.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "prod-atm-wds-e5-europe.trafficmanager.net.", + "type": "CNAME" + }, + { + "data": "prod-agic-we-3.westeurope.cloudapp.azure.com.", + "type": "CNAME" + }, + { + "data": "198.51.100.156", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.1.112#56686 (europe.smartscreen.microsoft.com.): answer: europe.smartscreen.microsoft.com. IN A (10.100.0.1) -> NOERROR 1193 CNAME prod-atm-wds-e5-europe.trafficmanager.net. 151 CNAME prod-agic-we-3.westeurope.cloudapp.azure.com. 3 A 198.51.100.156 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "europe.smartscreen.microsoft.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 61242 + }, + "dns": { + "question": { + "class": "IN", + "name": "acrobat.adobe.com", + "registered_domain": "adobe.com", + "subdomain": "acrobat", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61242: query: acrobat.adobe.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.90", + "port": 61242 + }, + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.124", + "type": "A" + }, + { + "data": "198.51.100.128", + "type": "A" + } + ], + "question": { + "class": "IN", + "name": "acrobat.adobe.com.", + "type": "A" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "answers": [ + { + "data": "acrobat.adobe.com.i.edgekey.net.", + "type": "CNAME" + }, + { + "data": "e29329.dsca.akamaiedge.net.", + "type": "CNAME" + }, + { + "data": "198.51.100.124", + "type": "A" + }, + { + "data": "198.51.100.128", + "type": "A" + } + ], + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.90#61242 (acrobat.adobe.com.): answer: acrobat.adobe.com. IN A (10.100.0.1) -> NOERROR 124 CNAME acrobat.adobe.com.i.edgekey.net. 18179 CNAME e29329.dsca.akamaiedge.net. 20 A 198.51.100.124 20 A 198.51.100.128 " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "acrobat.adobe.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.11", + "port": 61572 + }, + "dns": { + "question": { + "class": "IN", + "name": "mail.google.com.", + "type": "TYPE65" + }, + "response_code": "NOERROR" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.11#61572 (mail.google.com.): answer: mail.google.com. IN TYPE65 (10.100.0.1) -> NOERROR " + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "mail.google.com." + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + }, + { + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.130", + "port": 55301 + }, + "dns": { + "question": { + "class": "IN", + "name": "188926-ipv4fdsmte.gr.global.aa-rt.sharepoint.com", + "registered_domain": "sharepoint.com", + "subdomain": "188926-ipv4fdsmte.gr.global.aa-rt", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.130#55301: query: 188926-ipv4fdsmte.gr.global.aa-rt.sharepoint.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "188926-ipv4fdsmte.gr.global.aa-rt.sharepoint.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } + } + ] +} diff --git a/packages/efficient_ip/data_stream/log/agent/stream/udp.yml.hbs b/packages/efficient_ip/data_stream/log/agent/stream/udp.yml.hbs new file mode 100644 index 00000000000..40a1ef99b8c --- /dev/null +++ b/packages/efficient_ip/data_stream/log/agent/stream/udp.yml.hbs @@ -0,0 +1,33 @@ +host: {{listen_address}}:{{listen_port}} +{{#if max_message_size}} +max_message_size: {{max_message_size}} +{{/if}} +{{#if timeout}} +timeout: {{timeout}} +{{/if}} +{{#if keep_null}} +keep_null: {{keep_null}} +{{/if}} +{{#if tags.length}} +tags: +{{#each tags as |tag|}} +- {{tag}} +{{/each}} +{{#if preserve_original_event}} +- preserve_original_event +{{/if}} +{{else}} +{{#if preserve_original_event}} +tags: +- preserve_original_event +{{/if}} +{{/if}} + +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} + +{{#if processors}} +processors: +{{processors}} +{{/if}} \ No newline at end of file diff --git a/packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..e4e79e5c2de --- /dev/null +++ b/packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,235 @@ +--- +description: Pipeline for parsing EfficientIP DDI logs. +processors: + - rename: + field: message + target_field: event.original + ignore_missing: true + if: ctx.event?.original == null + - set: + field: ecs.version + value: '8.11.0' + - grok: + field: event.original + patterns: + - "^<%{NUMBER:log.syslog.priority:long}>(?:%{SYSLOGTIMESTAMP:event.created}|%{TIMESTAMP_ISO8601:event.created})\\s+%{DATA:host.name}\\s+%{DATA:efficient_ip.log.service_name}\\[?%{NUMBER:process.pid:long}?\\]?:\\s+%{GREEDYDATA:message}$" + - "^<%{NUMBER:log.syslog.priority:long}>(?:%{SYSLOGTIMESTAMP:event.created}|%{TIMESTAMP_ISO8601:event.created})\\s+%{DATA:host.name}\\s+%{GREEDYDATA:message}$" + - "^%{GREEDYDATA:message}$" + - rename: + field: _conf.tz_offset + target_field: event.timezone + if: ctx._conf?.tz_offset != null && ctx._conf.tz_offset != 'local' + ignore_missing: true + ignore_failure: true + - date: + field: event.created + tag: date_event_created_tz + timezone: '{{{event.timezone}}}' + if: ctx.event?.timezone != null && ctx.event.created != null + target_field: event.created + formats: + - MMM d HH:mm:ss + - MMM dd HH:mm:ss + - MMM d HH:mm:ss + - dd-MMM-yyyy HH:mm:ss.SSS + - ISO8601 + on_failure: + - remove: + field: event.created + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - date: + field: event.created + tag: date_event_created_notz + if: ctx.event?.timezone == null && ctx.event?.created != null + target_field: event.created + formats: + - MMM d HH:mm:ss + - MMM dd HH:mm:ss + - MMM d HH:mm:ss + - dd-MMM-yyyy HH:mm:ss.SSS + - ISO8601 + on_failure: + - remove: + field: event.created + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - set: + field: efficient_ip.log.type + value: 'DHCP' + if: ctx.efficient_ip?.log?.service_name == 'dhcpd' || ctx.efficient_ip?.log?.service_name == 'dhcpdv6' + - set: + field: efficient_ip.log.type + value: 'DNS' + if: ctx.efficient_ip?.log?.service_name == 'named' + - set: + field: efficient_ip.log.type + value: 'AUDIT' + if: ctx.efficient_ip?.log?.service_name == 'httpd' + - pipeline: + name: '{{ IngestPipeline "pipeline_dhcp" }}' + if: ctx.efficient_ip?.log?.type == 'DHCP' + - pipeline: + name: '{{ IngestPipeline "pipeline_dns" }}' + if: ctx.efficient_ip?.log?.type == 'DNS' + # Since logstash sets the @timestamp if not present, `override: true` is required to overwrite the value with event timestamp. + - set: + field: '@timestamp' + copy_from: event.created + if: ctx.event?.created != null + override: true + # If individual pipelines has timestamp, they should take priority. This makes @timestamp < event.created conforming to ECS. + - set: + field: '@timestamp' + copy_from: _tmp.timestamp + if: ctx._tmp?.timestamp != null + override: true + - convert: + field: _tmp.host.ip + if: ctx._tmp?.host?.ip != null && ctx._tmp.host.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: _tmp.host.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{_tmp.host.ip}}}' + if: ctx._tmp?.host?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + field: _tmp.ip + if: ctx._tmp?.ip != null && ctx._tmp.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: _tmp.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{_tmp.ip}}}' + if: ctx._tmp?.ip != null + allow_duplicates: false + ignore_failure: true + - append: + field: related.hosts + value: '{{{host.domain}}}' + if: ctx.host?.domain != null + allow_duplicates: false + ignore_failure: true + - append: + field: host.ip + value: '{{{_tmp.host.ip}}}' + if: ctx._tmp?.host?.ip != null + ignore_failure: true + - append: + field: host.ip + value: '{{{_tmp.ip}}}' + if: ctx._tmp?.ip != null + ignore_failure: true + - lowercase: + field: event.action + if: ctx.event?.action != null + ignore_failure: true + - geoip: + field: "client.ip" + target_field: "client.geo" + if: ctx.client?.geo == null && ctx.client?.ip != null + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: client.ip + target_field: client.as + properties: + - asn + - organization_name + ignore_missing: true + if: ctx.client?.ip != null + - rename: + field: client.as.asn + target_field: client.as.number + ignore_missing: true + if: ctx.client?.as?.asn != null + - rename: + field: client.as.organization_name + target_field: client.as.organization.name + ignore_missing: true + if: ctx.client?.as?.organization_name != null + - dissect: + field: network.transport + pattern: "view %{}: %{network.transport}" + if: ctx.network?.transport instanceof String && ctx.network.transport.contains('view') + - lowercase: + field: network.transport + ignore_missing: true + - script: + description: Drops null/empty values recursively. + lang: painless + source: | + boolean drop(Object o) { + if (o == null || o == '') { + return true; + } else if (o instanceof Map) { + ((Map) o).values().removeIf(v -> drop(v)); + return (((Map) o).size() == 0); + } else if (o instanceof List) { + ((List) o).removeIf(v -> drop(v)); + return (((List) o).length == 0); + } + return false; + } + drop(ctx); + - remove: + field: message + ignore_missing: true + if: ctx.event?.original != null + - remove: + field: + - _conf + - _tmp + ignore_failure: true + ignore_missing: true +on_failure: + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - set: + field: event.kind + value: pipeline_error + - append: + field: tags + value: preserve_original_event + allow_duplicates: false \ No newline at end of file diff --git a/packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml b/packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml new file mode 100644 index 00000000000..0b082e8a942 --- /dev/null +++ b/packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml @@ -0,0 +1,339 @@ +--- +description: Pipeline for parsing EfficientIP DHCP logs. +processors: + - set: + field: network.protocol + value: dhcp + - grok: + tag: grok_DHCPDISCOVER_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPDISCOVER') + patterns: + - '^%{WORD:event.action} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id}: network %{DATA:efficient_ip.log.dhcp.network}: %{GREEDYDATA:efficient_ip.log.dhcp.discover.message}$' + - '^%{WORD:event.action} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{WORD:event.action} from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPOFFER_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPOFFER') + patterns: + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{NUMBER:efficient_ip.log.dhcp.offered.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{GREEDYDATA:efficient_ip.log.dhcp.offered.duration:long}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{GREEDYDATA:efficient_ip.log.dhcp.offered.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{GREEDYDATA:efficient_ip.log.dhcp.offered.duration:long}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{GREEDYDATA:efficient_ip.log.dhcp.lease.duration:long}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPREQUEST_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPREQUEST') + patterns: + - '^%{WORD:event.action} for %{IP:client.ip} \(%{IP:efficient_ip.log.dhcp.router.ip}\) from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{DATA:efficient_ip.log.dhcp.uid} \(%{GREEDYDATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{DATA:efficient_ip.log.dhcp.uid} \(%{GREEDYDATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{DATA:efficient_ip.log.dhcp.uid}: %{GREEDYDATA:efficient_ip.log.dhcp.request.message}$' + - '^%{WORD:event.action} for %{IP:client.ip} \(%{IP:efficient_ip.log.dhcp.router.ip}\) from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} for %{IP:client.ip} \(%{IP:efficient_ip.log.dhcp.router.ip}\) from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} \(%{GREEDYDATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{DATA:efficient_ip.log.dhcp.uid} \(%{GREEDYDATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} for %{IP:client.ip} \(%{IP:efficient_ip.log.dhcp.router.ip}\) from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id}: %{GREEDYDATA:efficient_ip.log.dhcp.request.message}$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id}: %{GREEDYDATA:efficient_ip.log.dhcp.request.message}$' + - '^%{WORD:event.action} for %{IP:client.ip} \(%{IP:efficient_ip.log.dhcp.router.ip}\) from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{WORD:event.action} for %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name})$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPACK_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPACK') + patterns: + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{NUMBER:efficient_ip.log.dhcp.offered.duration:long} \(%{DATA:efficient_ip.log.dhcp.message}\) uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{NUMBER:efficient_ip.log.dhcp.offered.duration:long} \(%{DATA:efficient_ip.log.dhcp.message}\) uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} \(%{DATA:efficient_ip.log.dhcp.lease.message}\) uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} (?:\(%{DATA:efficient_ip.log.dhcp.client_hostname}\) )?via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{NUMBER:efficient_ip.log.dhcp.offered.duration:long} \(%{DATA:efficient_ip.log.dhcp.message}\)$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} \(%{DATA:efficient_ip.log.dhcp.lease.message}\) uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} \(%{DATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} \(%{GREEDYDATA:efficient_ip.log.dhcp.lease.message}\)$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{GREEDYDATA:efficient_ip.log.dhcp.lease.duration:long}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{GREEDYDATA:efficient_ip.log.dhcp.lease.duration:long}$' + - '^%{WORD:event.action} to %{IP:client.ip} \(%{MAC:client.mac}\) via %{WORD:observer.ingress.interface.name}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_RELEASE_message + field: message + if: ctx.message != null && ctx.message.contains('RELEASE') + patterns: + - '^%{WORD:event.action} of %{IP:client.ip} from %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) \(%{DATA:efficient_ip.log.dhcp.release.info}\) TransID %{DATA:efficient_ip.log.dhcp.trans_id} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' + - '^%{WORD:event.action} of %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) \(%{DATA:efficient_ip.log.dhcp.release.info}\) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPEXPIRE_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPEXPIRE') + patterns: + - '^%{WORD:event.action} on %{IP:client.ip} to %{GREEDYDATA:client.mac}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPINFORM_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPINFORM') + patterns: + - '^%{WORD:event.action} from %{IP:client.ip} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id}: %{GREEDYDATA:efficient_ip.log.dhcp.inform.message}$' + - '^%{WORD:event.action} from %{IP:client.ip} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPDECLINE_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPDECLINE') + patterns: + - '^%{WORD:event.action} of %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) TransID %{DATA:efficient_ip.log.dhcp.trans_id}: %{GREEDYDATA:efficient_ip.log.dhcp.decline.message}$' + - '^%{WORD:event.action} of %{IP:client.ip} from %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}): %{GREEDYDATA:efficient_ip.log.dhcp.decline.message}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPNAK_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPNAK') + patterns: + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name})$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_DHCPLEASEQUERY_message + field: message + if: ctx.message != null && ctx.message.contains('DHCPLEASEQUERY') + patterns: + - '^%{WORD:event.action} from %{IP:client.ip}: %{GREEDYDATA:efficient_ip.log.dhcp.lease_query.message}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_REFUSED_message + field: message + if: ctx.message != null && ctx.message.contains('REFUSED') + patterns: + - '^%{REVERSE_UPDATE:event.action} for %{IP:client.ip} abandoned because of non-retryable failure: %{DATA:event.outcome}$' + - '^Unable to %{ADD_FORWARD:event.action} from %{DATA:efficient_ip.log.dhcp.forward_name} to %{IP:efficient_ip.log.dhcp.ip} by server %{IP:server.ip}#%{NUMBER:server.port:long}: %{DATA:event.outcome}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + pattern_definitions: + ADD_FORWARD: (?i:add forward map) + REVERSE_UPDATE: (?i:reverse map update) + - gsub: + field: event.action + pattern: ' ' + replacement: '_' + if: ctx.event?.outcome?.equalsIgnoreCase('refused') == true + - set: + field: event.outcome + value: failure + if: ctx.event?.outcome?.equalsIgnoreCase('refused') == true + - grok: + tag: grok_Encapsulated_Solicit_message + field: message + if: ctx.message != null && ctx.message.contains('Encapsulated Solicit') + patterns: + - '^%{DATA:event.action} message from %{IP:client.ip} port %{NUMBER:client.port:long} from client DUID %{GREEDYDATA:efficient_ip.log.dhcp.duid}, transaction ID %{GREEDYDATA:efficient_ip.log.dhcp.trans_id}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_Advertise_NA_message + field: message + if: ctx.message != null && ctx.message.contains('Advertise NA') + patterns: + - '^%{DATA:event.action}: address %{IP:client.ip} to client with duid %{GREEDYDATA:efficient_ip.log.dhcp.duid} iaid = -%{GREEDYDATA:efficient_ip.log.dhcp.iaid} valid for %{NUMBER:efficient_ip.log.dhcp.validation_second:long} seconds$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_Relay_forward_message + field: message + if: ctx.message != null && ctx.message.contains('Relay-forward') + patterns: + - '^%{DATA:event.action} message from %{IP:client.ip} port %{NUMBER:client.port:long}, link address %{IP:efficient_ip.log.dhcp.link_address}, peer address %{IP:efficient_ip.log.dhcp.peer_address}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_Encapsulating_Advertise_message + field: message + if: ctx.message != null && ctx.message.contains('Encapsulating Advertise') + patterns: + - '^%{DATA:event.action} message to send to %{IP:client.ip} port %{NUMBER:client.port:long}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_Sending_Relay_reply_message + field: message + if: ctx.message != null && ctx.message.contains('Sending Relay-reply') + patterns: + - '^%{DATA:event.action} message to %{IP:client.ip} port %{NUMBER:client.port:long}$' + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - grok: + tag: grok_fallback_message + field: message + if: ctx.message != null && ctx.event?.action == null + patterns: + - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' + - lowercase: + field: event.action + ignore_failure: true + ignore_missing: true + - gsub: + field: client.mac + ignore_missing: true + pattern: '[-:.]' + replacement: '-' + - uppercase: + field: client.mac + ignore_missing: true + - convert: + tag: convert_client_ip + field: client.ip + if: ctx.client?.ip != null && ctx.client.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: client.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{client.ip}}}' + if: ctx.client?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + tag: convert_dhcp_link_address + field: efficient_ip.log.dhcp.link_address + if: ctx.efficient_ip?.log?.dhcp?.link_address != null && ctx.efficient_ip.log.dhcp.link_address != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: efficient_ip.log.dhcp.link_address + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{efficient_ip.log.dhcp.link_address}}}' + if: ctx.efficient_ip?.log?.dhcp?.link_address != null + allow_duplicates: false + ignore_failure: true + - convert: + tag: convert_dhcp_peer_address + field: efficient_ip.log.dhcp.peer_address + if: ctx.efficient_ip?.log?.dhcp?.peer_address != null && ctx.efficient_ip.log.dhcp.peer_address != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: efficient_ip.log.dhcp.peer_address + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{efficient_ip.log.dhcp.peer_address}}}' + if: ctx.efficient_ip?.log?.dhcp?.peer_address != null + allow_duplicates: false + ignore_failure: true + - convert: + tag: convert_dhcp_router_ip + field: efficient_ip.log.dhcp.router.ip + if: ctx.efficient_ip?.log?.dhcp?.router?.ip != null && ctx.efficient_ip.log.dhcp.router.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: efficient_ip.log.dhcp.router.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{efficient_ip.log.dhcp.router.ip}}}' + if: ctx.efficient_ip?.log?.dhcp?.router?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + tag: convert_dhcp_interface_ip + field: efficient_ip.log.dhcp.interface.ip + if: ctx.efficient_ip?.log?.dhcp?.interface?.ip != null && ctx.efficient_ip.log.dhcp.interface.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: efficient_ip.log.dhcp.interface.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{efficient_ip.log.dhcp.interface.ip}}}' + if: ctx.efficient_ip?.log?.dhcp?.interface?.ip != null + allow_duplicates: false + ignore_failure: true + - convert: + tag: convert_dhcp_relay_interface_ip + field: efficient_ip.log.dhcp.relay.interface.ip + if: ctx.efficient_ip?.log?.dhcp?.relay?.interface?.ip != null && ctx.efficient_ip.log.dhcp.relay.interface.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: efficient_ip.log.dhcp.relay.interface.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{efficient_ip.log.dhcp.relay.interface.ip}}}' + if: ctx.efficient_ip?.log?.dhcp?.relay?.interface?.ip != null + allow_duplicates: false + ignore_failure: true + - append: + field: related.hosts + value: '{{{efficient_ip.log.dhcp.client_hostname}}}' + if: ctx.efficient_ip?.log?.dhcp?.client_hostname != null + allow_duplicates: false + ignore_failure: true +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} + failed with message '{{{ _ingest.on_failure_message }}}' \ No newline at end of file diff --git a/packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml b/packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml new file mode 100644 index 00000000000..282e00f64cd --- /dev/null +++ b/packages/efficient_ip/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml @@ -0,0 +1,169 @@ +--- +description: Pipeline for parsing EfficientIP DNS logs. +processors: + - set: + field: network.protocol + value: dns + - grok: + field: message + patterns: + - "%{CLIENT}\\s*\\(%{GREEDYDATA}.\\)\\:\\s*%{NOTSPACE:efficient_ip.log.dns.category}\\: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type} \\(%{IP:server.ip}\\) -> %{WORD:dns.response_code}(\\s+%{GREEDYDATA:dns_answers_data})?" + - "%{CLIENT}\\s+(\\(%{GREEDYDATA}.\\))?\\s*%{NOTSPACE:efficient_ip.log.dns.category}\\: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type}\\s+\\(%{IP:server.ip}\\)$" + - "%{CLIENT}\\s+update '%{DATA:dns.question.name}/%{WORD:dns.question.class}' %{GREEDYDATA:efficient_ip.log.dns.category}" + pattern_definitions: + CLIENT: 'client (?:%{DATA} )?%{IP:client.ip}#%{NUMBER:client.port:long}:?' + VIEW: 'view %{DATA:efficient_ip.log.view}: ' + - date: + field: _tmp.timestamp + target_field: _tmp.timestamp + if: ctx._tmp?.timestamp != null && ctx.event?.timezone != null + tag: date_tmp_timestamp_tz + timezone: '{{{event.timezone}}}' + formats: + - dd-MMM-yyyy HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSS'Z' + on_failure: + - remove: + field: _tmp.timestamp + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' + - date: + field: _tmp.timestamp + target_field: _tmp.timestamp + tag: date_tmp_timestamp_notz + if: ctx._tmp?.timestamp != null && ctx.event?.timezone == null + formats: + - dd-MMM-yyyy HH:mm:ss.SSS + - yyyy-MM-dd HH:mm:ss.SSS'Z' + on_failure: + - remove: + field: _tmp.timestamp + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' + - script: + lang: painless + if: "ctx.dns_answers_data != null && ctx.dns_answers_data != ''" + description: "Parse DNS answer records" + source: | + def answers = new ArrayList(); + def text = ctx.dns_answers_data.trim(); + def validTypes = new HashSet(['A','AAAA','CNAME','SOA','SRV','PTR','MX','NS','TXT']); + // Split by spaces and walk tokens to find TTL TYPE boundaries + def tokens = text.splitOnToken(' '); + int i = 0; + while (i < tokens.length - 1) { + def tok = tokens[i]; + // Skip empty tokens from multiple spaces + if (tok.length() == 0) { i++; continue; } + // Check if token is a number (TTL) followed by a valid type + boolean isNum = true; + for (int c = 0; c < tok.length(); c++) { + if (!Character.isDigit(tok.charAt(c))) { isNum = false; break; } + } + if (!isNum) { i++; continue; } + // Find next non-empty token + int j = i + 1; + while (j < tokens.length && tokens[j].length() == 0) { j++; } + if (j >= tokens.length) break; + def typeStr = tokens[j]; + boolean isType = validTypes.contains(typeStr) || (typeStr.length() > 4 && typeStr.substring(0, 4).equals('TYPE')); + if (!isType) { i++; continue; } + // Collect data tokens until next TTL+TYPE pair or end + int dataStart = j + 1; + int dataEnd = dataStart; + while (dataEnd < tokens.length) { + def dt = tokens[dataEnd]; + if (dt.length() == 0) { dataEnd++; continue; } + boolean dtIsNum = true; + for (int c = 0; c < dt.length(); c++) { + if (!Character.isDigit(dt.charAt(c))) { dtIsNum = false; break; } + } + if (dtIsNum && dataEnd + 1 < tokens.length) { + int k = dataEnd + 1; + while (k < tokens.length && tokens[k].length() == 0) { k++; } + if (k < tokens.length) { + def nt = tokens[k]; + if (validTypes.contains(nt) || (nt.length() > 4 && nt.substring(0, 4).equals('TYPE'))) { + break; + } + } + } + dataEnd++; + } + def dataParts = new ArrayList(); + for (int d = dataStart; d < dataEnd; d++) { + if (tokens[d].length() > 0) dataParts.add(tokens[d]); + } + def answer = new HashMap(); + answer.put('type', typeStr); + answer.put('data', String.join(' ', dataParts)); + answers.add(answer); + i = dataEnd; + } + if (ctx.dns == null) { + ctx.dns = new HashMap(); + } + ctx.dns.put('answers', answers); + if (ctx.efficient_ip?.log?.dns == null) { + if (ctx.efficient_ip == null) ctx.efficient_ip = new HashMap(); + if (ctx.efficient_ip.log == null) ctx.efficient_ip.put('log', new HashMap()); + if (ctx.efficient_ip.log.dns == null) ctx.efficient_ip.log.put('dns', new HashMap()); + } + ctx.efficient_ip.log.dns.put('answers', answers); + ctx.remove('dns_answers_data'); + - convert: + field: server.ip + if: ctx.server?.ip != null && ctx.server.ip != '' + type: ip + ignore_missing: true + on_failure: + - remove: + field: server.ip + ignore_missing: true + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' + - append: + field: related.ip + value: '{{{server.ip}}}' + if: ctx.server?.ip != null + allow_duplicates: false + ignore_failure: true + - append: + field: related.hosts + value: '{{{dns.question.name}}}' + if: ctx.dns?.question?.name != null + allow_duplicates: false + ignore_failure: true + - registered_domain: + field: "dns.question.name" + target_field: "dns.question" + if: ctx.dns?.question != null + - remove: + field: + - repeat_message + - dns.question.domain + ignore_missing: true +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: >- + Processor '{{{ _ingest.on_failure_processor_type }}}' + {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' + {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' \ No newline at end of file diff --git a/packages/efficient_ip/data_stream/log/fields/base-fields.yml b/packages/efficient_ip/data_stream/log/fields/base-fields.yml new file mode 100644 index 00000000000..7c798f4534c --- /dev/null +++ b/packages/efficient_ip/data_stream/log/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: '@timestamp' + type: date + description: Event timestamp. diff --git a/packages/efficient_ip/data_stream/log/fields/fields.yml b/packages/efficient_ip/data_stream/log/fields/fields.yml new file mode 100644 index 00000000000..a7cd550f46a --- /dev/null +++ b/packages/efficient_ip/data_stream/log/fields/fields.yml @@ -0,0 +1,145 @@ +- name: efficient_ip.log + type: group + fields: + - name: dhcp + type: group + fields: + - name: client_hostname + type: keyword + - name: decline + type: group + fields: + - name: message + type: keyword + - name: duid + type: keyword + - name: discover + type: group + fields: + - name: message + type: keyword + - name: iaid + type: keyword + - name: inform + type: group + fields: + - name: message + type: keyword + - name: interface + type: group + fields: + - name: ip + type: ip + - name: ip + type: ip + - name: forward_name + type: keyword + - name: lease + type: group + fields: + - name: duration + type: long + - name: message + type: keyword + - name: lease_query + type: group + fields: + - name: message + type: keyword + - name: link_address + type: keyword + - name: message + type: text + - name: network + type: keyword + - name: offered + type: group + fields: + - name: duration + type: long + - name: peer_address + type: keyword + - name: relay + type: group + fields: + - name: interface + type: group + fields: + - name: ip + type: ip + - name: name + type: keyword + - name: release + type: group + fields: + - name: info + type: keyword + - name: request + type: group + fields: + - name: message + type: keyword + - name: router + type: group + fields: + - name: ip + type: ip + - name: trans_id + type: keyword + - name: uid + type: keyword + - name: validation_second + type: long + - name: service_name + type: keyword + - name: type + type: keyword + - name: view + type: keyword + - name: dns + type: group + fields: + - name: after_query + type: text + - name: answers_policy + type: text + - name: before_query + type: text + - name: category + type: text + - name: failed_message + type: text + - name: message + type: text + - name: view_name + type: text + - name: version + type: text + - name: header_flags + type: keyword + - name: rpz + type: group + fields: + - name: action + type: keyword + - name: domain + type: keyword + - name: domain_rewrite + type: keyword + - name: query_class + type: keyword + - name: query_class_rewrite + type: keyword + - name: rule_type + type: keyword + - name: type + type: keyword + - name: answers + type: group + fields: + - name: ancount + type: long + - name: type + type: keyword + - name: data + type: keyword diff --git a/packages/efficient_ip/data_stream/log/manifest.yml b/packages/efficient_ip/data_stream/log/manifest.yml new file mode 100644 index 00000000000..7409a05942c --- /dev/null +++ b/packages/efficient_ip/data_stream/log/manifest.yml @@ -0,0 +1,43 @@ +title: "EfficientIP Logging" +type: logs +streams: + - input: udp + title: "logs via UDP" + description: |- + Collect EfficientIP logs via UDP + template_path: udp.yml.hbs + vars: + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - forwarded + - efficientip-log + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original`. + type: bool + multi: false + default: false + - name: tz_offset + type: text + title: Timezone Offset + multi: false + required: true + show_user: true + default: local + description: >- + By default, datetimes in the logs will be interpreted as relative to the timezone configured in the host where the agent is running. If ingesting logs from a host on a different timezone, use this field to set the timezone offset so that datetimes are correctly parsed. Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00") from UCT. + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: >- + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. diff --git a/packages/efficient_ip/data_stream/log/sample_event.json b/packages/efficient_ip/data_stream/log/sample_event.json new file mode 100644 index 00000000000..03a0729c923 --- /dev/null +++ b/packages/efficient_ip/data_stream/log/sample_event.json @@ -0,0 +1,53 @@ +{ + "@timestamp": "2026-02-25T10:14:26.000Z", + "client": { + "ip": "10.10.10.10", + "port": 58860 + }, + "dns": { + "question": { + "class": "IN", + "name": "test.foo.bar.", + "type": "A" + }, + "response_code": "NXDOMAIN" + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "answer" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-02-25T10:14:26.000Z", + "original": "<13>Feb 25 10:14:26 named[52927]: client 10.10.10.10#58860 (test.foo.bar.): answer: test.foo.bar. IN A (10.0.0.1) -> NXDOMAIN" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 52927 + }, + "related": { + "hosts": [ + "test.foo.bar." + ], + "ip": [ + "10.0.0.1" + ] + }, + "server": { + "ip": "10.0.0.1" + } +} \ No newline at end of file diff --git a/packages/efficient_ip/docs/README.md b/packages/efficient_ip/docs/README.md new file mode 100644 index 00000000000..eed6ed8959a --- /dev/null +++ b/packages/efficient_ip/docs/README.md @@ -0,0 +1,81 @@ + + + +# EfficientIP Integration for Elastic + +The EfficientIP integration collects and parses data from [EfficientIP](https://efficientip.com/) DDI (DNS, DHCP, and IPAM) solutions, enabling centralized monitoring and analysis of network infrastructure events within Elastic. + +## Overview + +The EfficientIP integration for Elastic enables collection of event logs from DNS, DHCP and IPAM. This integration enables the +following use cases: +- DNS query monitoring and threat detection +- DHCP lease management and IP address tracking +- IPAM auditing and infrastructure compliance +- Network anomaly identification and security investigations + +### Compatibility + +This integration is tested with EfficientIP version 8.4.7e + +## What data does this integration collect? + +This integration collects the following data types from EfficientIP DDI solutions: + +- **DNS Events**: Query logs, response codes, and DNS transactions +- **DHCP Events**: Lease assignments, renewals, releases, and IP address allocations +- **IPAM Events**: Address space changes, subnet modifications, and infrastructure audits + +All events are forwarded via syslog and processed through Elastic ingest pipelines for analysis and visualization within the Elastic Stack. + + +## What do I need to use this integration? + +Minimum requierment Elastic stack 9.0.x and EfficientIP version 8.4.7e + + +## Deployment methods +This integration supports the following deployment methods: + +**Syslog-based**: EfficientIP nodes forward events to a syslog destination where Elastic Agent collects and processes the data. + +To configure syslog forwarding on an EfficientIP node: + +1. Access the EfficientIP administration interface +2. Navigate to **System Settings** > **Logging** or **Event Forwarding** +3. Select **Syslog** as the destination type +4. Enter the syslog receiver host IP address and port +6. Verify the connection and enable syslog forwarding +7. Configure Elastic Agent to listen on the syslog port and ingest the forwarded events + +Refer to the EfficientIP documentation for your version for detailed configuration steps specific to your deployment. + +### Agent-based deployment +Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). You can install only one Elastic Agent per host. + +Elastic Agent is required to stream data from the syslog or log file receiver and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines. + +### Inputs used + +These inputs can be used with this integration: +

+udp + +## Setup + +For more details about the UDP input settings, check the [Filebeat documentation](https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-udp). + +### Collecting logs from UDP + +To collect logs via UDP, select **Collect logs via UDP** and configure the following parameters: + +**Required Settings:** +- Host +- Port + +**Common Optional Settings:** +- Max Message Size - Maximum size of UDP packets to accept (default: 10KB, max: 64KB) +- Read Buffer - UDP socket read buffer size for handling bursts of messages +- Read Timeout - How long to wait for incoming packets before checking for shutdown +
+ diff --git a/packages/efficient_ip/img/EIP-Logo.svg b/packages/efficient_ip/img/EIP-Logo.svg new file mode 100644 index 00000000000..23ddd7902e3 --- /dev/null +++ b/packages/efficient_ip/img/EIP-Logo.svg @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/packages/efficient_ip/img/EIP-Logo_BlueGrey.svg b/packages/efficient_ip/img/EIP-Logo_BlueGrey.svg new file mode 100644 index 00000000000..f163b40e557 --- /dev/null +++ b/packages/efficient_ip/img/EIP-Logo_BlueGrey.svg @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/packages/efficient_ip/img/sample-logo.svg b/packages/efficient_ip/img/sample-logo.svg new file mode 100644 index 00000000000..6268dd88f3b --- /dev/null +++ b/packages/efficient_ip/img/sample-logo.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/packages/efficient_ip/img/sample-screenshot.png b/packages/efficient_ip/img/sample-screenshot.png new file mode 100644 index 0000000000000000000000000000000000000000..d7a56a3ecc078c38636698cefba33f86291dd178 GIT binary patch literal 18849 zcmeEu^S~#!E#4Tq;}?6chqwB{?k=6jc5D4>l%v(rleJ2Y%tW zDj9g7px}|*e;{M?LDwiK3@FNS(lDRTd-MJYIyUJCN948~OJk1M(DrJyI#iV;P4k~& zFZo35IfQt0RwlUN`48^6(1dv_wm(y1xhEdMld=Y?!%u=fPT_*{3( zwBwz3#qR}_)t>C*jp5@U)Ti~B)Y;qq*TRxZJ7ZRN_^A3TDAEM*@7Ve%(Ro7=1%1B< zVj6GBUTxXev>_^SFA zgKZ=g4aTS}9>Ofj7cSB0WO?gQ)x=+!hs_)b$6#>ScFZ>XAoIX)%Bc|BDC~JFBk0f0 z0NY}6gb)&!qx^FWC(!ji+Kl$V$2|ocA=vN0TM0Y`U?tX+T)c*C zA!IL(T2Vm%MCLa85^if@J@Kkprx8QN5!6eCR@4Oa5S?4-4|ou?90mFCM8D!;n(5xz zO}-*t!TntN>|a$s(kGQg1P-U?hqvGF2_fGvd&~yZ_l3Qf&j~XWa=;>N3#-~#zjzcc z*m18L`A-K2o!d@J>a8SRbm4P&-q1(H>|JgIymDbnJF&@008`=X!P?4DGgZb>voUl^ zNJKgPR4S={)3vuk_{n@=M8q;;aJL>q+VLdTnO=}`&x;1DKjJA3*f*idS{jP5?+;!W zn-^7021Z4zv`Aq`hmX1aid997RNh3fa-@PG(W7TzKa1W&5^y3|lPeETP7j9qXpo4)7%(W0_2 z^Nmq;t@rb1eP3?%kOkH`P%!zTC7ZHjSfNN3*Sb#=3#jB*KpNGNfnRZ{N(6DrW(;B2Bwom<%m?VQP%K+ zsFeF1-(DY}oP@)w^Kw~gPg03q?N;)Ec6^|nikA34T~RynX*z}H>R~qgT$`Zbhn8wzZs$j2fsGN&rOK-mIBBvzD@a8FgbLpL!h5N^u&0wG} zq!#md3MHITv?3@$37J?lc_5*LWJTTjel;IiU-Yq;(g9I^D&KN_NKVS0O~GvB~FzPM6}=4d%fG4Nw4pZshcyLqK@`b8?RhD38haIyr@+8+0r5TC1*C7^WleJ zZN3_ngTD#RQvNL*;qD2H@cBWJbCC#d!}=oKfod5SE9a?!?j%DVt1z@inN}Iy$r+96 zM@P?AC+(`cM;z6J94BYGJ;+P-N#yj$?`G26ydS&OVH?~JY(N4l()Fh+x+DoJ@r<+i zhm^ck@QP`=fLApr62@KyOef~}zuG;(VbDQmw|Wb+oSHSw=%w9R)=et0cY*~ytX)#M zEXlK^p;zM@vTnXn+C1vwP)~TJv|TvDE2($;;EzC5_5IL#H;u z)#CO8)TSzbt8)wHB8$I8KcIojx&GoE)3QNu{CQ+_xBmQ&`mL5-u=BX(hs^hMY^ zae!!*Q;Tr$@(0~GoBJAohGw*d{l8~!aXop87aaSUb2jm)Tk>#$1*cdo5Sl+?oD!l4Og~yX+soottl4 zp4OartUuAN(dD~yLJ}`A1*!D4-|L^hM;`_DM^1KYs-VF(}h(BjRO``b+xV~%O=-)?p z7ciJH7Fnl?V&=ay_AB{oQoa2iR;6$^tiE|-eRCFy|3F@%j#6gUxkZX@?K`F$u#;T< z4IZORpUthmB?U`;zrOkp?P(Rvd5TFRWrBJmVg;KEZvJ+;Q}FRY%QZ?c^&$oPXW+C5 zdN#c>v%U?QuE+hMQdzxS1Q(BT90;29qu#^A?a^)Ui;{TJ;%`nLgm2ew$J4NvREjCJ z$`C7&?tH$CrVG@M3J1-KJw_*9BKeL*JX{ zN+Vg_TXb9^jJO$ZGkXO6BBFDjt~w5`w2TB*z$&1W5Il3IiDs=ZMDt|9iRtKET*wF6 z0Z+|N87p-5Fh)^(*l>OVr5^aY5LW(@PuM>Qo@&)yj6XRkPm1>eTF#Y_c*aRF^ZY5A z9FAU7lKEHG@i{wJMPg;n6z2|69d-)q9@<7t()d-zPy&X zdXG7{Uw{k23)CzzQAXw#iqj<1u~W@K_Ljc#?ukh;fRKHeJ2l~Z+52b2n^bGiDF2oX zm25FLx|4AP8>rAi@koY03lrtS#X?zK591c?2iZ_jjc>0y>q9>fU<08o6zG%z9WK+S zDwZMW4~28wu#ye#V*@#5t^S@NiAA`3{SF$xINmc_WW^u-C9M=H>RQ1>WM=|R!660{ z6E6%DwX`eu<3pkmz7Z=FCRd$(vhDkc3yMnSr)5C*aho)DZ<12$`$TXj<8Z70)|rK7 zXFD8QzksfWZU`qL2K8X{C~TcF{KVW`3Y{IMb&)T9%1V`tv(HY1 z+LXkLyM|3mtLD{x-#hOw-U?sr-iLeHFA|=-sGZ4#hX)atL!a91(tWJc+og&5W}VfZ zpgE7`{5D`~?yGR++y7~xA&eU0N*ZezDjF$> zUeK&1aTFQRg*?v^Z2e7u<`lk$czR6}b6Cl-qA9%A`#A6q0*zyTu)X`3rhjR86NK3= zLdw{+-F}+b2gxd-qF7>Rla}dFkj|L#c|pg5Ni+MRA|BZH(@ME*o<1ijKcoXb%PVfJ ztp_uf=G%kvU((pHcw90Xut=}atA!giM-5By)f40nKp zv7Wdb{;^<}VRvruH~rYr~wEuYY2ov-5Q|p@u3Da9+z7PeIpBAwi?RxnxN3Kt+N9L(LUS%wxY` z>e&1VV;{CYw8DNRlvBH)>!I49SU4R!t3I4=y;mCevPZh!-}~G+F>6hcL_Rli4r zC4(WN)`j$>^S=~GMGR=^)A6wrqi(-x{xK37&Vx!OS6t=KQ2JVZo#GrSODtTe=TVh%*qfF%91nqsMNLNL^Gp|_ zz%I*HUkMQGqb!1eh{{bp|0GSCDbkG_D_d)8<(0r<6-%Qi7qDa7xZjcdZ$?Rth9L!f z$erCcs3<~mtupywbaT8NWZF#v?iZkvqSz3@p`RiXs7P!GUa~-U9hEG(NgI#3BzO-# z!9JWf(;r!*A=@g$f}>wi|6Q@9z8AmYf~x8G%sp>C5cfuJY;hs1o3Ozu^{pH0AFbs%yU)Xy5>Cf?qXiHn*-PAfKDRiy`U0sFSKFsgEZ6_ z9#ma!<#Izr^}_z*>PRSt564u6We*XmZUx^jv*dK; z4zyFZ*ZFSE!00<6!|+#33&R)@RA8V9YRjp$HS9?CGq*xDSDRbX#i;}mateEF{fqTI zt?X}Efkq_Ap*_ETgaikOBbQ|;47}hwX44K`(DUI@C)QiG&6UJ1UmRn*Q@6%e`+x(gpQp74O{;yli8YLCV}qD z4gIyZd_(8ED~WWaeXOb0^r=9=AiDT}by~+$KVF~M{ywbQl zng-h?a_E;yX?DCr4|_h7JMc7>xgWf7Ek-VmH^hCYunVp3{(d{---&%-GZ=rK#V5Jo zJvP8b!2AA5?9)G8gwzB6ze3TU<5*Pqms^Q-?C9-CN~4hb-`U0D@kAkTWn23``cao^ z8IWAp8h7`%ZA+eI?w$sJktq5m>e&0@mQn>2BdpKAxbj1$m$8Z;`!iFvl9($Lb9Ff? zT^6cTZ~HgIeR6R*;G(rzpgsJP41Fx9Df;G6{;k6T(i}&8hX(jHSC@~#X@70h#)g(( z*9vUC+a*b%oAdf1$}Z3NR;|c5nY4^Z51pfqk(tmJbB;Q#ka#tf5eae;-kq$I{xO3<(TI$0lSe-JQzJ*es;il=Kn_?&?E zfLbs{qErPqm)-*ZfwbA*D-shgb|1;X;cH*yA|q8gS=HiosF=-kbdk6--SR+`F^H_` z0*i`J==@XSe=HT;_``G}ulE=H@*3GU*?gVd@h*`eT^GKjI;C@8+h~;(u3bA#b&bN{ zYw>dJ$(;RfHDLlndS`CWOE=g0jOocCc&;w(dOzrLf4-DK*MD@P_;u&CbfMw=#Q-B` zDq8hGwKN-O7(hQA_bP3f5XrZH+@*FGw~ppmDgNWcf|Lf*Pc%e5dw1DcJ1BWm!z7z3 zr^toEU*P(>G#;_1X}Rz(5lbDtCui%hY^d3lm)kw0vyk zX~K4$AG#7cG`6s2%9g9zsaQ9o?;3yzW4Pt!;NlS zzI#G7tiq&@eV&}qDtY(e$1JwscAfle%Al{3>Nr%``n?`Jac^CdOXUbFgI3;m{RkA~ zokl+lxuw9=%W&MmzA+G%ZdFMMP&N2^6BWjG2Lt|xKx)lMCR@b0n+xgw<)&Dwi?}>- z+$_e|@M;uW@3z6)q&L7bYitZ%huzGqH_qHOr&G5o!?(8TJv_MN1ka|&c6_!Q>#PgHSFoPWiLg|k_{ zQd#Zy&BPkU(0OE5S35!B5qb6%T3Wd#J(zBl8dw6I#xIDDF-LBPi-jXv1E?!gE|1OIdTejK)+U3ooC^otSIRsWZf-`&K}6}s!407Y58zH zK(oYx*7sN1O|Z_1YIJS_H$E@DH(hB4QKNCGQT3PTvwYoe2&8WKi5`5tU-r4!>_V3XUT}N)>8V;+z-!@-IGCKiD>E9RC(K`NMx=;Qp zf$2g^t?)zpU0L!BZi(oE#)^Z_biT*Svh>r#%1=O+Wo37G`Q)4@k#Pe?^mgBIugC)8 zyEICH=`{A~^x#X&%tr-$j|(nXrIrGQYNY+C3M+LO;yUU4-|v>a5#P)XYp>_|C0f0n{_p0mvwWmghfd%!Cm}$qBDxOqA3htLs~ghSA1>6^dVgd~ zVHHBBy6;Pp=El;dkTE=ttp~BoOJ$L@EB3Z37T1kTNG3tm4PY5O-7hP5DA$-k=vV&6 z?RiAm;W~*o)R7!x9>u$&@|&D4xMmJ*y+^-6t!F0u8G~78t&Bs#W>w_NbW>W9M3tXWXRf zI86FWVx%iXXh6MJ>dg#?lNu{K@S#nzMIG4PXQd%!Bvc*H0c7F_Y=adptJr*cHevMQ z%?Xu~q8CFw>^L*S_83kVhq=)hf0%_Lq}SE*g(Da_A{kXVZfAd*YCwp~bG32wi&SNM z#QZ7}Ug5-=+s^uqAh_|}gzya<(&E?XAZ%0ybd9nraj?|z1YfPr*{N?Q{ji}YG`T#| z=uwJZHIMlsmevnenT#-)t$L*=2wh|1EYXW?_36TR?L!sUItJVxaC0$Gb|gq4{|4gA z(v0ODFj!T)jc5>65ys)* z7$aBHfbKdz@QJq1b`NT`344*g()$>5*Ey`TPB7WI;|_8o8t9-_4ikFub|I{66>ge> zHA+6onzFKY*eaiA!77SD*^&LyumAR6gSvxY6Q?;!AvI{rZ##!G$%ZfIgce4F`aF;e z?jVh%+B-vj69ei~bh_zA9w}S4B4rzRKQ1~u$gwVu_x5PlRKDXX2(_2Mm7fs%6{SS7Qh1gWT8xaxc=f8`mW38ukIZxwU;lmHABwFSg50*o zrj%f%j~IKR?N5Dxwrq|sTa?!pd{b3sFM&~{4~_^YH4$bI^Fq2W4-y`))^|7fS?i0) zJ&Z9wY!8%l7@gAr`2{fqA;L;ptQR*X2|xUtrT47KK%XN+dydN$*M?65LuXTRabgERR{n>;E;(&vS0_@COY!p<%5LsRqGpER%~YjkSK zwBo9-2|-ZFiU3TT&S+@}3gDT35t0IXTzX@yHA(v>Y8;-mZNySQ&fE7RJ1^tzJfvdApX& z*!+tE)Y{oR%jk8A)3EiI3i*(TOwP!;B3hAOj?KQ6^h-q~1V^166uYS~mH*2Hh*0}r z`R3u1#^LG9IW|^QT^|61H(T1Jz?n;(Z>52lU0BO>Q6*zgpP*gTFk2Uw)!3zt>3F~_ ztil4!R*-j}wjh%&(kSB%}X=u4RbFRp@^l+$SmM@nW9B;yGbf@nasjFMEE{m9Oe
-udp - -## Setup - -For more details about the UDP input settings, check the [Filebeat documentation](https://www.elastic.co/docs/reference/beats/filebeat/filebeat-input-udp). - -### Collecting logs from UDP - -To collect logs via UDP, select **Collect logs via UDP** and configure the following parameters: - -**Required Settings:** -- Host -- Port - -**Common Optional Settings:** -- Max Message Size - Maximum size of UDP packets to accept (default: 10KB, max: 64KB) -- Read Buffer - UDP socket read buffer size for handling bursts of messages -- Read Timeout - How long to wait for incoming packets before checking for shutdown -
- diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo.svg b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo.svg deleted file mode 100644 index 23ddd7902e3..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo.svg +++ /dev/null @@ -1,20 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo_BlueGrey.svg b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo_BlueGrey.svg deleted file mode 100644 index f163b40e557..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo_BlueGrey.svg +++ /dev/null @@ -1,20 +0,0 @@ - - - - - - - - - - - - - - - - - - - - diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-logo.svg b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-logo.svg deleted file mode 100644 index 6268dd88f3b..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-logo.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-screenshot.png b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-screenshot.png deleted file mode 100644 index d7a56a3ecc078c38636698cefba33f86291dd178..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 18849 zcmeEu^S~#!E#4Tq;}?6chqwB{?k=6jc5D4>l%v(rleJ2Y%tW zDj9g7px}|*e;{M?LDwiK3@FNS(lDRTd-MJYIyUJCN948~OJk1M(DrJyI#iV;P4k~& zFZo35IfQt0RwlUN`48^6(1dv_wm(y1xhEdMld=Y?!%u=fPT_*{3( zwBwz3#qR}_)t>C*jp5@U)Ti~B)Y;qq*TRxZJ7ZRN_^A3TDAEM*@7Ve%(Ro7=1%1B< zVj6GBUTxXev>_^SFA zgKZ=g4aTS}9>Ofj7cSB0WO?gQ)x=+!hs_)b$6#>ScFZ>XAoIX)%Bc|BDC~JFBk0f0 z0NY}6gb)&!qx^FWC(!ji+Kl$V$2|ocA=vN0TM0Y`U?tX+T)c*C zA!IL(T2Vm%MCLa85^if@J@Kkprx8QN5!6eCR@4Oa5S?4-4|ou?90mFCM8D!;n(5xz zO}-*t!TntN>|a$s(kGQg1P-U?hqvGF2_fGvd&~yZ_l3Qf&j~XWa=;>N3#-~#zjzcc z*m18L`A-K2o!d@J>a8SRbm4P&-q1(H>|JgIymDbnJF&@008`=X!P?4DGgZb>voUl^ zNJKgPR4S={)3vuk_{n@=M8q;;aJL>q+VLdTnO=}`&x;1DKjJA3*f*idS{jP5?+;!W zn-^7021Z4zv`Aq`hmX1aid997RNh3fa-@PG(W7TzKa1W&5^y3|lPeETP7j9qXpo4)7%(W0_2 z^Nmq;t@rb1eP3?%kOkH`P%!zTC7ZHjSfNN3*Sb#=3#jB*KpNGNfnRZ{N(6DrW(;B2Bwom<%m?VQP%K+ zsFeF1-(DY}oP@)w^Kw~gPg03q?N;)Ec6^|nikA34T~RynX*z}H>R~qgT$`Zbhn8wzZs$j2fsGN&rOK-mIBBvzD@a8FgbLpL!h5N^u&0wG} zq!#md3MHITv?3@$37J?lc_5*LWJTTjel;IiU-Yq;(g9I^D&KN_NKVS0O~GvB~FzPM6}=4d%fG4Nw4pZshcyLqK@`b8?RhD38haIyr@+8+0r5TC1*C7^WleJ zZN3_ngTD#RQvNL*;qD2H@cBWJbCC#d!}=oKfod5SE9a?!?j%DVt1z@inN}Iy$r+96 zM@P?AC+(`cM;z6J94BYGJ;+P-N#yj$?`G26ydS&OVH?~JY(N4l()Fh+x+DoJ@r<+i zhm^ck@QP`=fLApr62@KyOef~}zuG;(VbDQmw|Wb+oSHSw=%w9R)=et0cY*~ytX)#M zEXlK^p;zM@vTnXn+C1vwP)~TJv|TvDE2($;;EzC5_5IL#H;u z)#CO8)TSzbt8)wHB8$I8KcIojx&GoE)3QNu{CQ+_xBmQ&`mL5-u=BX(hs^hMY^ zae!!*Q;Tr$@(0~GoBJAohGw*d{l8~!aXop87aaSUb2jm)Tk>#$1*cdo5Sl+?oD!l4Og~yX+soottl4 zp4OartUuAN(dD~yLJ}`A1*!D4-|L^hM;`_DM^1KYs-VF(}h(BjRO``b+xV~%O=-)?p z7ciJH7Fnl?V&=ay_AB{oQoa2iR;6$^tiE|-eRCFy|3F@%j#6gUxkZX@?K`F$u#;T< z4IZORpUthmB?U`;zrOkp?P(Rvd5TFRWrBJmVg;KEZvJ+;Q}FRY%QZ?c^&$oPXW+C5 zdN#c>v%U?QuE+hMQdzxS1Q(BT90;29qu#^A?a^)Ui;{TJ;%`nLgm2ew$J4NvREjCJ z$`C7&?tH$CrVG@M3J1-KJw_*9BKeL*JX{ zN+Vg_TXb9^jJO$ZGkXO6BBFDjt~w5`w2TB*z$&1W5Il3IiDs=ZMDt|9iRtKET*wF6 z0Z+|N87p-5Fh)^(*l>OVr5^aY5LW(@PuM>Qo@&)yj6XRkPm1>eTF#Y_c*aRF^ZY5A z9FAU7lKEHG@i{wJMPg;n6z2|69d-)q9@<7t()d-zPy&X zdXG7{Uw{k23)CzzQAXw#iqj<1u~W@K_Ljc#?ukh;fRKHeJ2l~Z+52b2n^bGiDF2oX zm25FLx|4AP8>rAi@koY03lrtS#X?zK591c?2iZ_jjc>0y>q9>fU<08o6zG%z9WK+S zDwZMW4~28wu#ye#V*@#5t^S@NiAA`3{SF$xINmc_WW^u-C9M=H>RQ1>WM=|R!660{ z6E6%DwX`eu<3pkmz7Z=FCRd$(vhDkc3yMnSr)5C*aho)DZ<12$`$TXj<8Z70)|rK7 zXFD8QzksfWZU`qL2K8X{C~TcF{KVW`3Y{IMb&)T9%1V`tv(HY1 z+LXkLyM|3mtLD{x-#hOw-U?sr-iLeHFA|=-sGZ4#hX)atL!a91(tWJc+og&5W}VfZ zpgE7`{5D`~?yGR++y7~xA&eU0N*ZezDjF$> zUeK&1aTFQRg*?v^Z2e7u<`lk$czR6}b6Cl-qA9%A`#A6q0*zyTu)X`3rhjR86NK3= zLdw{+-F}+b2gxd-qF7>Rla}dFkj|L#c|pg5Ni+MRA|BZH(@ME*o<1ijKcoXb%PVfJ ztp_uf=G%kvU((pHcw90Xut=}atA!giM-5By)f40nKp zv7Wdb{;^<}VRvruH~rYr~wEuYY2ov-5Q|p@u3Da9+z7PeIpBAwi?RxnxN3Kt+N9L(LUS%wxY` z>e&1VV;{CYw8DNRlvBH)>!I49SU4R!t3I4=y;mCevPZh!-}~G+F>6hcL_Rli4r zC4(WN)`j$>^S=~GMGR=^)A6wrqi(-x{xK37&Vx!OS6t=KQ2JVZo#GrSODtTe=TVh%*qfF%91nqsMNLNL^Gp|_ zz%I*HUkMQGqb!1eh{{bp|0GSCDbkG_D_d)8<(0r<6-%Qi7qDa7xZjcdZ$?Rth9L!f z$erCcs3<~mtupywbaT8NWZF#v?iZkvqSz3@p`RiXs7P!GUa~-U9hEG(NgI#3BzO-# z!9JWf(;r!*A=@g$f}>wi|6Q@9z8AmYf~x8G%sp>C5cfuJY;hs1o3Ozu^{pH0AFbs%yU)Xy5>Cf?qXiHn*-PAfKDRiy`U0sFSKFsgEZ6_ z9#ma!<#Izr^}_z*>PRSt564u6We*XmZUx^jv*dK; z4zyFZ*ZFSE!00<6!|+#33&R)@RA8V9YRjp$HS9?CGq*xDSDRbX#i;}mateEF{fqTI zt?X}Efkq_Ap*_ETgaikOBbQ|;47}hwX44K`(DUI@C)QiG&6UJ1UmRn*Q@6%e`+x(gpQp74O{;yli8YLCV}qD z4gIyZd_(8ED~WWaeXOb0^r=9=AiDT}by~+$KVF~M{ywbQl zng-h?a_E;yX?DCr4|_h7JMc7>xgWf7Ek-VmH^hCYunVp3{(d{---&%-GZ=rK#V5Jo zJvP8b!2AA5?9)G8gwzB6ze3TU<5*Pqms^Q-?C9-CN~4hb-`U0D@kAkTWn23``cao^ z8IWAp8h7`%ZA+eI?w$sJktq5m>e&0@mQn>2BdpKAxbj1$m$8Z;`!iFvl9($Lb9Ff? zT^6cTZ~HgIeR6R*;G(rzpgsJP41Fx9Df;G6{;k6T(i}&8hX(jHSC@~#X@70h#)g(( z*9vUC+a*b%oAdf1$}Z3NR;|c5nY4^Z51pfqk(tmJbB;Q#ka#tf5eae;-kq$I{xO3<(TI$0lSe-JQzJ*es;il=Kn_?&?E zfLbs{qErPqm)-*ZfwbA*D-shgb|1;X;cH*yA|q8gS=HiosF=-kbdk6--SR+`F^H_` z0*i`J==@XSe=HT;_``G}ulE=H@*3GU*?gVd@h*`eT^GKjI;C@8+h~;(u3bA#b&bN{ zYw>dJ$(;RfHDLlndS`CWOE=g0jOocCc&;w(dOzrLf4-DK*MD@P_;u&CbfMw=#Q-B` zDq8hGwKN-O7(hQA_bP3f5XrZH+@*FGw~ppmDgNWcf|Lf*Pc%e5dw1DcJ1BWm!z7z3 zr^toEU*P(>G#;_1X}Rz(5lbDtCui%hY^d3lm)kw0vyk zX~K4$AG#7cG`6s2%9g9zsaQ9o?;3yzW4Pt!;NlS zzI#G7tiq&@eV&}qDtY(e$1JwscAfle%Al{3>Nr%``n?`Jac^CdOXUbFgI3;m{RkA~ zokl+lxuw9=%W&MmzA+G%ZdFMMP&N2^6BWjG2Lt|xKx)lMCR@b0n+xgw<)&Dwi?}>- z+$_e|@M;uW@3z6)q&L7bYitZ%huzGqH_qHOr&G5o!?(8TJv_MN1ka|&c6_!Q>#PgHSFoPWiLg|k_{ zQd#Zy&BPkU(0OE5S35!B5qb6%T3Wd#J(zBl8dw6I#xIDDF-LBPi-jXv1E?!gE|1OIdTejK)+U3ooC^otSIRsWZf-`&K}6}s!407Y58zH zK(oYx*7sN1O|Z_1YIJS_H$E@DH(hB4QKNCGQT3PTvwYoe2&8WKi5`5tU-r4!>_V3XUT}N)>8V;+z-!@-IGCKiD>E9RC(K`NMx=;Qp zf$2g^t?)zpU0L!BZi(oE#)^Z_biT*Svh>r#%1=O+Wo37G`Q)4@k#Pe?^mgBIugC)8 zyEICH=`{A~^x#X&%tr-$j|(nXrIrGQYNY+C3M+LO;yUU4-|v>a5#P)XYp>_|C0f0n{_p0mvwWmghfd%!Cm}$qBDxOqA3htLs~ghSA1>6^dVgd~ zVHHBBy6;Pp=El;dkTE=ttp~BoOJ$L@EB3Z37T1kTNG3tm4PY5O-7hP5DA$-k=vV&6 z?RiAm;W~*o)R7!x9>u$&@|&D4xMmJ*y+^-6t!F0u8G~78t&Bs#W>w_NbW>W9M3tXWXRf zI86FWVx%iXXh6MJ>dg#?lNu{K@S#nzMIG4PXQd%!Bvc*H0c7F_Y=adptJr*cHevMQ z%?Xu~q8CFw>^L*S_83kVhq=)hf0%_Lq}SE*g(Da_A{kXVZfAd*YCwp~bG32wi&SNM z#QZ7}Ug5-=+s^uqAh_|}gzya<(&E?XAZ%0ybd9nraj?|z1YfPr*{N?Q{ji}YG`T#| z=uwJZHIMlsmevnenT#-)t$L*=2wh|1EYXW?_36TR?L!sUItJVxaC0$Gb|gq4{|4gA z(v0ODFj!T)jc5>65ys)* z7$aBHfbKdz@QJq1b`NT`344*g()$>5*Ey`TPB7WI;|_8o8t9-_4ikFub|I{66>ge> zHA+6onzFKY*eaiA!77SD*^&LyumAR6gSvxY6Q?;!AvI{rZ##!G$%ZfIgce4F`aF;e z?jVh%+B-vj69ei~bh_zA9w}S4B4rzRKQ1~u$gwVu_x5PlRKDXX2(_2Mm7fs%6{SS7Qh1gWT8xaxc=f8`mW38ukIZxwU;lmHABwFSg50*o zrj%f%j~IKR?N5Dxwrq|sTa?!pd{b3sFM&~{4~_^YH4$bI^Fq2W4-y`))^|7fS?i0) zJ&Z9wY!8%l7@gAr`2{fqA;L;ptQR*X2|xUtrT47KK%XN+dydN$*M?65LuXTRabgERR{n>;E;(&vS0_@COY!p<%5LsRqGpER%~YjkSK zwBo9-2|-ZFiU3TT&S+@}3gDT35t0IXTzX@yHA(v>Y8;-mZNySQ&fE7RJ1^tzJfvdApX& z*!+tE)Y{oR%jk8A)3EiI3i*(TOwP!;B3hAOj?KQ6^h-q~1V^166uYS~mH*2Hh*0}r z`R3u1#^LG9IW|^QT^|61H(T1Jz?n;(Z>52lU0BO>Q6*zgpP*gTFk2Uw)!3zt>3F~_ ztil4!R*-j}wjh%&(kSB%}X=u4RbFRp@^l+$SmM@nW9B;yGbf@nasjFMEE{m9Oe

}qal5$moSACwfNXLXG5|3R0AtBcN` z?%yS)&>O>sqxU64U~C3&Q^>z-Zt}WuX4Wh3dKj9EO zfSbV!c3e;EOeKHQmWEw#NM4;*tw-2o@x&kKT?rsmy-F|$jw-F>WgA7?C@{O1qPg*J zf92|RTBMh&ptHADFc{T+cB?+mOj>h2HKgwkxq6w&XBxPc?>=JKvU2K9aU93@vp-R% z{5T=P$9U}AYZ5QU{3%7}YZ+ACWXw#-U zWyxU(OP#Q9-2AeGmCwcp`zWghf2hvsOjWjDQbU?U`v0&a--f1`v0Bd8HLiLmo)PKz5!A1|XVO+89 zm3h2~6yI~cpWor!_yt-?Lt>z`c0a7cJAW)#d8N8nNIf0H<+v;s4{0guDD(?T7Z<~$ zd`$vpZ_QQgFaMT0_d5&+(jwGU?M1FqUu6wjA-9z?mRM}(CmSdK;2e$Na}F-8jbhgN z9)@AIQeghf{xCC^{9P%VdYW1PP#}2BJwWt z0Hd8%st1NK5%h+)UB^mVwh{e#8TIm$xxgGo6I5;e{~VUeeMGRpM_Z%=eH5$X1}?Z5 z`|*_Vp~K&ziz45-Ih9y>EOr(Buy0&n$dbQ4$5eSr=Ti z#~7^n8dmem;$0D4+6eV7&G2D~d@ z+R#u8+nw_N%7_U_1e53P?~&10^m|ZUXrZhVp04lQLsGos%0fRDhS=@>8TOAAxK;Cy z9GZw_1pfSxD5~xoR!INI?tU0wrKDd6^Tv{jL>`Xb49kBaNPlhMaIfh_nq_)zB7NcX z05XeQKz`@BDUx7*i!V~%dc8XQ#ngBw0A2tSr(npSCrNy5Z7>48v&Zz?0{%FRElh_h zN2|?#EhJL5HQMIu6m1=ypTR?tVymHK)xQvS9ir7FzMp?CjlND39PK`od#GytVhZWp zQ1@>MTE1*Ip>hnXSWa?XbMH#708@j12yPbm`JfcqIgmJepn$5YgkJn_%5I)mr`Q(k z-a0yFR3A`houhvf&|wNpIsV{2p%MqhR@`@R(l6`}iufEgI*UxWq~26?WTpZCV{JtG zYL?&#I98fyf_;2S0?_V{=Aa4t^x%vy$pF$_Lh7W2f*~5uPvGYh;vZhMv|u+Z?2t0~ zcYPXdxbg6OS*LUjR_=jLDt)ab6;?g1IuySLG@UE;jLpt-wjLX&RlY>fnd@f&?0NyT zht5vhP^};k6`U76$%&I)iWPNxG6KPjdh`S6>g9GN@;KObQsLG zKyjfrPR0PU1B0a0=)3@9eCDl?mB9rFdlTMtTAeZv2}F*|@JWleq2+H1bt>>x!^wTk z+I)cgsZwzCMwoRpW_*!3IySTQu!`HWugAXe(Ai(a9Rsu;*0#o6torxwNMxPzEAjt` z>70Vw;HCQ?AnP`RKQ;2R8h%;LI#tx^(MO*lMWJe4_?)Q571P`kTmN#(ez21V!<6+S z@Uap+y%#8&cGgdf+E@y$dUx3g#)=#5k31Vqv0p!%L`*=-PiQAiSg-d9lKRZQDuJ-| zA96zwwomG+4}X$vR*IU=NC!vL<`rUTbf_uRJC4FS;k&HtV<=<)p(qymH)=MDV^aqK z#%sid7K|~!H`J!7hRr~Z!emxgWq6#GpQs%c#BM+scvNGz|Gi4G`;8Z~dP8)+51iB8 zw)0fazNz5(iK$LJeC_4e^8&@wT(DZ~~>SStz3P(>V8CLNlZqgv=2K-|Lu~si@XFwMN>QE^k zVS2U_A?Q$?M`NkU}^!M8m%O&T=kW>dG}1s2I~hxp9Y=a=1XX-(fB5) zej3`e5Et~R^r%?CZK0)UZsF_+tSOGIBMdrtMf#oJjGF9U`*P8t>i*TWed$Z2WNUZ* z_1Qw4Yr+Q0@bD?hD0P-^v}?FpPBg~zz5~g@J#J76C695|P>1l;OS8%~hZh5&-9Ji# z50%&56ZK4FC9}{jHL0!=qo9Yd(GGHCEX2|-F(f}q6@NMT4P3rQd{Q!=bz-8N(Z^!N;;ZzAWRf@C?X>mG=_NgyQX_?Jv$m(9$W>P;+e}O|&w&DjbsJPdWp0A2$yLr*!BY73Z z5d*BCaTI)w=sTlofc>n}@v_tSXIK?8(g`G_06u>SD*fOZJ~visq3lBVS2+cf-r$UQ zZ(8A0g&5M$IV7w5nqL(m$VS0X?=yy-e6>S>Ca3wZNT)b{GF39_gJdONflqc-j$b~o z2l@@h{$KVfC)V?#We*)@xYC;L^<@cHo>8axRMbSzw|eYTl|8pkabsQJ(3`z{>5H}c z`psz_Y6t)hvzL^=}P#++XUl6v`-j)SuXd6BynjNZ!&c2hnyE&4*K$nXn31Zk)cm+lx;> zya{T?{MRtSu?^3Y9bS&O$*mW^vRUpv!J3Tz12?3&Y62b_oiZ$24O(75Z)JWb+Rj)ACbK`f<&tSwtT$|Sy z$41kRPiM-jnPY9PKrLyI`pHm6LusMsrO*HpmE){Kp1^u2t%6nW^;GB|!4k!Ik8oav zjM?DBKh9G@W0gEwiU-M}0B)}olvoM71RccgiZBCs)L?q_GX&JDhegx4k2&cNatr5w zU)1#2USb8&`etO5Vk z?0}K+*2*@a5yt*X{qg0@8jEz~jcylVj>-042p1PBnabI#xUiCRD!ouw3?u-wwsqwF z8(@m8-Lk7q@v154g6yvx_tRDa>}oqpVda)wfI9(;ZVGt1v^{<|X?vC_(i@IJC+2I_lusrT=$h zF1lPc*Neb`;Xgrdf`p$w)~MzQW0M3_FYRKu{2$VU82J^B=X1#^<&P$_`=S$Ey04WU zTxG;hrFNLhWC*p+sH3x=JVcBJ9*7>eO20)n671SxQhZQlHMRP8FyO}yai~OTsbms0 zQ3b$C1Cn!>jMHDq{VX1ab^~_Q!z+f75+_AuwiN0*wA_#M#0|rU{+NlB%>Y+TNT0Gj z`3^LKMSJjz2(?lwg~ixDl_5%rzzZ}o_6Fj9e)T7gpH4=BgT1zmwJpC@g(f%&0`}8B z%7Y&qlP3aFmI#nmT`|R3+Lwzp+PLXt|5g%vlY_$fvse7zjus0D0fA##r+i4G4K-2Y zC#H95NGoYfWP#ZF_v$^Li{PZpm}fc&)aL?5doPcb835Cr6`T+EzzcEvLtmXcbAb<^ zw!_Zgk6Az7YA@*vb)(G{_W-B|zrf76z^`X%jOgqIIaqi~5nUup3vugzzg&rA^w(zR z+qCzvIV~nGR=47pDOcNTzuBw#5a=<=DMvGa)g zPw$^pmq9Fg&b#BZrPSoml(149rZS!fioV*Dy$z440U3MXDJmI?RZqLy0}IKSxN)o( z8+8wIZs#q(|KTg6y;Z(=96>xfpUsr@SP}I^v zN^R;ZVrDaWmNrM5-<X@k6JyjvA3;jHhma|Y|7!Vk& zgf(UK_6~cC;!|b!YTjke=nBiUqQdb#I9TY}!s5P)H+^c;9cW(QO8O%n5J^8Xfktd*qrn)+?-gP`m%B&q zi^}7jKm`yMW8ITFOMN#!QIB6$SWx*75tnCMaNg*_J*WuwBh~AT>0($nS8%&zmFQDp z$dL65niDtTV%!Kg1`6epWoQGNG`$`doy;Zjaa`keyL0F6iJMae6FIgnhAfzU%m@V+ zm5rQihLwS~b6{-bVR1ZSzBI7(Yj+V6T-8V*7I`ptWArGdy~8pnV>fALpi~NQLZ7;^ zpaj35=md<~-(tNmF69UX3?ua}A7UIn)q5i1iPYEGlhYSbkfeX`5epkxtzk3Qbu| zlgA`7ts%IvF4HJ}-98akyRnjCo{u-`A4&b+r?s|o`4wdYAHs-yh91p$7C_|+EdYH5 z10`!*=n+W9g>V&dfU1H!J}ASZi&-?`2IlDOAHnu306rD`y>jT)4^@S(X4XhN2{g9i zj-ym98+RT|d0ejIFJCM5>S{mT-8uGmRRqkJ3sMO_AQDrv77Q zv$t>zaVpVF6eBguE%9M2u?E-Oleft8z5+~W`G}KXD(Yc;7m4{Op>Le(k`g1UK7(1# zt6g}$n=Tdn{T4pu>v!c;xRCd_WI$Ali13x=U_0T!Ga-U~9W88q-lU+RLn2`N8Ouho z^0@SvC>$DguHWx)?^*ms-{PVq%dn(U3vrLj9zITDqQZ`H>Wsp@Gf%}SG=m)Vh}F$ztQAbwVGdDgd!28j&yX9wLW&s! zNR~6`nYg;ULAq8zi<;gUchAV5ib67Y##l2 zy+%gaD(|~G4@||{A;TYDSoS>q2o{t23t-^!NDSDEm8j3ao7Ei>KYLEpb$jz}7ciAM zD}trDN+AVVT_lXW<++~>8>Cj8fzJo@R;>%nGq)6+w?(#mNc#1J4W+!hA}?g$0Xqo? zn67qJmss)e%k(xO*&K@z6+}nHA(lCkb6n-|{pSztys$8HiOWTVR)tCO*Q9~if%3n7`uxGzE+OCu zwcVV|tgQdq60952$>85-GHk$lwM(uI+CU1?i{sVnKd0+UNq#eSSKjUKfDDgLnBG1y z^v?f#MRFkph~TgkoKBvM`L_~we8__xpLcjh`GwV|87q`vazJq?SX=mXhdvK>VqUf~ z4sYoTIpt5S)KrE-?>&=cRoBumD7;b5pq!Y07)#I$`)<@U+mo*dE*P~773p*u^6waO z2#thJahX_ySlYMpjx%h<)i43ao~Is`^Ya zMNZkuChEA7+ZJe6$>-C*dzTYf3#1SY82yFG?S&Q)5rTbKS-XLjckTLEc7>^sFcntQ zBeNXCSg&q1N3Bi^4zlQ%mcEBQ%2ab$?(;t-$HYd2%cnX$uuwU#I_6D3($m zR(>gHzM9ODf;r8b0l5LuEIQVZiQ0-|3Y_xzJkZc*CD=bPJ+&J+>>se%D4uTq?Ny{l z0Z5~og*Wa1O&anlcRWu_%o)(x?IZ0CfUNk_R-ik>GyvdFmpu1wHZaKTDGhL zqxsji)n<+)VKbV0_BRq9E;Kb`f=&vn(BK0Ba-gL?ZN;^^b3YFg6R=!q#zM;tcX0dM zdy5PPx@6pJPXHzH7$dGjM|6@6777nXPWV;CIQdNf(*Znv)sMy&Xcq> zhCq+6h6&v8<0}vd2(sKqU3j>fr7&#Xy%qZHcMU3m{wld^Nstkz8GagB?Y=SI&H z&{&BSA-|(i35$9(l6LpFyLm$0M0fK`Dz!~ezL?yEInsXAFR!bHe;ZL>Gd(#Hv?<$%`^b)oi?x%(jkylCPb=juPlF znMo&o961=NZ_$gd{xp1ZY2dNDOS!=XVj!M^A z+$z`EK4v=m{Bs{&I4W)({`&<5*^BV#z{IBAI_d+9Qx;~ zby?2zEjzUUeZWBDo5cz>%;z||z)<+6UtC)y60yD5J5`oo_zSM;l21@CY<0_|)NME5 zs)kHCMBa5YzB#N=W2aR?y9((~WuYwwf+HAc2mvU>NYlxOTvGf^Ye3za?*f-qUs^`a zT3>RPh9*Jf%3*bf|kqtnD_Buxv!<9N>BbuD#uYv-q^ z%RDnd7a3O4M9Y~TNISS@9K}JDkdg@>x8E6@n8jF=6qiDV+}{!V)(o?ykcr0sxBGEx zo!X;pc=r{H^vw6ztV5VZXBa4~(ujB$rZQ|AaGN@J7#q%2nU9gJ)g6dcj}zYB1& z@iFE0vMQVxa|v7tDHS$gwX$Ihc#M^DXRC>J@Zk?dC(3uB_s~*W&m-01DFMQGWjj5x z5po1@1gPl!v1Yra@qPG{D;$bYLM3qOwpl~7f~l)#n< zP+6`!NYe3EE~4RFR#_e=7YctPRBt6$He@`%e5m}f$M%yzC2S0<1}hRPjO>HJY~ z*dx(nbMbjv*;o&k{qzBdF|lS;UNVKziV=gbLq}UOCwr8GT5E9oRYQ}+>DhbQ1R=lj zgcNJN8|D)$Mx3#c+t@lhqcDUnHGVt0&EyQ{b5)=52B(VTzw=pQ^ba3`JB@BU^lS`_ zJEiLzgU#Acd_!}FMxCWC**FP^i#P}bYzNs78)#uSejEtYLbG>JJ7Igtho2oKQ;XW~ z4eMGO+t!_;G^V6c&R`5Tg+Pz2ToN(aybq4Q0ssie_{`t*DO%V7FaZ`{MBobFc9|pV z70o5ayHGJo9$$&Pgbs)pWNzduAcbh?~U?_P)(ve0S*3H%eNF&a5XR=!J#4c z;t992n7ZJr{*%`^dU1d-ALE8!3i#v;3r4r%j+JFCe=%3Vj=8{aXe zs)jrcUBZ=;LudcTUXj2ub>K5!{HHFHJ}Trx(PYugbQ8yK7&sqX;(;|UWjk3tGs3zuceeX)i4i_jA8Qz2Bc%DxN8 zXw!$+9jBtEHd1y90bYG4f8DcJM)Ab!M39tH5zz94*MAvnhA377@buNupSOUU3j8~> zd6&hk^ENRCp9T?_QUHk<=(&9Q^MJ^pi;nKOYNR@?L=RCSmKMJ5UQJQ`X!i~(gD*P! zs`RobzJG3Ra_Pg+WZUXUmMU$ilpwfcEti6)mw(~MZ0q!^sza>#jv!-+7B6F3QuMWg zVO!rXwD+lF1BBTito?ml-CV3vxuek~TKuOX^N6sol$v*{_%nAuD7i81eXm^Lz(Z~I z2Xj_Dts#G0&C;PV_Wkq*1QvB7+Post4={v;gk7b9u%#DC_bh(iJm$rqog^{JEx6NE zrs5^2SEL$|98#2WV#iG@L6cq|)SuTMSfGocPl65wUd^|5Lbpnb(;t>-Qu2jvANLgv zdte0vED-3C@^BdyHWLL(7{G$WA02z@JG!T-U^Q7HZ(7Bs&vchkh(p&}KvnS{MG^i6 z4r){gJp9p7WyWOEiKA2Cm6EXIn&&gk|Fc6^78OpPrX4ExCFE=SD$xcH;C2eB^{XTI zaxz_Cef*Yj==w_i_BTGXP;8C&f? z*QEM>={jFM8)lWAR870pG4XEWsl%%K|82S5b=9hVz7p_6i-d(Iyvq76&a#PV zR;VbQV|n?mg}&(ehClg%tK%IjgtnTR-u)lxH06XxXqH0soAZbB_Rm)XX=6Nge1uoG7 z9vQM_S~2h53n|W`y{{R9+=08rv~MohI_v4-BU^7fZ0-A}#b5{AOSTJm+(J;9yw%pD zX6u62GJ&@HKX5zQwq~j8T!Hrv-Mk^QSB5cu09L03{ToDO7jikM0WAcsjW>D}^jqCF zT0DEZ@K^KO_MD*%M!+V)lGVU6?LpX)eQVXEmq}R`NIJv;kBitJ!nW?0OxTVlu2ADf zE{A!*0g3%nwVcBD+AgT5bGx@WOnQk{zRpiZ4HhP`3BF%N|HdqPbbiV5)7x)kzC3ID zZ;27>0^mrMgWc7evsbQY`l`l})wr+e;=8U_!2&B77;1qL!N8y)eTJ2lf#CvhR~!Qa mc;sM|90DP5A*JW%f2r=u1xt!e4gwD_V(@hJb6Mw<&;$SznOm^{ diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/manifest.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/manifest.yml deleted file mode 100644 index 786bbdfca3f..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/manifest.yml +++ /dev/null @@ -1,39 +0,0 @@ -format_version: 3.5.7 -name: efficient_ip -title: "EfficientIP DDI Logging" -version: 0.0.1 -source: - license: "Elastic-2.0" -description: "EfficientIP DDI integration for DNS and DHCP log ingestion" -type: integration -categories: - - custom - - network - - monitoring - - security -conditions: - kibana: - version: "^9.2.0" - elastic: - subscription: "basic" -screenshots: - - src: /img/sample-screenshot.png - title: Sample screenshot - size: 600x600 - type: image/png -icons: - - src: /img/sample-logo.svg - title: Sample logo - size: 32x32 - type: image/svg+xml -policy_templates: - - name: sample - title: Sample logs - description: Collect sample logs - inputs: - - type: logfile - title: Collect sample logs from instances - description: Collecting sample logs -owner: - github: elastic/integrations - type: community diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/sample_event.json b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/sample_event.json deleted file mode 100644 index 0cda45e75c0..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/sample_event.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "@timestamp": "2026-04-17T12:39:52.000Z", - "client": { - "ip": "10.1.0.42", - "port": 56474 - }, - "dns": { - "question": { - "class": "IN", - "name": "euc-common.online.office.com", - "registered_domain": "office.com", - "subdomain": "euc-common.online", - "top_level_domain": "com", - "type": "A" - } - }, - "ecs": { - "version": "8.11.0" - }, - "efficient_ip": { - "log": { - "dns": { - "category": "query" - }, - "service_name": "named", - "type": "DNS" - } - }, - "event": { - "created": "2026-04-17T12:39:52.000Z", - "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.42#56474: query: euc-common.online.office.com IN A (10.100.0.1)" - }, - "host": { - "name": "eip-dns-test01" - }, - "log": { - "syslog": { - "priority": 13 - } - }, - "network": { - "protocol": "dns" - }, - "process": { - "pid": 7092 - }, - "related": { - "hosts": [ - "euc-common.online.office.com" - ], - "ip": [ - "10.100.0.1" - ] - }, - "server": { - "ip": "10.100.0.1" - } -} \ No newline at end of file

}qal5$moSACwfNXLXG5|3R0AtBcN` z?%yS)&>O>sqxU64U~C3&Q^>z-Zt}WuX4Wh3dKj9EO zfSbV!c3e;EOeKHQmWEw#NM4;*tw-2o@x&kKT?rsmy-F|$jw-F>WgA7?C@{O1qPg*J zf92|RTBMh&ptHADFc{T+cB?+mOj>h2HKgwkxq6w&XBxPc?>=JKvU2K9aU93@vp-R% z{5T=P$9U}AYZ5QU{3%7}YZ+ACWXw#-U zWyxU(OP#Q9-2AeGmCwcp`zWghf2hvsOjWjDQbU?U`v0&a--f1`v0Bd8HLiLmo)PKz5!A1|XVO+89 zm3h2~6yI~cpWor!_yt-?Lt>z`c0a7cJAW)#d8N8nNIf0H<+v;s4{0guDD(?T7Z<~$ zd`$vpZ_QQgFaMT0_d5&+(jwGU?M1FqUu6wjA-9z?mRM}(CmSdK;2e$Na}F-8jbhgN z9)@AIQeghf{xCC^{9P%VdYW1PP#}2BJwWt z0Hd8%st1NK5%h+)UB^mVwh{e#8TIm$xxgGo6I5;e{~VUeeMGRpM_Z%=eH5$X1}?Z5 z`|*_Vp~K&ziz45-Ih9y>EOr(Buy0&n$dbQ4$5eSr=Ti z#~7^n8dmem;$0D4+6eV7&G2D~d@ z+R#u8+nw_N%7_U_1e53P?~&10^m|ZUXrZhVp04lQLsGos%0fRDhS=@>8TOAAxK;Cy z9GZw_1pfSxD5~xoR!INI?tU0wrKDd6^Tv{jL>`Xb49kBaNPlhMaIfh_nq_)zB7NcX z05XeQKz`@BDUx7*i!V~%dc8XQ#ngBw0A2tSr(npSCrNy5Z7>48v&Zz?0{%FRElh_h zN2|?#EhJL5HQMIu6m1=ypTR?tVymHK)xQvS9ir7FzMp?CjlND39PK`od#GytVhZWp zQ1@>MTE1*Ip>hnXSWa?XbMH#708@j12yPbm`JfcqIgmJepn$5YgkJn_%5I)mr`Q(k z-a0yFR3A`houhvf&|wNpIsV{2p%MqhR@`@R(l6`}iufEgI*UxWq~26?WTpZCV{JtG zYL?&#I98fyf_;2S0?_V{=Aa4t^x%vy$pF$_Lh7W2f*~5uPvGYh;vZhMv|u+Z?2t0~ zcYPXdxbg6OS*LUjR_=jLDt)ab6;?g1IuySLG@UE;jLpt-wjLX&RlY>fnd@f&?0NyT zht5vhP^};k6`U76$%&I)iWPNxG6KPjdh`S6>g9GN@;KObQsLG zKyjfrPR0PU1B0a0=)3@9eCDl?mB9rFdlTMtTAeZv2}F*|@JWleq2+H1bt>>x!^wTk z+I)cgsZwzCMwoRpW_*!3IySTQu!`HWugAXe(Ai(a9Rsu;*0#o6torxwNMxPzEAjt` z>70Vw;HCQ?AnP`RKQ;2R8h%;LI#tx^(MO*lMWJe4_?)Q571P`kTmN#(ez21V!<6+S z@Uap+y%#8&cGgdf+E@y$dUx3g#)=#5k31Vqv0p!%L`*=-PiQAiSg-d9lKRZQDuJ-| zA96zwwomG+4}X$vR*IU=NC!vL<`rUTbf_uRJC4FS;k&HtV<=<)p(qymH)=MDV^aqK z#%sid7K|~!H`J!7hRr~Z!emxgWq6#GpQs%c#BM+scvNGz|Gi4G`;8Z~dP8)+51iB8 zw)0fazNz5(iK$LJeC_4e^8&@wT(DZ~~>SStz3P(>V8CLNlZqgv=2K-|Lu~si@XFwMN>QE^k zVS2U_A?Q$?M`NkU}^!M8m%O&T=kW>dG}1s2I~hxp9Y=a=1XX-(fB5) zej3`e5Et~R^r%?CZK0)UZsF_+tSOGIBMdrtMf#oJjGF9U`*P8t>i*TWed$Z2WNUZ* z_1Qw4Yr+Q0@bD?hD0P-^v}?FpPBg~zz5~g@J#J76C695|P>1l;OS8%~hZh5&-9Ji# z50%&56ZK4FC9}{jHL0!=qo9Yd(GGHCEX2|-F(f}q6@NMT4P3rQd{Q!=bz-8N(Z^!N;;ZzAWRf@C?X>mG=_NgyQX_?Jv$m(9$W>P;+e}O|&w&DjbsJPdWp0A2$yLr*!BY73Z z5d*BCaTI)w=sTlofc>n}@v_tSXIK?8(g`G_06u>SD*fOZJ~visq3lBVS2+cf-r$UQ zZ(8A0g&5M$IV7w5nqL(m$VS0X?=yy-e6>S>Ca3wZNT)b{GF39_gJdONflqc-j$b~o z2l@@h{$KVfC)V?#We*)@xYC;L^<@cHo>8axRMbSzw|eYTl|8pkabsQJ(3`z{>5H}c z`psz_Y6t)hvzL^=}P#++XUl6v`-j)SuXd6BynjNZ!&c2hnyE&4*K$nXn31Zk)cm+lx;> zya{T?{MRtSu?^3Y9bS&O$*mW^vRUpv!J3Tz12?3&Y62b_oiZ$24O(75Z)JWb+Rj)ACbK`f<&tSwtT$|Sy z$41kRPiM-jnPY9PKrLyI`pHm6LusMsrO*HpmE){Kp1^u2t%6nW^;GB|!4k!Ik8oav zjM?DBKh9G@W0gEwiU-M}0B)}olvoM71RccgiZBCs)L?q_GX&JDhegx4k2&cNatr5w zU)1#2USb8&`etO5Vk z?0}K+*2*@a5yt*X{qg0@8jEz~jcylVj>-042p1PBnabI#xUiCRD!ouw3?u-wwsqwF z8(@m8-Lk7q@v154g6yvx_tRDa>}oqpVda)wfI9(;ZVGt1v^{<|X?vC_(i@IJC+2I_lusrT=$h zF1lPc*Neb`;Xgrdf`p$w)~MzQW0M3_FYRKu{2$VU82J^B=X1#^<&P$_`=S$Ey04WU zTxG;hrFNLhWC*p+sH3x=JVcBJ9*7>eO20)n671SxQhZQlHMRP8FyO}yai~OTsbms0 zQ3b$C1Cn!>jMHDq{VX1ab^~_Q!z+f75+_AuwiN0*wA_#M#0|rU{+NlB%>Y+TNT0Gj z`3^LKMSJjz2(?lwg~ixDl_5%rzzZ}o_6Fj9e)T7gpH4=BgT1zmwJpC@g(f%&0`}8B z%7Y&qlP3aFmI#nmT`|R3+Lwzp+PLXt|5g%vlY_$fvse7zjus0D0fA##r+i4G4K-2Y zC#H95NGoYfWP#ZF_v$^Li{PZpm}fc&)aL?5doPcb835Cr6`T+EzzcEvLtmXcbAb<^ zw!_Zgk6Az7YA@*vb)(G{_W-B|zrf76z^`X%jOgqIIaqi~5nUup3vugzzg&rA^w(zR z+qCzvIV~nGR=47pDOcNTzuBw#5a=<=DMvGa)g zPw$^pmq9Fg&b#BZrPSoml(149rZS!fioV*Dy$z440U3MXDJmI?RZqLy0}IKSxN)o( z8+8wIZs#q(|KTg6y;Z(=96>xfpUsr@SP}I^v zN^R;ZVrDaWmNrM5-<X@k6JyjvA3;jHhma|Y|7!Vk& zgf(UK_6~cC;!|b!YTjke=nBiUqQdb#I9TY}!s5P)H+^c;9cW(QO8O%n5J^8Xfktd*qrn)+?-gP`m%B&q zi^}7jKm`yMW8ITFOMN#!QIB6$SWx*75tnCMaNg*_J*WuwBh~AT>0($nS8%&zmFQDp z$dL65niDtTV%!Kg1`6epWoQGNG`$`doy;Zjaa`keyL0F6iJMae6FIgnhAfzU%m@V+ zm5rQihLwS~b6{-bVR1ZSzBI7(Yj+V6T-8V*7I`ptWArGdy~8pnV>fALpi~NQLZ7;^ zpaj35=md<~-(tNmF69UX3?ua}A7UIn)q5i1iPYEGlhYSbkfeX`5epkxtzk3Qbu| zlgA`7ts%IvF4HJ}-98akyRnjCo{u-`A4&b+r?s|o`4wdYAHs-yh91p$7C_|+EdYH5 z10`!*=n+W9g>V&dfU1H!J}ASZi&-?`2IlDOAHnu306rD`y>jT)4^@S(X4XhN2{g9i zj-ym98+RT|d0ejIFJCM5>S{mT-8uGmRRqkJ3sMO_AQDrv77Q zv$t>zaVpVF6eBguE%9M2u?E-Oleft8z5+~W`G}KXD(Yc;7m4{Op>Le(k`g1UK7(1# zt6g}$n=Tdn{T4pu>v!c;xRCd_WI$Ali13x=U_0T!Ga-U~9W88q-lU+RLn2`N8Ouho z^0@SvC>$DguHWx)?^*ms-{PVq%dn(U3vrLj9zITDqQZ`H>Wsp@Gf%}SG=m)Vh}F$ztQAbwVGdDgd!28j&yX9wLW&s! zNR~6`nYg;ULAq8zi<;gUchAV5ib67Y##l2 zy+%gaD(|~G4@||{A;TYDSoS>q2o{t23t-^!NDSDEm8j3ao7Ei>KYLEpb$jz}7ciAM zD}trDN+AVVT_lXW<++~>8>Cj8fzJo@R;>%nGq)6+w?(#mNc#1J4W+!hA}?g$0Xqo? zn67qJmss)e%k(xO*&K@z6+}nHA(lCkb6n-|{pSztys$8HiOWTVR)tCO*Q9~if%3n7`uxGzE+OCu zwcVV|tgQdq60952$>85-GHk$lwM(uI+CU1?i{sVnKd0+UNq#eSSKjUKfDDgLnBG1y z^v?f#MRFkph~TgkoKBvM`L_~we8__xpLcjh`GwV|87q`vazJq?SX=mXhdvK>VqUf~ z4sYoTIpt5S)KrE-?>&=cRoBumD7;b5pq!Y07)#I$`)<@U+mo*dE*P~773p*u^6waO z2#thJahX_ySlYMpjx%h<)i43ao~Is`^Ya zMNZkuChEA7+ZJe6$>-C*dzTYf3#1SY82yFG?S&Q)5rTbKS-XLjckTLEc7>^sFcntQ zBeNXCSg&q1N3Bi^4zlQ%mcEBQ%2ab$?(;t-$HYd2%cnX$uuwU#I_6D3($m zR(>gHzM9ODf;r8b0l5LuEIQVZiQ0-|3Y_xzJkZc*CD=bPJ+&J+>>se%D4uTq?Ny{l z0Z5~og*Wa1O&anlcRWu_%o)(x?IZ0CfUNk_R-ik>GyvdFmpu1wHZaKTDGhL zqxsji)n<+)VKbV0_BRq9E;Kb`f=&vn(BK0Ba-gL?ZN;^^b3YFg6R=!q#zM;tcX0dM zdy5PPx@6pJPXHzH7$dGjM|6@6777nXPWV;CIQdNf(*Znv)sMy&Xcq> zhCq+6h6&v8<0}vd2(sKqU3j>fr7&#Xy%qZHcMU3m{wld^Nstkz8GagB?Y=SI&H z&{&BSA-|(i35$9(l6LpFyLm$0M0fK`Dz!~ezL?yEInsXAFR!bHe;ZL>Gd(#Hv?<$%`^b)oi?x%(jkylCPb=juPlF znMo&o961=NZ_$gd{xp1ZY2dNDOS!=XVj!M^A z+$z`EK4v=m{Bs{&I4W)({`&<5*^BV#z{IBAI_d+9Qx;~ zby?2zEjzUUeZWBDo5cz>%;z||z)<+6UtC)y60yD5J5`oo_zSM;l21@CY<0_|)NME5 zs)kHCMBa5YzB#N=W2aR?y9((~WuYwwf+HAc2mvU>NYlxOTvGf^Ye3za?*f-qUs^`a zT3>RPh9*Jf%3*bf|kqtnD_Buxv!<9N>BbuD#uYv-q^ z%RDnd7a3O4M9Y~TNISS@9K}JDkdg@>x8E6@n8jF=6qiDV+}{!V)(o?ykcr0sxBGEx zo!X;pc=r{H^vw6ztV5VZXBa4~(ujB$rZQ|AaGN@J7#q%2nU9gJ)g6dcj}zYB1& z@iFE0vMQVxa|v7tDHS$gwX$Ihc#M^DXRC>J@Zk?dC(3uB_s~*W&m-01DFMQGWjj5x z5po1@1gPl!v1Yra@qPG{D;$bYLM3qOwpl~7f~l)#n< zP+6`!NYe3EE~4RFR#_e=7YctPRBt6$He@`%e5m}f$M%yzC2S0<1}hRPjO>HJY~ z*dx(nbMbjv*;o&k{qzBdF|lS;UNVKziV=gbLq}UOCwr8GT5E9oRYQ}+>DhbQ1R=lj zgcNJN8|D)$Mx3#c+t@lhqcDUnHGVt0&EyQ{b5)=52B(VTzw=pQ^ba3`JB@BU^lS`_ zJEiLzgU#Acd_!}FMxCWC**FP^i#P}bYzNs78)#uSejEtYLbG>JJ7Igtho2oKQ;XW~ z4eMGO+t!_;G^V6c&R`5Tg+Pz2ToN(aybq4Q0ssie_{`t*DO%V7FaZ`{MBobFc9|pV z70o5ayHGJo9$$&Pgbs)pWNzduAcbh?~U?_P)(ve0S*3H%eNF&a5XR=!J#4c z;t992n7ZJr{*%`^dU1d-ALE8!3i#v;3r4r%j+JFCe=%3Vj=8{aXe zs)jrcUBZ=;LudcTUXj2ub>K5!{HHFHJ}Trx(PYugbQ8yK7&sqX;(;|UWjk3tGs3zuceeX)i4i_jA8Qz2Bc%DxN8 zXw!$+9jBtEHd1y90bYG4f8DcJM)Ab!M39tH5zz94*MAvnhA377@buNupSOUU3j8~> zd6&hk^ENRCp9T?_QUHk<=(&9Q^MJ^pi;nKOYNR@?L=RCSmKMJ5UQJQ`X!i~(gD*P! zs`RobzJG3Ra_Pg+WZUXUmMU$ilpwfcEti6)mw(~MZ0q!^sza>#jv!-+7B6F3QuMWg zVO!rXwD+lF1BBTito?ml-CV3vxuek~TKuOX^N6sol$v*{_%nAuD7i81eXm^Lz(Z~I z2Xj_Dts#G0&C;PV_Wkq*1QvB7+Post4={v;gk7b9u%#DC_bh(iJm$rqog^{JEx6NE zrs5^2SEL$|98#2WV#iG@L6cq|)SuTMSfGocPl65wUd^|5Lbpnb(;t>-Qu2jvANLgv zdte0vED-3C@^BdyHWLL(7{G$WA02z@JG!T-U^Q7HZ(7Bs&vchkh(p&}KvnS{MG^i6 z4r){gJp9p7WyWOEiKA2Cm6EXIn&&gk|Fc6^78OpPrX4ExCFE=SD$xcH;C2eB^{XTI zaxz_Cef*Yj==w_i_BTGXP;8C&f? z*QEM>={jFM8)lWAR870pG4XEWsl%%K|82S5b=9hVz7p_6i-d(Iyvq76&a#PV zR;VbQV|n?mg}&(ehClg%tK%IjgtnTR-u)lxH06XxXqH0soAZbB_Rm)XX=6Nge1uoG7 z9vQM_S~2h53n|W`y{{R9+=08rv~MohI_v4-BU^7fZ0-A}#b5{AOSTJm+(J;9yw%pD zX6u62GJ&@HKX5zQwq~j8T!Hrv-Mk^QSB5cu09L03{ToDO7jikM0WAcsjW>D}^jqCF zT0DEZ@K^KO_MD*%M!+V)lGVU6?LpX)eQVXEmq}R`NIJv;kBitJ!nW?0OxTVlu2ADf zE{A!*0g3%nwVcBD+AgT5bGx@WOnQk{zRpiZ4HhP`3BF%N|HdqPbbiV5)7x)kzC3ID zZ;27>0^mrMgWc7evsbQY`l`l})wr+e;=8U_!2&B77;1qL!N8y)eTJ2lf#CvhR~!Qa mc;sM|90DP5A*JW%f2r=u1xt!e4gwD_V(@hJb6Mw<&;$SznOm^{ literal 0 HcmV?d00001 diff --git a/packages/efficient_ip/manifest.yml b/packages/efficient_ip/manifest.yml new file mode 100644 index 00000000000..786bbdfca3f --- /dev/null +++ b/packages/efficient_ip/manifest.yml @@ -0,0 +1,39 @@ +format_version: 3.5.7 +name: efficient_ip +title: "EfficientIP DDI Logging" +version: 0.0.1 +source: + license: "Elastic-2.0" +description: "EfficientIP DDI integration for DNS and DHCP log ingestion" +type: integration +categories: + - custom + - network + - monitoring + - security +conditions: + kibana: + version: "^9.2.0" + elastic: + subscription: "basic" +screenshots: + - src: /img/sample-screenshot.png + title: Sample screenshot + size: 600x600 + type: image/png +icons: + - src: /img/sample-logo.svg + title: Sample logo + size: 32x32 + type: image/svg+xml +policy_templates: + - name: sample + title: Sample logs + description: Collect sample logs + inputs: + - type: logfile + title: Collect sample logs from instances + description: Collecting sample logs +owner: + github: elastic/integrations + type: community diff --git a/packages/efficient_ip/sample_event.json b/packages/efficient_ip/sample_event.json new file mode 100644 index 00000000000..0cda45e75c0 --- /dev/null +++ b/packages/efficient_ip/sample_event.json @@ -0,0 +1,58 @@ +{ + "@timestamp": "2026-04-17T12:39:52.000Z", + "client": { + "ip": "10.1.0.42", + "port": 56474 + }, + "dns": { + "question": { + "class": "IN", + "name": "euc-common.online.office.com", + "registered_domain": "office.com", + "subdomain": "euc-common.online", + "top_level_domain": "com", + "type": "A" + } + }, + "ecs": { + "version": "8.11.0" + }, + "efficient_ip": { + "log": { + "dns": { + "category": "query" + }, + "service_name": "named", + "type": "DNS" + } + }, + "event": { + "created": "2026-04-17T12:39:52.000Z", + "original": "<13>Apr 17 12:39:52 eip-dns-test01 named[7092]: client 10.1.0.42#56474: query: euc-common.online.office.com IN A (10.100.0.1)" + }, + "host": { + "name": "eip-dns-test01" + }, + "log": { + "syslog": { + "priority": 13 + } + }, + "network": { + "protocol": "dns" + }, + "process": { + "pid": 7092 + }, + "related": { + "hosts": [ + "euc-common.online.office.com" + ], + "ip": [ + "10.100.0.1" + ] + }, + "server": { + "ip": "10.100.0.1" + } +} \ No newline at end of file From 388c2459073f66b446b0188793a5b3da3f7f79e7 Mon Sep 17 00:00:00 2001 From: Jasper Date: Fri, 17 Apr 2026 13:53:17 +0000 Subject: [PATCH 2/5] Update input policy and images. --- packages/efficient_ip/manifest.yml | 35 ++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/packages/efficient_ip/manifest.yml b/packages/efficient_ip/manifest.yml index 786bbdfca3f..89abaef5b39 100644 --- a/packages/efficient_ip/manifest.yml +++ b/packages/efficient_ip/manifest.yml @@ -22,18 +22,35 @@ screenshots: size: 600x600 type: image/png icons: - - src: /img/sample-logo.svg - title: Sample logo - size: 32x32 + - src: /img/EIP-Logo_BlueGrey.svg + title: EIP Logo + size: 96x96 type: image/svg+xml policy_templates: - - name: sample - title: Sample logs - description: Collect sample logs + - name: EfficientIP + title: EfficientIP DDI logs + description: Collect EfficientIP DDI logs. inputs: - - type: logfile - title: Collect sample logs from instances - description: Collecting sample logs + - type: udp + vars: + - name: listen_address + type: text + title: Listen Address + description: The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces. + multi: false + required: true + show_user: true + default: localhost + - name: listen_port + type: integer + title: Listen Port + description: The UDP port number to listen on. + multi: false + required: true + show_user: true + default: 9028 + title: Collect logs from EfficientIP DDI via UDP input + description: Collecting syslog from EfficientIP DDI via UDP input. owner: github: elastic/integrations type: community From 923ae35eca55b45b2f061a4a9e8cafa4d5f22ea5 Mon Sep 17 00:00:00 2001 From: Jasper Date: Fri, 17 Apr 2026 13:56:10 +0000 Subject: [PATCH 3/5] added PR to changelog --- packages/efficient_ip/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/efficient_ip/changelog.yml b/packages/efficient_ip/changelog.yml index bb0320a5243..983ff10eb05 100644 --- a/packages/efficient_ip/changelog.yml +++ b/packages/efficient_ip/changelog.yml @@ -3,4 +3,4 @@ changes: - description: Initial draft of the package type: enhancement - link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link + link: https://github.com/elastic/integrations/pull/18505 From 88983116f7c9fb05cc574be72eec202ae9dac752 Mon Sep 17 00:00:00 2001 From: jasperklaren <65619724+jasperklaren@users.noreply.github.com> Date: Fri, 17 Apr 2026 16:08:53 +0200 Subject: [PATCH 4/5] Update packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml Co-authored-by: macroscopeapp[bot] <170038800+macroscopeapp[bot]@users.noreply.github.com> --- .../log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml index 0b082e8a942..e42a7345901 100644 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml +++ b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dhcp.yml @@ -61,7 +61,7 @@ processors: - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} \(%{DATA:efficient_ip.log.dhcp.client_hostname}\) via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{GREEDYDATA:efficient_ip.log.dhcp.lease.duration:long}$' - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{GREEDYDATA:efficient_ip.log.dhcp.lease.duration:long}$' - - '^%{WORD:event.action} to %{IP:client.ip} \(%{MAC:client.mac}\) via %{WORD:observer.ingress.interface.name}$' + - '^%{WORD:event.action} on %{IP:client.ip} to %{MAC:client.mac} (?:\(%{DATA:efficient_ip.log.dhcp.client_hostname}\) )?via (%{IP:efficient_ip.log.dhcp.interface.ip}|%{WORD:observer.ingress.interface.name}) relay (%{IP:efficient_ip.log.dhcp.relay.interface.ip}|%{WORD:efficient_ip.log.dhcp.relay.interface.name}) lease-duration %{NUMBER:efficient_ip.log.dhcp.lease.duration:long} offered-duration %{NUMBER:efficient_ip.log.dhcp.offered.duration:long} \(%{DATA:efficient_ip.log.dhcp.message}\) uid %{GREEDYDATA:efficient_ip.log.dhcp.uid}$' - '^%{GREEDYDATA:efficient_ip.log.dhcp.message}$' - grok: tag: grok_RELEASE_message From db27b2c597d329e531d852cc75f1ee6f0965e355 Mon Sep 17 00:00:00 2001 From: Jasper Date: Fri, 17 Apr 2026 14:14:22 +0000 Subject: [PATCH 5/5] Remove EfficientIP integration files and assets for version 0.0.1, including manifest, sample events, documentation, and images. --- .../build/packages/efficient_ip-0.0.1.zip | Bin 38538 -> 0 bytes .../packages/efficient_ip/0.0.1/LICENSE.txt | 93 ------- .../packages/efficient_ip/0.0.1/changelog.yml | 6 - .../data_stream/log/agent/stream/udp.yml.hbs | 33 --- .../elasticsearch/ingest_pipeline/default.yml | 235 ------------------ .../ingest_pipeline/pipeline_dns.yml | 169 ------------- .../data_stream/log/fields/base-fields.yml | 12 - .../0.0.1/data_stream/log/fields/fields.yml | 145 ----------- .../0.0.1/data_stream/log/manifest.yml | 43 ---- .../0.0.1/data_stream/log/sample_event.json | 53 ---- .../efficient_ip/0.0.1/docs/README.md | 81 ------ .../efficient_ip/0.0.1/img/EIP-Logo.svg | 20 -- .../0.0.1/img/EIP-Logo_BlueGrey.svg | 20 -- .../efficient_ip/0.0.1/img/sample-logo.svg | 1 - .../0.0.1/img/sample-screenshot.png | Bin 18849 -> 0 bytes .../packages/efficient_ip/0.0.1/manifest.yml | 39 --- .../efficient_ip/0.0.1/sample_event.json | 58 ----- 17 files changed, 1008 deletions(-) delete mode 100644 packages/efficient_ip/build/packages/efficient_ip-0.0.1.zip delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/LICENSE.txt delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/changelog.yml delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/agent/stream/udp.yml.hbs delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/base-fields.yml delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/fields.yml delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/manifest.yml delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/sample_event.json delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/docs/README.md delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo.svg delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/EIP-Logo_BlueGrey.svg delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-logo.svg delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/img/sample-screenshot.png delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/manifest.yml delete mode 100644 packages/efficient_ip/build/packages/efficient_ip/0.0.1/sample_event.json diff --git a/packages/efficient_ip/build/packages/efficient_ip-0.0.1.zip b/packages/efficient_ip/build/packages/efficient_ip-0.0.1.zip deleted file mode 100644 index 8d9577d86657cfd2dd258a8b4f75ec6d8bf49c38..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 38538 zcmc$`1CVXqlJ8r#ZQHfWwr$(Cxy!b>%eHOXw!O={{Hou1=X#S#CPs>2ZK*vZg zEg>W#t0Y3_?Cz|h3Z!M zVlr7oETLjpm|WI316i2 zG(Uj1kq}V;VE_wTkb~#b0FA(P4M&1WO3EOn5yl17oL z-6N3t7V3GYG3}HElR$^mdtV|eK*LMqdD)9qEjW2}s}j4zF0L;nFdXM3@M`d=w>lN0 zbxKP?^=$N(ft|d z{gbF#-IW-#bvwVIN2VN?PK2b1qV7ssJX7GmQbY7$yzSAWpj!Sc1WD z5Zi@Lsl7q16HKxq`qjK46E!Yrug?VFA;+;fe^}&x6x7H7Ca%o?Aw^D3{a9GzLrN)PyjMEl-#gw%*g(JyYenWzFhc_%68CK9vmlPUU ziCaMUaU<_oFPCHouYvTsva zh@Q2Y^?0U&tlD&|(XvOpm26u}%=1BZMkNMRn`6Gl4i?E*PFLKR0oyuR`*sehj8=NI zxD|-fe<-nRoZHA)OX)!WCZZRGJy-pa^z*Lx3Z(;vJ7$p)4Qe7~)Cz3vXbs+<<<*Xh zM{Ax!T33Kb+oE^Y>e6$ms+l_TtMf_jYLo;0SK3KcJR=~`t{%V%p>SuCr#UOj0oU)8Fz=m?b>4bzRN%hA$e>LY)C7fR+wPEsC|`-JTSrNGwgd;;LoVb-pQSrW&S zZy{8gFPXemDOVpNIV@r+frm>XJ+y0?GkqxFIj_w1qb_5?bv5d{lp)}Sh+f#xUXyYB zp-UYI7*bHVB<0V>=V~UOw8773&i}!3Sp}hoQDZ%@#*)kQkmihDm$55Em@Hy?modl3t|wPcoaDPb)0$kQ9qBtqXg;B{A8uz~$lqBnYEH z1u&~XWA^cfp(4%p}prtr$ZN)1;h1?!yW$QiG3WRT+e+M9}-d#^RTi0i!RL3b(X-4 z2%ug*Lj%=5^;(aRtq>q;7HoH#nw46R7W87Dyuu_`43ju{olYa@&x9)AiXtlNHrEgE zz;Gu=o!W44Vd>1b5O4spt@mL%88R2;hJv8avhYGay*~;RycPG)fS6oSS(OG1(eZ>Y^s!;s;5NlRqThKRKQ6r*sXlBgJsN8#| z%HJUW?!O>Y|5DjEMfbmdfAjy}koq6livN%OH#TrK&~tKjG%>KD|I7V&-^%w` z{wtO!|20bnX5UiaU$MvV-?8_P9sWm>gzJC7tc$VzzeN+BxuMfvLmCw?U>C>$6MXXy zwV1uK^=3wdj@PFtp3m;Qp!oGn*{iN)qbP^L*E2&uhC!0Mu81QQ!nXJfNmO3ag(@^& zE<;Jr-H7ay0ZC+R5Y+Q)ox7RpDz;8>+kKTIojj<`v8BA-H}iSmhM(EjRkmsE!m8=gl1zf#jIaDb&dKIZfP5PxulSfs>SalR$1YP{>JvlIgFu;>pZavs`ryl@x+n=UM}OT&ompN(pawoy31;#W z@LHPG=&S%qVQ|COVns({GsO@Dm~tSxL!{^N80QH)6cPdvxi#MHpW+WFt5p-T-LyA5`v z&m29*R9#DKwTder3aH1SRI7kx{w*+<*Syxv@+jtnws>(m2`(3uk7v*_bglZsPTRW3 zX#e~=(~$c~7<@-@*wBG&fMoiz*(4_Pn9|;~A3p^=Ss$&-XP%MMqwU> zS-6C4v62pDo4Edj;>IKb_bncR5e~b80g~|$k*OJ@5KU^M_CKY$wCBTqAfZz+8*1mL z%A06+{5tAvEY5@O{@hdVP%we8+Xl!SsRPZEXG8c^lLaa%!a)rJjWjbCye)O|;&h@h zvo4a5%L2Qx3z^R%SuCkz)bTcP(e<#fGUf;0)5;i&)1-XNM@X5fOuv=ZK;gB4-{y7p zu<>wk@;q`dw)f!f=XiL`>m4p^6sL1tlst+p$JgV1d+8x$V(*y$*_4WRiGS05NPK*njf;p=k^sO zpcmbsRbn*l$!nHZK+laA0`-{ER$&oX-c-{!W~~aFt<=~Sx-{{BiyD@WTB~09tCY-)u{FA;=1-ZK6r^DzjhPJ&4feV81vpZrcj6uK1fVIM^-|K$m)D z#Vow2cTB{2(WU5~cw>QQ z4`K2y_i@>C6hI+4gqm{dR$P+wUp45Eom3Zb;C5u}(A!Ip_mrWcSEKD46LeAEXZd8GRJvTfAJa~r!@Dw?qa0)#JQBB2J@oiRuPYI$3}mYl$h8O?^#Mg4K4#(6IhF% znS&InD{lC--|G;+Y}gO}xg1XA{bP#LiiOkP}qV<`9#sHj-ILxv!t>SO;0QIsx1 zqPExMYD_mRWz#5^ttqwn^tcbWd+1c6QWD#UK+?;IEl@G_E1mhp>-1HuC- z;wc-ObI5Df1e2Ilf6{J!=N4VJRcmd>FLyXEi{pOX_PlJC66ZWd%`yNJN#tWK& zo?Y!|{=z(|lf$=`GI4;zP>~AD3EYJF9D+S|dUrn)N0#u}J@8rJ-k>qMrxfVG0@Z9{ z-l&~K=xg~H7;<5&1CNMRJdve8Q+7~1L_PwLXLM6s{k~=K--PnMBEzTD zw@}`}|2vKU5zQ3;CusI}eCipS8~xv6=r193scq-9&wl62mn+z_u9s41xx3v#CFaoA zCUYg5K$^I<(cb1n={itqND^yIp1S|ORbxCc>@V;`;644ZGh_AK_VNCKSo25g#+5Gw z|DP;jMuSCxXOe(8d48i|g`hS9=YY-Iv_Bx`-cGS0d^%eNaWcX;LWAk>f(&$7@DMKX z{_3A%pV-I{z~BmDdYFFKB3VO|W_j&z0Rtd7DBh0+llJ{H^>Y@bS2ye(aFuOJL;V`&H^*zeEkE$vbS9ft_ko&?Cke?JA?( z$KPMPzga)MZJD3;LeI8_`h=@Q3}?yAtz9ncj^7GF%GpJHpmZTbP0yIJJ;R~2dXSt4 zThAwAK0`$RjID#`K`Q!E$yrMT_yp<{I}Hj%NLE0RBkbbOwr}mLM|XK*lW?08WFK^DuB5Ans<{BFVy)SGQ(Z$_y`BDSlVU5X0M?Zs zCrlZ!#<(y}IB18BYesy&m5Es@PN)yKMX;wX7(8v-5}W&Z9J9#elTZ&H0)OBn!4`r>sRSNC z<8jXCk9C!o%4f@&-bhr9@>ptgVI4_IqgcHjM>bE?*tH0xJaHEdmyOLKs;cs6Dl~H6 zvcnwFCQ+wXP_%3{ySEho;1pc-`qAL_&v;ntSl}`vgm(u51CpJO{YRh0Ro&E1w6Mf7 zTw0VVJdZ4O#>)eybNLsmL{3^$+G{y*H9oD4Ot@;_ZBsoD(x(k!xMo!J@FK+D?>OR(`JOLXIcn1o{nKxM{U;0B*-tjPKaYsdsgq^I|5$sdpZ;9+ZOLSSWI zVAJ`g46?nSoo|1Pd`ykTd>&u7B5-d39W`^sKkiO_^ zHMRqP!n@pttK?m65{eV4Y><6k5p#P8Wf?soY!>LYJ!7R>twg-E^7Xb4 zRYg$lZkmnW+}WH9yx`e}2hY_BtogZ1E)6V7$S=2hAndOlN>QK#$LKd8NBE18%%H!I z5`A=%Qpzy5>iQDT!ZdNrkO9YY#jRim{Ni-e|4-Vj+9WVN^@pQWyQr)}M9#K6U9Pu2 zVG+eg9(SSq3eoU^H;WhPS<+}0wX}+Xz=_ZPE&)H49`n$g2!~_%lr=*r z`YzBRf08g@%pOsVL_9ZbmwSH1%l;tFqQHV{Ky4OviWhLp8vv4Ukga+ zzNsK)C^gM)=YT;L1OzAg=^fG#_fM9aK6QSLEk*i1dD7;B*~dHQvRLByAoh@6FMYyW z32TvxC4OMf$13d-8jK6Ob4IAxZ-|hqr@)Ihs=~ z2?I4v+Ht2(ftij3qQ}hJeiex`xpj$RXv%_Xk57 z>wG#gyUIkRQNc-~CWyS3#fb&(VT2nXzvR0CU|y0fm1~}OF9ypmmI%5;ZH)yz)nZI| zWYk^Lsdy@Kw2}-WaNbwu%v>U~>%Q5vjzVki@pH}I?m6e`wat-05@||L8@?dQRVX_J zm0e@)Z6+996%QC1Y(IY;>;Vu#3nc5}*89D^3KRDQ-_T$f6XRayaC z;B`O>_z)JgeajR0|qd+3tPix?d&eI+ATVZ`ztw2rmyA!ND#kT&+8CI+6buvkaFM zuW7>?d?xHIiOfQ!MfmL?2~tiayB*Vjtnf>d7S4d(q0v5B3>*ADePOc9^vabP@$|Z=ArmjV$?I(-*sxXl=(% z%jeq0ar2JoqBb?y*ZKV1^apfn)nx^nBp(X}zC_hRKfL(!iagP-XcT>o)uqpE;Z>G{ zCJPmt$)GN42X=#%!wT3fC@nL$@_yY_ST+RLY#cvb z9ZIN={i!%ur|qghDMi^nC+&5;YCY>V8AhgU$?IxHc&hhSjI*-8RJy-yChOfNhJwBB z6h=SO0%I?{jSJIAGbxX(96jG*7q%F`eomqVcYa2q&jf)*zM!fcnrLdlD`caniTvSx zxe{>iNZo8UeAD|b4g5`-6sQRbB0&HEIGFxd(nR5ZR+`v4{fE`I&bKmI?!M7;;Jhar zw(H%}VNsi&Mait)D3hF5);}={MJZYZ7wZ$plOP$G{k+ktH-7&K+rZV(!FH7il6`ZM zB_>|Ha?u5;02V+N;dnfdMuwpjQo9R;L_}hO7=;FnC2xH038UtQ9OgmN#TLE`C^;7V zumkYGpFjU~Y9_!4=c8Y$+otXrz8e9~-8_$uR5KSEH#SL!Lz4-S1ZjqJ0tnA|HEDX+sU5MLj!dSfFzO+WBC*vcfem+(O-8WU z_k{tTtwD_PwW2%52^lVEugT=Gf--Hq&kx!+aFnAQYK^xa@T0sd`FM)tI1qVo9nl%A zTY?7EEpEvKq`lfsw#Ch_=VRiOS5K-{-gi8_TB&q_cW2nK+(^GTHnloT?|#`EWblrj!b%p=oO%e9MI}NQWl^w{uX#xjCA(h`HFU-ycBiA z2}%hhqy3^K6d>rjE?i8pTOfQ-R22XR-fC0wfgC1?l1JY)b+@-`?FMK``QsVaj*sJ7 z!ti-!pQ3Y#mfL4xA_b{mZX=iT%u5#-f@m{_b68BN8|HrJn=R2a2OW7IY-Mvb@&^~< zYB@E;I@lIY+v9W5;kNvO6p;$!^Ef%D5*2=5E97+&*X%DXnn%`dKga|PT?3fV2pD#W zlG>UNtq^~~>$#={wbr&Hz4rb_4H1l+f=wj3uA=D`O9W-}>UJdW6S^Mj5@$rX}ibvm&f z8cwVlf&pkC;90sQXo%^V3V?LaZCzeO0idFp*t-Z(WfM{`Ibj$Ta{H}HUThZu!*KN9 z6mc{aCdDji+oohAbuSfo7{w)74$IUm1(&gu?jgML?4j^S`Bx0wH?ZG9y8Unx`eDm+ z5p@p9H!$M66lrx)IkQOC7mhTf&7*c)Zk|+3_#l<^zzh}iW37%?`_CQd9lS^m{@z9< zPzT*gtRm!i{`4E2_l4)5iHyPe1M>)uYOlK3&KOsmS1G&^42n@!b}4@rC1%!-G+Dc8 zCN%OOs9m7A;HF~piEtu8JB69Y<3lK7G{GKun^V2&M;+X+^G3_xLMpqqQ&gwe5Q0rR z&J|lR;&bitIxV%8>1IXt(act)nx&T9)I=>zu$H;feZ$w6*5EH3-t1tdXLIweBUn0% z%GR+d;Ox!TyQ}rnjJ0Lg9P2aVjTyFk(5Hz#ZMSRi;O>5NP*wp{5{T( zaL*MPeQ7gIS+|7a84=HS>wYl@su=z>jf-{yG`M%obvns|nf7XdxQb_>Y1|Y#Tfdie zm~ADMU{NaABehy`cyK*-zSpTzks;rAHb`I@^EzhcLUE1+*#c8aYs z7rtDh>akH4*nr%yr192JQ3{rsI6H<+kz-*sf0-KWjr3qPpD7qCp507sY$+T|gxkKJ z`d-_RGAv-0F2FFDr3l?Og;vq;27M#i`CUwL(RO_t%;y z1uJ>c>K>p$w!~(r5WJoN0jI8#C(ncQsu)f6eCuix_j9x|!#fBt#DlKH>o?>}(0Q&pjUp8(t-kYDA{*sBsLv-VS{7xCE=cc}Pb?oGY{j?h*(Z@X>$b2>;q+eOx)hn%xu5&p zMyEe1*LEXA9s1n9s;-o(?yLZITvguVn;*?2G?@%5ZLc*?@p<>$G=K8UWBk$X@?Zdq zYEskWRPb|y7lpTX!pDet($N@m*x<6cBGYY?OX_SgrtM@o>0|S+C^SRsuu0uQA zLU45eqjdi$NcNMhzcEej@BkvF9)7x9a+*G^S1Vq}m_qVYkaj)JWwxHuEVK9dDHYrj z6E5bS-3O5OC$l=1n2u1=lb`A;nqB<*A++0aNBOQ-uVy+f|2FP5-Wvg4?}NW&3d2t^ zg!d0Q z1y7Z_fK~xQ39Vq)V5kB7i$o!Vc!<3}{xs&u!W5~x%g5w}^spj>{U+oTtLitInb>Tj zc zWon3P`>BLKq9aSfqV9a=tv_n$s+sFAI3|jz0FzFgloIc;+Pb<0!vH~=z;l&vKLWTF z^MvvM9;UN5;*lGpVo(OPqEeI62tv+}fRh(J0GJPYWp{rA7)=O_RU$NT2;-d@Q%-uP z<D2>T$8p?1^P_f)4 z1%*A(7@_?sm3w1vUO^#Fds|uZDd5Q@20&kJ6A7t9r? z)uRHU=5v^3XxeW>G zi^uDftNMNO>TmNVmTg0Q{<|B!_FV`6-%h?x1~&HACVD2W-+L73ES>CZ|Eh9FB`R2L zFd&TVyivkk6$KB8UniKDCV`Fu9N7Bu zlDl=4zliQz4u=AB3rpWs zu4n&*-;cWt>+cRW`&+sgFM| zfCTOy%hbNgc+c+~Ow`TZH;%*C;Q8rNoRf8M*yHZ}38)Bdi|O{JQGeu6T&cA+*J}SX zjd|TVmGhts3?)3x!HEDb+%Mi``zvmW*#o#_(}+2~Haz`GoW_xa_K%NX_wPeuGry&; zzxpDz9&n~*-?>x?c)5S zMe@0+DGkP777A0Yw<782@9lGE761#s(wK2ahbD%vGL5&EZpb{Nl2q;HEj<=VA{)(I zOl{9{III96oN4gT&n)3QPXEM7T63AH2-i@WPA z9bCpP4i?#LcaW@@V1Qyn2vrDLH%;}&YrDaysNz9_+SbSUpW@)107|3RUSwP^?@N3zaV3}IY?g8Gx_WoXtmaab2Vi0p5!A2gIqCYeXEW>2>R5U8E z!$hqTg{{0wUz>egv8NzIMjR_uD*JD(*jx8CRyITyp>S>#LNn5AAsGpl_F+{^th+$E zi7??_g-o*xtK^b${^z12%2QBVvc~L&b!=r0Z;ZMn-o|y@z7#<-ld0KAZE|LxMsJXd zXL0L`MiHO~>Q-2rlC|r~25*#B`rcZQD3W#5oaxe4BNC3gnthpD9pY=6neYl^ zu|XEh^`sEa-S9Bi<)=|%^5~i49t0$}*x9DyV*<3ePt^?}y()gj9QG6BefKSe(@?Np z+ta~EBuzu6T~8~~(}cKXYBsmD&P_(abA}yIQ;HE{E2o_D(4Zjf;qged!~>lugYc6) z?YeB<(1<>lwW2I2iv39d_jZQZhE|mO^vYxtZ0nr%(gYhvWhl;yx=U}`5%kV4hL)lg zHJ;LbO}J&$qI9RAy3fskJO=TCrvcKNjK4#u1>OcN%Fu>SS9uznQb-@_Qaqycg6OSj zw&E4UKo*@cuhLttQ#{%LvJI06wf&aSXCr8Qoo&#SJgX@C(7qLGpe!9Pi;m;Pw*7fb5a51^mmkF}vih&NERgKAAgn!jGv z7Y=ldMaSF8`PtIy>K!GmXe(g7mP3Q}A|OBeO`*KFXNZ#iUun;69B4==Xy zU-IZY8dx~QaL0l;3N4YL(*c7Bgp>l?#tqH$;B|Fd+%`xi(sfuRD$U0u;ZAou&@tr5 zsBXzh(19;pUA6P^6<#}!())oXo-=WqQc^&Ja0}DFJ-QyoqTBJpJu9lq?6h!W?cVA; zbmjaKzIce9vlUYh1Ga;G5pGVd2I5f6vo1*Q^?V!Q+|Ksum9Nk8+}Uv=;-~t9ntu1_ z>)6h>V;N2I-6b*HOk9_z;b9LPOs+(-t$p8W?r!0$){GHFkFM%* zeU%;4E;7vS{#qizme^!dFMae|i9nTuJFJglY@xYtU_=&S_Im%f*9Yo0aeU_{{?!eH z1*OlZ_-6=}z?Q{*)PY(b#wCVss`}aXEm-%*@rfI?`Qr+#_w)Ca8da!Vsg(PQnjyId z6u$rve^T^TZTxG2Mlz3%O^}NL-GV6*SPxi0-@V59 zFeGkH4M=JsN?NkcaJ&;uz$7Kbw$4h^xF^JG0-A0Na&Rkh`ln>3rNf}xdv#}XCp#*L z0WQ_;idOKOF~u0xs~U9PX+*NZWX5C#RgFfIwfy!)#G zMhrb&&C}Bln31=Uo*Ozjhwcrp*O8?u+vfp0!LHZa71O;TM;DjJgPIXBpK4nB#%lZb z`-fKCX}1MmzaPya!+ZP2?@9uaF$1hbvQXpI0``6JT@gyZapKMIU6W9fvQEXc_ODvD zyC0!=jhK9IZ|kqvxp}4C-YVWgHxlc*u8T(|c05Ir`khh$?H?yo_*vs4Bm(G*-Kvg2zO|KlR6>(h1p zz5~|J6IV(xnGc#F8yoxp4o)(-Xo zEZF$V(GgP`H^tpM2qjg%Oo&ZPuC$pk87>m@{13Y8<>%D?0W4@9Ti8NHQOoh`bijKbKj31VJAW# z&yqfU!-psg@*mE)9f?3?R}4snJX@2as0uw{ zWAo<_mP%5gr0O;&(o8`;*wi8^Yf#6w_Gmlf3iDvJb!B~xxDw=RpY|t zpbKwx-fogM-!RGS{N`2_&xl6U0vky;uP{^Yt5-4ic+r}s5SU+{xDa0<>C&2y+~NkZ zaX}Mb^Zane)&?o5%8>wIS>U=-g=Xf2li%`C3T3Y|>Fo1_UPVq=TVK+ot5qlvwi`sU z_geO*$SYUU64a|UT9ZJ7bUF2?2L;u%W_DAzYbbVIsBl%McPhi1Q(ag!=$h(;!dY#d zs$Zvl39t@OX%kX6rgPJ5hdF}tArZ_FjGwTj6_6Rr@pCgtlo4&bIT$~d6yK+i8LBET zJ|-hnc0$Eig!&~xb5c+CX=0sdFQt{nyIp4S~gxivozssJeb5;kJyfVBy zALahJ7{4U}HA+pVCC-)bgPgc(rMewId|?vX%LO(?8(O0pxnAd)CiLB+zCW*7F3^Ni z(G{c~m&)ywm?Ea~Rl(m`{c_T#$&JfJsd3Rtwy0{UnpkKL6bpxzN7 zA#^k5&T~ZW0APoU217ib&~a^0vwpNEK}untNbv7>@AzI~;X-nZ zKpfWt;Gi`Of>_HtO0WUC~nH- zPp!HA;=Ff32~^7}M`E3Hrauc+0SzT#NGA|QRgW{n!j@I&Rj6tNYXhfoZ3B`Fh&vSx zi*V3{O<3gPAzY7#@*ParLdHl&Zh@@&fOU3XPZ*eJmqNoV1@j%G6>)Vf8QXP~f`PuG zs?(XvCr?2lvWmA8lc`m6^UcTYj0qiJksltBaxL4QnY9KT`JHHmyQLr(n8t<^-hq!4 z`F}p)VVX|#Ww+Lu!{IZsq@@a~wl1xp5+1SV<_%9?HqoAi*xc6DeOyOO)ezDrifGHV zVwK(SmLcmt#yRQjD6>rl>zg|Gx>QLP7GPp1-Z$R@sTDm5&15*`t+@nI3;eC)$31Qq zWz_iVJ`}dR;<{>Ed;!LfC;Y_24+=iM&n@lcelKqRw)_p5)lRrp4h4W8b7dS;gS9HZST;H296!@_WF2u3!O1D!szGcAUr1kj32&t8?g6u`EanK zAFyxtdw;ur#YyexD)IB~+`97pBU6g+_ui!8UPrOfgYU<~bGBd;o#+z3kXtfxW#5+h z^wv;U#RR8jc909D=!nyd=%6U?3L5|&bE%RQa1th**-}vW>ri-S1Ie!E@u^DfH)!T< zWNfO<$lmRObI;eG-)Gm>)-@exx34X_h$g>*rh2ev3K20%<9lV$3SYNN$ zPll`U^{mYaL#Vph5Obk5<&IWPfe&w}K;~ z7O}^Snv}qW7ayw1VOWNu}OR!PBo`1gclpvRvp|I zC$I0ECFF?d9TTdj9!>(g;Fr)}Cls9tb0890spF!ITZbbSSYMcm(nfrYOrxoa`Ni7g ztRArBI?cTBh7v!2Xmjf>g*~HV z_{O{N06Sw8T)2i&XJVff-s~xWN~0B=lG<|=fJ9=`)fwX~Ge4K0dwGm#UeUlmzI+kd zu}j2m^C$>ZnjX`rMLT=S&hK&}gS$VNatn4rt1l;RYNck?)+-u~)P*S3d!=!o7gR25 z1L@NiV?wS$vY2-=hK6EZH@EqXkBoJhnstM&$s$i-Eg7TGN7j2Pd;J5}3Cos4=z2)i zBRGTjwoQw(A4yyf@emeJB6J;1AS|R_pIgZ?teA7%vDBH=gy99us4e9g8JR)yTLRuP zR5ZGI#77B&0DfZE2t{8$8f%@j)WTP%U)lA7DEx`)(E z&=Qs_HhY7hnb63fVg_6BiDpUXs#Q$ni!BEdxb4Zm4!Kf|&c2bpK6JPg?*UXs+>wY9 zr>5N;=SpHCE2>$ee z4oMAVq(_vRXXdq824rSnWw^`MjUly=8i#OFPrX&<4h!pBFm zYyDSS_`ITEpq~g2G8E3t$Eb`itBT#MBW8c)#wXtwKeq80#3w4h|F}1?YHX}(vyD2e z?lbh;-XF+r*(S4It){2}rDUh-^8`y@{jsCZ6G74a1t@gIk*3tbDzhI*M!qm_ZpHSN z5n%iw+Ss`2!P_$QF*}vbs+zl1w}vWw>}U~rzD&H79qJ-z-BUk3p(TlqS!aE9Emwm& z_P`uS48`~Sxf_wBJF1Zghq4hPKSV*GRp_|J<+6Y(Z~awv%`>XIs>KIja(~2EICwVZ z+s)zkJo8r@f?12X{_2}2y8k6l$o@G`{#HVz{XR7I?-wS{$$PR^Y%n8wL!56o$Quq> z(kNvFab#OOgP2Lp^KB31v?y0+isxxR1<%LbWHhn za6Qk=yqRdo(1)f@f!MuG9X*CFcm z{GmB}*CAc5WU0|(>+9Ct{pT%T(DSq1y+cR(?#u5#o*7@7tQBV-y0V#&G2mbIU)|aI zyw@kS8+<%Ax~dB=f7;V+tNkWVwn{HsLPJ9#b5s{{`}r}aj-!YmIf(}`ASglmvLJpq z(gxC!V{kA)2@R=F=t~(eLPoG$v>Pg$|At|*6qWL*#wZXl(<)H6f=Vm(RJN`?LQ)0n zOZq|5s0cp7Nex&~g^Y%H`XDW6sp9a|EqPH<_tt@{OlNQV|JD#L+fUfC^cKJPm_+S_@}E=sh3V(K z$k+8p^^;C@9$4GM(DKPZ1Q^B%428)(ZwSM-tr|~zl4pE&{08l+ZUUX~vaD`=s$H&p zw%=T;T((cU#@84Q`5Ynv8Q(fGpjb=KyucZObN(U?eEDFyxKEu2TY4%3nv}f&I6aiEo zc60E>v`alth;h5k#u=s8=;n{73o;SzNauFz#0rs=X5RMo8e=(}p#4aZoy@p1z#S|j zO-A=<T{1xzF?bV1B) z1qDAKHBzbRtXU9ieVtxC_JxRydn6|?b1a zQV*XJSb(%VC*-x`aFi{FtgSJ4`s9Og3!b0L5KyWxV|9*cLEOVV%i2Iwkqs3Sy>OZq z-o-qz;{0(*WnHn%R?o5W8n$@;Uko#Dne@i8xNZ`nq^tnaA=3T(48e91woNZIdsjY>qyJ;9eZNVpURS%j0efUQiXS} zH^!Ix4$nJMz!f7e?-f|;Jie34Su(GFNpJ)h|3Na#uYo$2`Og)zhM)3BRB3spBM-5| z`a$Df`thdAp`~Q3B=%Ab@bEsIf}h(C=Q`4z1CIhpkTg$o%ht_aUD#*2kqZ0?i+t2q zSvU>P;IWMI1WpiWSG~@tx~$R3Ft)wE_O1oXQP;^p3I&d5*>za1=k2`wu+qI_TT_I) z%uuRo>b)v{83Lb8f?IFHIVTv(` zFrY!CNjcqx6g?VCm@HRb0d_*5Bq%A9jwFj=!{dfC1F5#?o9-XTl#yTyk8I5fV$kqE`QW9cLp=J#C?m9n<%7=h+@( zCWw%!=Ood9%~WJ{p(qGB0<-aJ(+zvked>;#hK%M=vhCu?&kH!7b0pH2`Oa)k`@%>7e zFG|dq80c1CD{nTgqx&O7A*p7m%UfU3g(ffb^!Ks|_^uELIkei+{Y^SE!gC0C@yi-5 zriaJ}?vI;&#<}j(QhNXpF8shJmJeN1X7!R?(*sVP)kI4wbL8-a!r5YdW|j)A5#M)b zoAJE=i?4Ht(nJZeaOst8+qP}}#V)(cwr$(CZQHhO+n(OcZqDp-pBWK(BJTa7#&k*J zvi)(%Di#AkmZb#6Z!eH}zW+H^=-+pwr;j47o~}sfxQ=FQ6zp2CtyguG9U<@aNLJCJ zm`uCRZAMNeaCf{zL{v$HX@LUXn3K~uc4N4q!z5j8=j0#ETcx+sRzc~M#Z513{RdC( zjX&kRo5I*q|372Bw6KA1(gzfc(RIhN*qS<5|8zMDz05xyllTsFJTJUF-s35qCB*!; z-nY=S#$qj%)F_xztKY=2cj%Dv5=#+XW79}Ad{zT=(=h&R;Cgk^;ve(@_^l+uo+!!BQ6eJ{pGosO`lC+OT=7`D7|yVa~J*M^&RWA+#o13zihr;vmI{W7^RzY_SJP zU%eFtq_s|o-j+PSHV)!C0k=v!-LvLU9;gs?C9GLZ1oj{`6>!>`$Jj&ommtf4{I%x5 z-1GX#h1$tLQcE4pVG*^Sh}GObUj`FUKF+ZZ-Z!nnG)EkAG)BG?3{B_~W}8}+`kOMz z@jkc4o36B~#`)23zpTH+W7Qo2n9o44!xt-C*va@x(#y9a5gZ*s5tk=mpREz0E3!}3 za_}eWVhBFDq~l1J8Mt5i!Ks42btk}&ZzGz4Us8W{u;%#x!|g;g16CDgbVp-fMI+Dv zD`g4N{V;)3V}%d8rgeHb`%I)-kTumnR^w~mb$RDn31A7FK6cxEqdk?dnrRSAbW_zMVS*TkKU}rV6$BeRKO?;52n2;CU z=l3M}Sbn81oA+g@dk%&n62QtYCyq`hyFCVb|3tt+=s-TUb_mK$)O@N*?)^E)ae<2; zj}+cd=m|ft_nXu`S%YJvZR_rknX{taTiCJfo@N;03=VEC0LEiT5oimo(YKuXCHA;?>nGne^hki4vTEm8B|jTglP;ZIVIVtWtCc=vEf!x;P@lpf>J!%K8Revhh4F3lq>qhYXSD z6-c|hlvrbM>N->cuD`OO0PdYTAyiW@H=9X9;=lX|<|(w?qz`%wChj=bS_2VAG>y}7 zLo^Y<6e=b`@6k+u4E@R`)i=0WCV}4L9h3Y zuYH>l3e&gNWw4@EvFa{3%iOOIza~u-Nsf?))ToGY?9VWO4uCE#?IHiL|rpr@u z+bK@)wp6H=-WPOu$l&s&p{?;8#O40(s^8QKk4j*SFS;zWWOd8;^~qmkN4qX}@cNK= z%nB~4fget-jlLCtB3>^>MC%8xCL3{5doZT%D!cA4JGwIK{|9f>W3`U@v74VhXO1;w zEMzXqy3_8^*yHuxMpaIKf+5HMpGlI51qGn(2IWgPO&mGPWwg;CzW4b+eE)-PXHEzT zDUMUUc0e0XOM!YiZ3MPB7vhG&7kwi&!O$DBpocmw=c)JNlkY;NSRjb9;}BSp0d2^+ zJ{p-cuK;~gq7k&6^9-E>^7M|zZ13I>tA0R^^+{EWPIRt2Ep(#~FGW#A2!bq= z3NE9`qYn~P&uLU!EIn+_dWwJh=DQc_R|fh7NZY+tAiI*EKle?Cz5a`14ztDIx^Q_R zh}0*;2|+9;N)1&q$5W&sR+}6GRd^^AYB(B?cglw8_^(xtn^(irX{|w}_buqS zP6{}sBt5!^8e(5-ncom~?qIjK38kBLQk(rBU94V$FPI=wVS=kGzQ4HY`0K>~A-g8d zlU3cqF_QC2E{4Sor4FPw%mlcscIUB;#F?eT;cxRB|vmL>Wk1Q3J>URiuUBXdcm|hO< zgVOl^G+afNmZCdFASJ|64RokMKf&Om5?WOL;dZmCk8s{hOr%~~F>i$gJN&WLXy8vC zgB+>Gf+B;6w#NC}!p)NewdY{}a`W~v%)&I$HpFTrxwp7L`(#w+fMaG{wM1<|{b+s# zN0V@^WsTMw&8UbMdI|%a8CpLPnjso8w~G5aHQJ&HvyuKcQK9V(%#JJC?2~V0z@9S^U+?Xuu-L7+Jnlb`Hr#ot?=Ke`$QQ-i265n2H-8}f%Yu|b zy-O5T;(%>DZjcd`CG47-*gKu>4}X{tXjhIv;y;q_Hc6AEL^$YuarJs%(0_(%`xI2Q z>0G_2Y6BC_Q6@*NzQODyn-49(a)qQ`MXHI)DNQIjaEH6*DdZtYO*kID7jFAQwHS3O zk%`hv-^t{#UiHG(qEAO2#B!yN3Lu{Mrv?^{Wwwxh_bim*TiUT$xltR^^*l{d=^^-FyrptkC{D`hqShhGIA3J7BJo;7%b~ZV zzyFZjFe=nc5{SNy#@L5}bxv*vFm2nJEt$0x>e#H}}Jbn4SI#c573PQPgD$f3+2 z6Of;tiW8rIlV&Z|qlQ0ra>?bybY^&Tw{0s<;I0kFN$4enY4ogljqH5XZxW(D=)Y9u ziqyXd?VAeO(QDxRixBgZuVe&2qNU{EwU2jtqvTKJIZlAb@G@0V&!$PWBXr@ z^5|G^%fK^Np#Ox+PAc6FaXq@J9L*OzaCO0O26&9ua|Yl55SWqEjOuc9^(eypb3BtQ z+Bdfq=>QbU3v=AaeGD8g&yNv~fk;Vf``>=RO|Z7uEKe2Cebk~ry+=)FtbglreB8Ez z2}T;5GZwDp%}(r2nAprDCvV@BbNax$+H)~tr4yI8UPT=^0s^>Dn!7JphYk;C1~p z>Owm%Lp6F$afxNN8_zep&I9vJs;o+TzE$ciQA!j) zY3q4Et^>x|7@+q<8JAcSy`WT_)w`*2UGb;ThN6z?J}`5WNFZ^Wcya!gb&Q0GZ+ul^ z!ay!kT}Jp^XC%Od+_m-fyM8`56Bd#%Ez@KEn!_{ceCm;3k1T(}%0ScD#QcxS(TM&I zIJ+FPZBR#AU_OsEhGhe(D^!jO21$gE^AJl4>GF*V!2a_&v$ADHggt7=T%{JNH`Q1&b@ z&BTPQv!y8&@{}bhLP9%l73&aW^DGuh928n zNpX+H-u1bVJ5lHG==YO6uZz z$@nv&eRmiPf;r<;@!|fO>{Wg~a7>7!2QIg*pUpeF;^B)pDSI$Eg~nWU*Duw&;(Y)f z;~4$4s!T&Iz6bQqIJot#qV^qkb%v+@ zy1{CSh!p^wa6>XCO9;BN8kjjigc%PjOMS7PflM$}}Gwt}&hYA}rozYr+cw`*bO8&7Zm2*e`f?ls4Z8HLmRA^ z184|Y{<%KxQ`WL6%PF0-5JdnV%lDR$Y<79X$JS!qdnQ?)8!Ymfu8uQohJQbF2ye=V zpLX1w?BRdr`Z?0*q<;4hQgSuOyTS6FQakkwcg*a>8qlWDGhF6(^{CUNPR=34PYK+t z=x>i2#@gC<;6hDie||O{xYj&Yhu#1Li@9#jSLqUil?fY^?TcZpH(NbB)XnTXd8EYH zR*4Q=@6XvoQ#)APKAt^~vde|HVm$e^MrULQliu;a<`|3n$N4%P6A(x#2sY>F`L!e4 ze$k}DluI9VmkO`#kuozLFbL_Fb(Gl~ug}r^;T2!M7Mi;a5s_gWQ8Vf)qdcF3-^Eog zg6iMT*TMYp=RfaSR4u@ujDM!W`a6opJdI*q7!4(5O+NR_v zMUCW~doU9jHBefp*NrF5G!Kc_|C^G~H3K4Td;cSzABtn;HI9}4K~{b>{k?@fq^oU$ zg2XxU`ZOD9<0BX4{|UrxSJ!*03}Q(3+8Bb?pSY7zGL`vmDgZPF@7yT}Jq|*OQeDY`?cFrbL}a?&yqYV_@Ga+I*%5L3gNwl8 zie6NO;xGv662!BZSCo|O+jMyV3ko{=hX1R0d2$-`XCqD&w#^YOV=JB|G%7VT2ggTB z=?Gij-#|_Vw$chWrUqXRvZT&>U~CXR>vgiq?`P7m$&LPyUzYm5li_mQFJ30_}yMz_BOJ2D6)Z_o0{+I<+f{V1$Z-8 z$B~7zG*mj1aUXZAhGDlzx+h<%VGV*CcRfoErQ@)-*ARGZC@TRVLm)}?k+)U6l*(fp z#idM@&s)xj7!sb= zo2J}B5=elai)GdF1fB0t4ugCoUJ8v+YRO=;;FeeVTO^#(L(XKNPVam&Tv#!^oCoSq z_I?PT`|FbiuC}1)HVF2w@(xm3)x#z!YW-bU;AAT~8}&p}sAqmqBS}mfeX7KN_HDgf zxe}AMW@zCOjrSvU<_|m5-*t2UDd|JQLhc)9M06_wFOM@oq0nBReo4%OkmAou$!0Mp zuB7|(K9NrWA}Yh{qRNbXziZmh4;F#f?hHpjgxu|_DrQ?H2IePmLM?G2wdFGT-=&ye z-$X6#+WE4$l*X8Zox2_94*h`yXmm^)a9`vZ!-)^w_K7M1Y*vxzV)` zLWS#d&)2?x?pk$jdHjcev10^-7;T;%sYCA7o1c|#`V`y)0@2o<={3$aiv&w^GZ@=SGP888B#L(3W>ddH3qhOQ(2aFl_ph`V~ zG6k(AbZ14CYho{@{}6Id*~5%Wd*lRexr~*{ z&kV|@!r^epUSnx~RQs@Wn*75ceYItTc>g`P32dbaaFwC>4IWvnD!(45IO2lRub_@r zWZCER*x&w;tV6_yv)rgemw<4+8jqn$ii8!67mMS*;MDnqwh`vEk_#%dWNex_!m?f+ zO(Yb+vax?&Cz0H0GE(@T)l{F2kASt}9*WD6vZ~Qi>it{?kuAN#U~VD&Ko6x8ed#x5 zP*);5c7`^X)@e?Rh`N3sqHJjYu>xQKPoDJjAw~|(dS=@LSZh*#W5$RZ|CSnk@Ie;j z&7qtTJ$n#?MQ?=kezASHH^jI-D&eWEGSP(rwB+8`6}X^zN2Ay0tuYbfT<>2WhkZ(TzcY`VXqT0LIzuP}rx85b{8 z*j4J2xX}p3b`j_{Xt_J_B*akB=;2-vpC$6}L65;S{o_MHO$jFy$lHS%?gm_!z-B7!jh7=pP%S@`YnSdnPBqcaR4>q?IJUh6Q< z`%2Qrh@%&qy;$HnsqLR*Ff0>`_hTk0M3&6w>Kig4gPV88dVZCeqGwqqF#U z^mn3OChQDR1BDVcq`^T^b%Xa$)gJ;neJv*v**aNrgo~5YCK-p~eMD*}@oFZv})cU_WSizQRofb+Rdr>;FIin^g#ou`$W zv^n0JY2%Hwh8+YZ*J8bPnXYHvI!~XA5_6ZC(mRu&Hi=9EYfA$_wp{>|x2VV0d*Yrre6w>wQsWAP zp1FXx_KKG4cSplXurQmc@xJJEHLpFM?DVLnz(T%CUeX0t& zI4G=jrHL4;*Hc;Nn3RsI0E;meWUo&=i4{_p?h%*8Mu*3VlxG6vmm%RWqGJN?wJE#L zK8qNx?R!wmWirSZB^-kU`=1fPQ?69y0KdhEsq@%5JuYPysrvmskR5!V=87iCre*`9 zdcUv(h3Uoce4mbu{MwAi5M@<4|HSmap?`-_Ps%34onSr5ai1qek*A%V07)a;0#F;*vTwImM=i#l_9}qX8jB* z?jN-poRJ`yI7nn*VI>Uy3J(f?6AA2){4!)VuU?j$u5Kxz9Kd_0E(tUpD@adK-NbFk z_3y{czq&aJHGZ-b|q3t-Jhh~LsOC@o4^|7k91CbGLg_;H*YJL?MHS%L*mNL4e zrxF-D&#SSa-O5d;XcjH-7+{EqZYP#FhLCSYxT(Bj-OtP}mwpH#-NsA1-xmP29Fm$M zh3qge8|3RH1QnNbRthg8)V}{az}*cs6l!4Mf#SkyY)p4 zUloshCAmFSB|gek$kAjcj2a-@)cZ6-9eJt-9qEyF{}p4eOHXyri2P2AhaWf9`V-wM zI=&z$Bq)eq&Wgg>=5>qbpaU|0n(jT(o6}4oCfqwa((k(UvDOeeAYfu-TP=d6+D6`AG@7KRto?g@ z3%=q=7Z$&Z`|e~<<5Mj9&rBxty4*Tk{xG6;s;RbW2B*F^_hvC%vf?`s?Ry!_d~b@;PM*{3b3}$pMxs~ zchrfsz{HLZHqCm)L4UklYx27#bJ&&Q;yJ9=3jDkTLz&MOb&meEl1aIvE^snotxp#m z!EOY$fb`KeC&v7E^#)pB-L4V6=Mo&4!&*+jzb8@&^MQs-x)u{*{Ae+l$2ysaWtN!q2P`I|v4cMSE* z__P53bw-xV@YF=8>m%Zdm8M}QvGo>Mm^C7Ej*|Sv>;5+RDG%jdQKr`HA)(tzKm)!q z6vMvgn&4(;RPc6sbhavZ7d32iym(0+CJEx~ z&@t8GMW}>o^BOhA&a5b$_NP@s$YtKKYFh@7VTYxpz}k4HJ*Pdbu?%^jI=s~~1pmt1 z3tAQ672F2%=HKs#*hwQ8ws$W}QWW1#19p!8^z<*DNLHe9A1dr>^#X8<2ZJ4He%S;g z)a$LsjU~FqJ9^Et!-((Mu+}nGc2xgKjmFVLj7X>W5Z}jXAZ4dy03i1!6;0=nj`EYs z$Uj8u-@-pjEwR*tgHcN5baKZkD~c8V79CgT4P3`VR~|zW+=rdIbi?HR@YEB$-kG{m z>A|xeL3bGl<0o@4nK$LF&l|eT4s{09azn=EaG6tKUs}M(NwmOTve8}{+(HkZH#1v< zTZjn%(&_%x{=Qp|=kxD0QYab}e9qo?uHlgBoj@6Vvl2(tL_p_@Qp#Q z=+E&9R;|o)mfrnUHvGyFX~5Cq(=JTLW-*R^}u&b8yf|qxNqx;bn68Vy`sA zVkNUp>RIgH{Qn*#wLyH*Jj#>~&?u72ZF@Cw-i-`eaDu4)r4}1Z8Wl>q8rZOcw|EZz zvkHZY6MYcHUO2sM<*5lBrED2q_s%h~(1&Mqm(;Lf$trn=fMg@plR^8r|AfAG4|#IC z&0i1!XkD9ESsD)R8bg{48z>!usdgt^^xUjxt9Dlr1$tm?5PuvBkri1o8s8}VXH*1E z|I2e-CupEFY3dHLd*bFG~;?Pk=eGq+UvljiZUlF)Wd$7Ea*l$_+gfY5bcpYU1M@f%vZI zY|d~k-uDx8Cm0x*^AFIBk(8rl>d}t{+lwind9=2RxXEROvUvbNLGG4h=a+9RC zR}vFe=>hHUqGzijpN}fImuUI4rnj6cMZu1Bz`mIIFnol&KKX}ex}6coeWMUM@lkSu zXLeuT$h>zP{JoAJ;KNfudc&V(%PyNAJrf|j6e`Fe1hEp=U9y)?b#{MlG@6{Z*ht|g z`8|m-JqG~wX1L&9AP+U~`N*4o35nO;BIljze`3zhs8}qvLXhDx*gEjO*fbEjJv%}3 zLG@=b1JWILapOu}{%!ezfk6L~urX_hp(4qSM~I-asApN%nD{f4vaFOomFE3i>fNRjjG+#L0`Bpflm^-D>8 zGh~$_v83i%cyXTRR#H}-B>-_P5*CdIJ=JACd=-DGd*Dhne=xzTQw=6C1+~6Cs59)%`JE%A|+)izCUmeTezN0Ejvb;H{vynm>zu}buKO$X;0|QhaYfwAQk687T0<}K;#nQec{-za z>N>Mj)8$QX-cFqH{JJy@Y-k7_xNCN)Cb^(UuTX6e+8CjH>M1OM+_99WHM#*CIkmqt z0%KcK{W75#3vFk#nK4mUi9C&SL9p;mI*LCZCuv) z>Z#YW61RHrUx>mBJbv`n!0{}!h4{^yH0qp{!M1aOcD@R0Y!+(PgdxtP8+N{vC-7d9 zmRGl8%d0#4q#Y*hwr_S#+9?DU2EBZ5s>BLkm(DlC=};(bA5ErsPm7wI?OEf&a48qR~||#Sk1Yz)*(^R>phl%)z;4%CoE5WW9ox9scTQ zep$--{g*3Dz1uD^9jm5U-WmU`C_ie*#8tYMtH`yO2LyiyM}yssJTDq~KiA;%ibEmU zxkEOrxZtU7qMpN=Ooa0(*CO6F#8AsFkVgsCJkv1Fez(Zud7Z>!Cre zWWqu#kjTpMQj7Dea7n4JzO#hL`{mIq`Qz~Y`C5%70>0-5Z#?b4daZBpvYzCtSgTeI zS3#=O7Dzo?&cZSJqVQ0^@4vbf!CAGjII^;TX{B4q$X?(776IgA+Hv_l5LWp|X#4WB zTnDxMTp$3oV#+z;3h0b4t7pPrr4t76Wp`J{=j}q~!(dl} z^&3K+m8yUJ_ zNbx`za*PkRy6z$psbc;q{HTY~^YIE-{65R~^5g-G>F~=4U3oNJ-?e+=%PnmG-p<9) zxcqhbQHVC|wM#jD$%V5qWAkmhn-!V#ZJWZ4Ust zk!$+Tb8Pv6Gs;Z`(>;yjoa@C7E;n=?eNw8ZCc#7i;Yy^zs|GC#I9KnG@1C|s#gsTt z6rD2*!kf_x-5l~Bjc?r&FR(z&4NZ20pW${B%o!P|jZSRR<{4B*aj_H}s*$Hh+ zPhe{|`ec2TqE}2JUaHUe3V%3uQT5LOyPM3A>N4e;{ewc3OzC+N8*M#@5D?MIL;R`q z^3)?c_qm?em0z3dvXaI+!0qThQgtB1U~|3->Cc;wy-O*)kWkTNh2)(q&t2w}DZ}-r z;aa<1C)K=MbR_P!GyXV6KBTeW~7)7V})7hT(CC8PoboymLn&-1?Q!;}PYSr&Mq@MOh>+idl3 z*-{>qc+|64PA8pqy>XmcZ0J;l6JlTIPI`=He$LT7sh#{}a4P@+m&FGyzBk8BcJJP? zYlfjCaEq1-o?2Tba{YNQzxrIQsXpiFT%of(mn$hzdgdnxL4V5cUAeqJ!ET&_wPoMh zxRX&MO+d`6=r3Z!V)rhs@y&1>B~Dw0muDIY)RAK9Ns$(&Jqt%X)uQG)hS&yCxhr2| zvf6%RXcOHr{xI$O1N8nbw1j=ifI>pka28FnWnceyxa9?o6*O~e(P4`(!g5+F<6NKV zOy)FjYMC(fqedEYB;ywi6FSlo-lL(5#a_VJH-}^%BY5&`slhr<3_O)xHtL*Bp9!2T zz@FGWft+9`AY~0@rhGWw8?hU{qIgSr^0^dp!1_5!?-%=*&(KTup|ZvaH?=BN{8r|5 z#MAM(%&q#(GZXM0K&GA8f)l;90l7Fq&MxJ1>>$w4;&%p3*H@% z_~$6zCR?90mi9lBr99l?uS{w#UH9bIbuUfs5O3;Q0s8goQ}OG5XO{&h@zP@9m&X}=sP8N` z;n&OAAr2dlQ}U^ovf(V|{?8Ucga^mLG{2KDY6hUC+xfMQ zz{1Y_52@T?)he@uVX0wfS3zg9rRi4sW>Wn8^_or`#}9uGMsnp>k=H?=-Njt+x_Rkk zsAQb2NmVYKW58=)d%Iy?un(0BO8UKvIL&r78bFX@koydsY^Y6dZaqGIOxxi0 z8}GJrjp$8_#EK+Tksba(@hd!Yq+M8g4JkmC;(CD;fUiBdxbfB{WCODLR(Gu2;(S~6 zzmHq(&=#{ljtk9{xNX^AgKq6>lLB97n|(Y!AvCFJTBwfh@r%B@$QuLws6)?SF>9ze z<0rJQXIy&Uz%Pz<>!-flOtqEeCXK>Oj6@oQNaOLlg=N~e_agPldz8}SQ)sH9+j0W# ze-!mJltK=ES~<8H#SfsZ2~o!}>3sWk2|~H(WZb2AT zwT;+qwU`(ao4ZBLydNz1hcL*9KYHsT%ZKwUuNJjlS`%=^Ss~&dsZ-Lw$TTPIF7MQz zCVYshF%H05v+b}Lw{7`eVtk$%H=}v)G5$wB8*#gWc`PRHfmrys9mSR7X_;K6r5H^H z8UnZ5X2koPM@bPOz7KMiQcZ&Gexwogo{m;i7mJ+f!mZu;BFCp)!DR*+WrwyYSoWr< z>EppeHf)810=l{vlvema`Xp>@cYK<|Obd(~Crfm%|AXF-zdLV^m(ZQc&7)2Q(Jz?e zW(O?XoDMcZQ7VOOV~hNKLL9NSQY{h%<{7pCxd(O=*(L)5<%S_sHVx9;o1S|oxU_|e z2}BcP$L+IFE|HnKQ+~TA*&ezU3;k+3E7#cpBE_x*ROWdxgmurxo$=>nB0{kKYH)=H zJGMfoZQz%C@a(kvM5LTq|Ct}qs`(ggHRc6Q$TastLzucF2&uY+Z#9qaN5x|02B<6z zGyMru%BRbs?6(F-oIAv@ZcHV_IsZ0$xm?N#WBf!ruU~z);u09 zv;%HOnO!#wi^@SMM^@5zQrQsni?1)%9-%~$VSM8Ik6hmPxtQ{z+GFTh4Ul|;euMcJ z3peLs<`CAKM_z~*nUE=2rEJpF;b5L&$GZ96%Gx^kD5Gz5h4N1lO(A-G?uG@eVfuX% z{udGjGi)#ofFT`J&`iTtCU#GTt>ZR3#DL*L=8iB;5u+Y`(I$A%a4@94PVLnmrBsku5gMz+b#{+jj^#gOuG)haLn^&D zPdU65enD!TSEHRNJU^=$W!J&D_l&tU%BdU~g$7n|f_`pOVmj5gj@@lRi#qc+NruEP z74@Q}k;MOL!1y|_I?sOCH>VmZ$PQHld%s_wM)EgTT;Q=R;(Et$W;0-Zb}?G$gB);Q z!DS@41Z=-x$VJ^##mtX5S2ZEPG)qV;1`_L8jD6DZSczbW>NqGzl%^Qioi(N`vv+@{ zWOIxYLw%O(k137l?8l#N)|>-hg3hFaSd4=w-V6_^~kl-gSf^rY=Gd9acxK_YndWWkBj{ zZF)7DNDlXD4X*#KY;vZ{-VblBp^*n+L`?DRk;TOM3XKjj-~nm3GQkE#+Hj)N*9m6- zua&JyYmYZ}RnUL{B);^%rSo!5xB`^(L2k3-b=(uug!Qo0zIks!eqI5tR^H*w;A2Gi1eV{v5#I-gV4=W@Bn#%a= z&V35#iLokE7*|zg?yTcM{fIDw>H!LZS??uK^0;mrqZ;6X%l=8&VZ2o0%^_8Z-oa-Y zT9FIXll&AA+!4mU)3MVtWx&7Qy(v;hg z#Ao7O!i-ao$Up6ZOL()Bu${7EE&%u3SaI3M%uQlAl}b=uq%YS*bWoW4+v{N&^|{o^ z=2eH*PL`*Z^{GZ~8qdH)o);iVE2@Jx#n1401(_!;W_1&$lE*ATXF8>&_Sf*#=KCn{bG=VyM*@}jfXmbSmlJa@^ClpJwy0-5Fzji$zT>|1=Q z)uQ{hyo1vL>(#8cZ+!}Be_sO9K!x*Q=_N!~M@Y`QH0SW6s*qlA);ebqY9K`94;2(+ zip}wgRRy6IK-E=3!+UJMN8EIqhaK%bzD!(K;h5QwtN858bI)$hfgz)a|Rsdw=>?C zYR~IRXc^nm`RbZ^mitAze`uwXlq&r)rFca(Xq2gf`IL1ySyV?^hrE#PjZaLLH<8&j zMb%)_2nwYhfd70w7QX^-n9~SR1J0m@W@`&$^6au(buW3!ksxuzy!9G1Q{GiZO3_{T&Cq0b;XVxS2xOGqBnHzGlrt znDMNO=>7OtW{jsSgJ^7xC6q>NlIPR(^r&a!D^r-JdNg!(SEV9oq%pyCm+#UdbGe~S z(=%0IKYfv;wD|(^CFcn)*{KjQk_W{xIXSJYWj4=t(gRhIL)ExMC2`1m+2?xTD8ZJ= zo4!ACLL||)l5=G~tMU3DO_v^ZInUEwbB>zaQAs$ixQFsv2?UAWR&0u8Z_M^?=KGD! zLaih1%bcP;OzDonBbjYWd8^eI*gCHD?}NvV+ba89k_zYC%Tps4+6_0k-#ARktZo#B zIZ7`#CoddMGpqey@u<3e&OhLRaM;#+%o<_OU1rl3M&tC=Jey}T57t$z!+do! zo(%&LNxyc5`XB4Ri(-?x0h66POue(?KZgvtl0DLRaGJ=R>3XErevv%_z>fW)X(DLP z<2XBAB;nqX1J3&&D#NyQIK*68pGmP6yj0K`7U=h%9oAyw#IO^D6UeM>3u#ua5(C2VG(V`jqi*ih_*?`*Eisn37Y|hnv zP%LfPRrl={ef3EfC~=uIaHxA`s#j1Eb^<#(^d zmKXC5ytFIEfTVSD?aJaUZ1zT?qjbNau36Cz+oPIWT#!G}oTe1%hQu@(>2D1I=^-oA zf8ECu7abK)Vmd_<9osG&797^@AoM9)+Ws?9D zXP;9HLs7|Y@d~OG6K2)Sft%$qa7o+djNS$xNRYDppS8Pl%PZH%RRxDEs8tq>v<8)9 zzop&~#v>@#$F?@q@$H7g8e?zru{BPb{MK;#!CbL{)EUC?LJ?co@R`)Ior+{)g3N=k z-s7P%rm>xLc*m~Q?v=QF=&NRngUNT56x|m$vfQ7QWceWPPr=g)j$Ff(Fq;f#kQ&?E z=_l1~gG2;I+A*9Zt$yOGE5fo8#uutqIpwi^_%hUDc!}n2)E}G!yUa54hg*v&w9)BXDZrv@(m|-J z8{tKgt>Hw&xfQ!rn^ATMc*DE9VHfO&2oD2Jrt!?oE;E?`LLX`ACibpF&PE+lOzaLB zDUBk7ijTL+|Chtq^7y-Ux za_h-HNipRi8Co+z06rUYzYVC{e4f$~PFP@D;niU5OaqoN-Y@)0G_QX*g|)GlSYpCB zry_Sb6Pq|X-?D?>su0>gGiThlV$r)uRvVOk>`Q_RYy6u|E7?nDMe&p<2W0EPeDjb^ z2@1VTGcs_b=B>&{p9zm0?TR_yj?tibiMi3lXLD<#$&1S1718AL__uo zLcQ8x-%0L{c1d*Ix1LY7hx1!z*B9t;;LXnD`V8Xif&nir+V)S7p)*Zr*&a}QxR+Mj z%xK!fboaAc_?eL;+#oR#6t^ zglEz*>2yr+m~qnqs{8mvRk+i#$54XkDqyk{eQ_$VkeFC^?x89#kc3?G!h)QBM`t!F z)kV903GjM#Q@ZAOGX1-K3-cutd8ATZ-7Rn`$39Q#ufY|?Q!wL>CT z&hfkA936=S1`9iT_OUq2IZMDj-JmP$SP9zeg3*fa^B9tUF0Vf0FsmMSmLzb?M%G!f;{T6boq^xw48u#mE76hjW%K2&HfbK_y? zV>sz33nR+aF(?#AjDJ7?Wu`liv_28&E|ePqdBtUjs@hwOKQrSv$_ghWkpu--w2A5M z&U?a79B;qlZKg9fj{?c#90EN6?Yqw8R!|4pyY4(q^IsU|i>c_dx@87aMk{#DHN^#V zFlT2i&kWh0=K0R;@hSbW{$sx_g8;={lnEShs&J~xMK95XChV(0+)57)oeyW9; z;$fWO#O^gewH}6EebYTB1O_@KoSim6iGFZ?Soa9xc59VJrG-l4D0(&>^;wN*eQRGG zv5;5)8M>+B=gYOH{J6-tKi-Uc?>_g#Db5n0`$U7245~kkn|uE>O$gBqZhUYa(dt zcl&van6VVyDM>IrBrbRez~bt3)xJBy-Tky8$5yXT)XK1EMZv9{%6pN>wldtzm19rW zZj$NikOmJx{zw?Vs&MqF6ZyNx?29{4Dvxt3zaY?Fj%Ui=PcYW^$>UqD0?(`2;lSp6 zT{N3~uGP!)DB>$MfHKD7^@%)7uZGf>XqFFA-=VbB1;wv!-hz)9efpme%Q_lu71xr8 zuD@N(n3NidAd%)-zIgmaVZq6DN>_rXCr35_o{l$-H^XS=fY)G6M6mdYjc($Da5ZJc zyZ~$UG87H8$2IpB3=8!>5BKa~o}(H5{8HGBSRQ1|jfG#pMj7XHj#+O2U>a)M@`OBF$=mJpKG`~`YttN`Ps z7j;uc2BYf1H!1}6$ba{Q`qJ64(!a zl&$7%U?iG>eKvVxr~L|##qLN8~?)pFRNxe6KO+A90(|1>i=Wa5d7ajssD42 zg_Y8@%_bvk&m|S4UMQz-fOA^yv>zH~2uL@B0;(n%b^QOVO=J1Vd36)s{t@x@>-q6_ zVw$?OK%g5KCn*N{Y0hr-jh?9w*~yQvA455oc5Vz|IzBC_?g`< z!RBAX7aOUxuVv(TGNJSd+v=Hjl0wa=-dw!PrB=>zeoCkDuM}@_E6)u-KQm4HzTxNB zA3TmW0@YV8t@E+_dgGo^&t}QJDo(nLVh`BP3LT$hxZk@<`n85nq|iqB|602g1MMW$ z_bgX3xpY4x{pK{T2SzDhzq{M^F*aNd5q4<5`!>RQ^%JeddWxI&dCgC&3tfKY|+;pIzmsL{VBiGRI&1F!TIG| z@?@^9eq8m{GoJt7X+yTl-U{Wn(t2t){M_^QWtH0M-+Wef^*b8eIT>T;WrhnB+WSOn z?>{P|-0?mmY=7YnWv19k97ks9T3_LQJkN6D{|CU~^_3CTr`8`{XIua3>DjfSM>Qu; zmSETW{@ETD(`mZD3Z?)LrVIt1OoaPXA{Fd0jpyct5MXrM2<&;TDfUM%zOhRoRXq=Q zg=1q}(Z{8>rW`y|Z|!hV)pNe2*W>g)ZbF$zU|-Wbo`Upm>1k{1!x^bgx<1?lD%--%zJ6t{gWOJ6% zdB(Z+D-YWhXzom~w0kE%_okY$+mUHy(By+8VkK4#|1o)EQp%(zuo>T!32 z9S3LT#otqR=*nwZq)N3h{Ga|P%28-R)AmEG<fK&*gd=#s`5pjB85P0mQnOHTzJ zVTW>m4$N4POSEz)#(-!T0F_@5Ai(g}F$Q=p7Zzhv5=#=}i%W`96LXO-$by6bNH@Bv zpu@irrY<6ED$vQqnXHLo@*CnzPD}>|J#pq6pqOt1ya<#)cz|3EF&|d|!IDVt%6XSQ z0Yk+Gc%Yay+!_XkEsc}Ou%OH5ai470#O{IAVpP&pxspqa|gCG2fBI> z0zhf*v?5XNz`TeLwWLM9v<`F?9}H}1lu;tZ0$dmK!8`*`GWK)Q(XBu}p%ZjiE(|PbykU#e z3S39$q8pCfr9yRots^1BaUA)HZUu5%9?`Y|p5WQ2*@4vxqOuHf%Ma8KfPp2A!d+NR X#g|1`fo(Si1}Px41lCg4Js=(ce0uy` diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/LICENSE.txt b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/LICENSE.txt deleted file mode 100644 index 809108b857f..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/LICENSE.txt +++ /dev/null @@ -1,93 +0,0 @@ -Elastic License 2.0 - -URL: https://www.elastic.co/licensing/elastic-license - -## Acceptance - -By using the software, you agree to all of the terms and conditions below. - -## Copyright License - -The licensor grants you a non-exclusive, royalty-free, worldwide, -non-sublicensable, non-transferable license to use, copy, distribute, make -available, and prepare derivative works of the software, in each case subject to -the limitations and conditions below. - -## Limitations - -You may not provide the software to third parties as a hosted or managed -service, where the service provides users with access to any substantial set of -the features or functionality of the software. - -You may not move, change, disable, or circumvent the license key functionality -in the software, and you may not remove or obscure any functionality in the -software that is protected by the license key. - -You may not alter, remove, or obscure any licensing, copyright, or other notices -of the licensor in the software. Any use of the licensor’s trademarks is subject -to applicable law. - -## Patents - -The licensor grants you a license, under any patent claims the licensor can -license, or becomes able to license, to make, have made, use, sell, offer for -sale, import and have imported the software, in each case subject to the -limitations and conditions in this license. This license does not cover any -patent claims that you cause to be infringed by modifications or additions to -the software. If you or your company make any written claim that the software -infringes or contributes to infringement of any patent, your patent license for -the software granted under these terms ends immediately. If your company makes -such a claim, your patent license ends immediately for work on behalf of your -company. - -## Notices - -You must ensure that anyone who gets a copy of any part of the software from you -also gets a copy of these terms. - -If you modify the software, you must include in any modified copies of the -software prominent notices stating that you have modified the software. - -## No Other Rights - -These terms do not imply any licenses other than those expressly granted in -these terms. - -## Termination - -If you use the software in violation of these terms, such use is not licensed, -and your licenses will automatically terminate. If the licensor provides you -with a notice of your violation, and you cease all violation of this license no -later than 30 days after you receive that notice, your licenses will be -reinstated retroactively. However, if you violate these terms after such -reinstatement, any additional violation of these terms will cause your licenses -to terminate automatically and permanently. - -## No Liability - -*As far as the law allows, the software comes as is, without any warranty or -condition, and the licensor will not be liable to you for any damages arising -out of these terms or the use or nature of the software, under any kind of -legal claim.* - -## Definitions - -The **licensor** is the entity offering these terms, and the **software** is the -software the licensor makes available under these terms, including any portion -of it. - -**you** refers to the individual or entity agreeing to these terms. - -**your company** is any legal entity, sole proprietorship, or other kind of -organization that you work for, plus all organizations that have control over, -are under the control of, or are under common control with that -organization. **control** means ownership of substantially all the assets of an -entity, or the power to direct its management and policies by vote, contract, or -otherwise. Control can be direct or indirect. - -**your licenses** are all the licenses granted to you for the software under -these terms. - -**use** means anything you do with the software requiring one of your licenses. - -**trademark** means trademarks, service marks, and similar rights. diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/changelog.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/changelog.yml deleted file mode 100644 index bb0320a5243..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/changelog.yml +++ /dev/null @@ -1,6 +0,0 @@ -# newer versions go on top -- version: "0.0.1" - changes: - - description: Initial draft of the package - type: enhancement - link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/agent/stream/udp.yml.hbs b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/agent/stream/udp.yml.hbs deleted file mode 100644 index 40a1ef99b8c..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/agent/stream/udp.yml.hbs +++ /dev/null @@ -1,33 +0,0 @@ -host: {{listen_address}}:{{listen_port}} -{{#if max_message_size}} -max_message_size: {{max_message_size}} -{{/if}} -{{#if timeout}} -timeout: {{timeout}} -{{/if}} -{{#if keep_null}} -keep_null: {{keep_null}} -{{/if}} -{{#if tags.length}} -tags: -{{#each tags as |tag|}} -- {{tag}} -{{/each}} -{{#if preserve_original_event}} -- preserve_original_event -{{/if}} -{{else}} -{{#if preserve_original_event}} -tags: -- preserve_original_event -{{/if}} -{{/if}} - -{{#contains "forwarded" tags}} -publisher_pipeline.disable_host: true -{{/contains}} - -{{#if processors}} -processors: -{{processors}} -{{/if}} \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml deleted file mode 100644 index e4e79e5c2de..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ /dev/null @@ -1,235 +0,0 @@ ---- -description: Pipeline for parsing EfficientIP DDI logs. -processors: - - rename: - field: message - target_field: event.original - ignore_missing: true - if: ctx.event?.original == null - - set: - field: ecs.version - value: '8.11.0' - - grok: - field: event.original - patterns: - - "^<%{NUMBER:log.syslog.priority:long}>(?:%{SYSLOGTIMESTAMP:event.created}|%{TIMESTAMP_ISO8601:event.created})\\s+%{DATA:host.name}\\s+%{DATA:efficient_ip.log.service_name}\\[?%{NUMBER:process.pid:long}?\\]?:\\s+%{GREEDYDATA:message}$" - - "^<%{NUMBER:log.syslog.priority:long}>(?:%{SYSLOGTIMESTAMP:event.created}|%{TIMESTAMP_ISO8601:event.created})\\s+%{DATA:host.name}\\s+%{GREEDYDATA:message}$" - - "^%{GREEDYDATA:message}$" - - rename: - field: _conf.tz_offset - target_field: event.timezone - if: ctx._conf?.tz_offset != null && ctx._conf.tz_offset != 'local' - ignore_missing: true - ignore_failure: true - - date: - field: event.created - tag: date_event_created_tz - timezone: '{{{event.timezone}}}' - if: ctx.event?.timezone != null && ctx.event.created != null - target_field: event.created - formats: - - MMM d HH:mm:ss - - MMM dd HH:mm:ss - - MMM d HH:mm:ss - - dd-MMM-yyyy HH:mm:ss.SSS - - ISO8601 - on_failure: - - remove: - field: event.created - ignore_missing: true - - append: - field: error.message - value: >- - Processor '{{{ _ingest.on_failure_processor_type }}}' - {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' - {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} - failed with message '{{{ _ingest.on_failure_message }}}' - - date: - field: event.created - tag: date_event_created_notz - if: ctx.event?.timezone == null && ctx.event?.created != null - target_field: event.created - formats: - - MMM d HH:mm:ss - - MMM dd HH:mm:ss - - MMM d HH:mm:ss - - dd-MMM-yyyy HH:mm:ss.SSS - - ISO8601 - on_failure: - - remove: - field: event.created - ignore_missing: true - - append: - field: error.message - value: >- - Processor '{{{ _ingest.on_failure_processor_type }}}' - {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' - {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} - failed with message '{{{ _ingest.on_failure_message }}}' - - set: - field: efficient_ip.log.type - value: 'DHCP' - if: ctx.efficient_ip?.log?.service_name == 'dhcpd' || ctx.efficient_ip?.log?.service_name == 'dhcpdv6' - - set: - field: efficient_ip.log.type - value: 'DNS' - if: ctx.efficient_ip?.log?.service_name == 'named' - - set: - field: efficient_ip.log.type - value: 'AUDIT' - if: ctx.efficient_ip?.log?.service_name == 'httpd' - - pipeline: - name: '{{ IngestPipeline "pipeline_dhcp" }}' - if: ctx.efficient_ip?.log?.type == 'DHCP' - - pipeline: - name: '{{ IngestPipeline "pipeline_dns" }}' - if: ctx.efficient_ip?.log?.type == 'DNS' - # Since logstash sets the @timestamp if not present, `override: true` is required to overwrite the value with event timestamp. - - set: - field: '@timestamp' - copy_from: event.created - if: ctx.event?.created != null - override: true - # If individual pipelines has timestamp, they should take priority. This makes @timestamp < event.created conforming to ECS. - - set: - field: '@timestamp' - copy_from: _tmp.timestamp - if: ctx._tmp?.timestamp != null - override: true - - convert: - field: _tmp.host.ip - if: ctx._tmp?.host?.ip != null && ctx._tmp.host.ip != '' - type: ip - ignore_missing: true - on_failure: - - remove: - field: _tmp.host.ip - ignore_missing: true - - append: - field: error.message - value: >- - Processor '{{{ _ingest.on_failure_processor_type }}}' - {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' - {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} - failed with message '{{{ _ingest.on_failure_message }}}' - - append: - field: related.ip - value: '{{{_tmp.host.ip}}}' - if: ctx._tmp?.host?.ip != null - allow_duplicates: false - ignore_failure: true - - convert: - field: _tmp.ip - if: ctx._tmp?.ip != null && ctx._tmp.ip != '' - type: ip - ignore_missing: true - on_failure: - - remove: - field: _tmp.ip - ignore_missing: true - - append: - field: error.message - value: >- - Processor '{{{ _ingest.on_failure_processor_type }}}' - {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' - {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} - failed with message '{{{ _ingest.on_failure_message }}}' - - append: - field: related.ip - value: '{{{_tmp.ip}}}' - if: ctx._tmp?.ip != null - allow_duplicates: false - ignore_failure: true - - append: - field: related.hosts - value: '{{{host.domain}}}' - if: ctx.host?.domain != null - allow_duplicates: false - ignore_failure: true - - append: - field: host.ip - value: '{{{_tmp.host.ip}}}' - if: ctx._tmp?.host?.ip != null - ignore_failure: true - - append: - field: host.ip - value: '{{{_tmp.ip}}}' - if: ctx._tmp?.ip != null - ignore_failure: true - - lowercase: - field: event.action - if: ctx.event?.action != null - ignore_failure: true - - geoip: - field: "client.ip" - target_field: "client.geo" - if: ctx.client?.geo == null && ctx.client?.ip != null - ignore_missing: true - - geoip: - database_file: GeoLite2-ASN.mmdb - field: client.ip - target_field: client.as - properties: - - asn - - organization_name - ignore_missing: true - if: ctx.client?.ip != null - - rename: - field: client.as.asn - target_field: client.as.number - ignore_missing: true - if: ctx.client?.as?.asn != null - - rename: - field: client.as.organization_name - target_field: client.as.organization.name - ignore_missing: true - if: ctx.client?.as?.organization_name != null - - dissect: - field: network.transport - pattern: "view %{}: %{network.transport}" - if: ctx.network?.transport instanceof String && ctx.network.transport.contains('view') - - lowercase: - field: network.transport - ignore_missing: true - - script: - description: Drops null/empty values recursively. - lang: painless - source: | - boolean drop(Object o) { - if (o == null || o == '') { - return true; - } else if (o instanceof Map) { - ((Map) o).values().removeIf(v -> drop(v)); - return (((Map) o).size() == 0); - } else if (o instanceof List) { - ((List) o).removeIf(v -> drop(v)); - return (((List) o).length == 0); - } - return false; - } - drop(ctx); - - remove: - field: message - ignore_missing: true - if: ctx.event?.original != null - - remove: - field: - - _conf - - _tmp - ignore_failure: true - ignore_missing: true -on_failure: - - append: - field: error.message - value: >- - Processor '{{{ _ingest.on_failure_processor_type }}}' - {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' - {{{/_ingest.on_failure_processor_tag}}}in pipeline {{{_ingest.pipeline}}} - failed with message '{{{ _ingest.on_failure_message }}}' - - set: - field: event.kind - value: pipeline_error - - append: - field: tags - value: preserve_original_event - allow_duplicates: false \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml deleted file mode 100644 index 282e00f64cd..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/elasticsearch/ingest_pipeline/pipeline_dns.yml +++ /dev/null @@ -1,169 +0,0 @@ ---- -description: Pipeline for parsing EfficientIP DNS logs. -processors: - - set: - field: network.protocol - value: dns - - grok: - field: message - patterns: - - "%{CLIENT}\\s*\\(%{GREEDYDATA}.\\)\\:\\s*%{NOTSPACE:efficient_ip.log.dns.category}\\: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type} \\(%{IP:server.ip}\\) -> %{WORD:dns.response_code}(\\s+%{GREEDYDATA:dns_answers_data})?" - - "%{CLIENT}\\s+(\\(%{GREEDYDATA}.\\))?\\s*%{NOTSPACE:efficient_ip.log.dns.category}\\: %{DATA:dns.question.name} %{DATA:dns.question.class} %{WORD:dns.question.type}\\s+\\(%{IP:server.ip}\\)$" - - "%{CLIENT}\\s+update '%{DATA:dns.question.name}/%{WORD:dns.question.class}' %{GREEDYDATA:efficient_ip.log.dns.category}" - pattern_definitions: - CLIENT: 'client (?:%{DATA} )?%{IP:client.ip}#%{NUMBER:client.port:long}:?' - VIEW: 'view %{DATA:efficient_ip.log.view}: ' - - date: - field: _tmp.timestamp - target_field: _tmp.timestamp - if: ctx._tmp?.timestamp != null && ctx.event?.timezone != null - tag: date_tmp_timestamp_tz - timezone: '{{{event.timezone}}}' - formats: - - dd-MMM-yyyy HH:mm:ss.SSS - - yyyy-MM-dd HH:mm:ss.SSS'Z' - on_failure: - - remove: - field: _tmp.timestamp - ignore_missing: true - - append: - field: error.message - value: >- - Processor '{{{ _ingest.on_failure_processor_type }}}' - {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' - {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' - - date: - field: _tmp.timestamp - target_field: _tmp.timestamp - tag: date_tmp_timestamp_notz - if: ctx._tmp?.timestamp != null && ctx.event?.timezone == null - formats: - - dd-MMM-yyyy HH:mm:ss.SSS - - yyyy-MM-dd HH:mm:ss.SSS'Z' - on_failure: - - remove: - field: _tmp.timestamp - ignore_missing: true - - append: - field: error.message - value: >- - Processor '{{{ _ingest.on_failure_processor_type }}}' - {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' - {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' - - script: - lang: painless - if: "ctx.dns_answers_data != null && ctx.dns_answers_data != ''" - description: "Parse DNS answer records" - source: | - def answers = new ArrayList(); - def text = ctx.dns_answers_data.trim(); - def validTypes = new HashSet(['A','AAAA','CNAME','SOA','SRV','PTR','MX','NS','TXT']); - // Split by spaces and walk tokens to find TTL TYPE boundaries - def tokens = text.splitOnToken(' '); - int i = 0; - while (i < tokens.length - 1) { - def tok = tokens[i]; - // Skip empty tokens from multiple spaces - if (tok.length() == 0) { i++; continue; } - // Check if token is a number (TTL) followed by a valid type - boolean isNum = true; - for (int c = 0; c < tok.length(); c++) { - if (!Character.isDigit(tok.charAt(c))) { isNum = false; break; } - } - if (!isNum) { i++; continue; } - // Find next non-empty token - int j = i + 1; - while (j < tokens.length && tokens[j].length() == 0) { j++; } - if (j >= tokens.length) break; - def typeStr = tokens[j]; - boolean isType = validTypes.contains(typeStr) || (typeStr.length() > 4 && typeStr.substring(0, 4).equals('TYPE')); - if (!isType) { i++; continue; } - // Collect data tokens until next TTL+TYPE pair or end - int dataStart = j + 1; - int dataEnd = dataStart; - while (dataEnd < tokens.length) { - def dt = tokens[dataEnd]; - if (dt.length() == 0) { dataEnd++; continue; } - boolean dtIsNum = true; - for (int c = 0; c < dt.length(); c++) { - if (!Character.isDigit(dt.charAt(c))) { dtIsNum = false; break; } - } - if (dtIsNum && dataEnd + 1 < tokens.length) { - int k = dataEnd + 1; - while (k < tokens.length && tokens[k].length() == 0) { k++; } - if (k < tokens.length) { - def nt = tokens[k]; - if (validTypes.contains(nt) || (nt.length() > 4 && nt.substring(0, 4).equals('TYPE'))) { - break; - } - } - } - dataEnd++; - } - def dataParts = new ArrayList(); - for (int d = dataStart; d < dataEnd; d++) { - if (tokens[d].length() > 0) dataParts.add(tokens[d]); - } - def answer = new HashMap(); - answer.put('type', typeStr); - answer.put('data', String.join(' ', dataParts)); - answers.add(answer); - i = dataEnd; - } - if (ctx.dns == null) { - ctx.dns = new HashMap(); - } - ctx.dns.put('answers', answers); - if (ctx.efficient_ip?.log?.dns == null) { - if (ctx.efficient_ip == null) ctx.efficient_ip = new HashMap(); - if (ctx.efficient_ip.log == null) ctx.efficient_ip.put('log', new HashMap()); - if (ctx.efficient_ip.log.dns == null) ctx.efficient_ip.log.put('dns', new HashMap()); - } - ctx.efficient_ip.log.dns.put('answers', answers); - ctx.remove('dns_answers_data'); - - convert: - field: server.ip - if: ctx.server?.ip != null && ctx.server.ip != '' - type: ip - ignore_missing: true - on_failure: - - remove: - field: server.ip - ignore_missing: true - - append: - field: error.message - value: >- - Processor '{{{ _ingest.on_failure_processor_type }}}' - {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' - {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' - - append: - field: related.ip - value: '{{{server.ip}}}' - if: ctx.server?.ip != null - allow_duplicates: false - ignore_failure: true - - append: - field: related.hosts - value: '{{{dns.question.name}}}' - if: ctx.dns?.question?.name != null - allow_duplicates: false - ignore_failure: true - - registered_domain: - field: "dns.question.name" - target_field: "dns.question" - if: ctx.dns?.question != null - - remove: - field: - - repeat_message - - dns.question.domain - ignore_missing: true -on_failure: - - set: - field: event.kind - value: pipeline_error - - append: - field: error.message - value: >- - Processor '{{{ _ingest.on_failure_processor_type }}}' - {{{#_ingest.on_failure_processor_tag}}}with tag '{{{ _ingest.on_failure_processor_tag }}}' - {{{/_ingest.on_failure_processor_tag}}}failed with message '{{{ _ingest.on_failure_message }}}' \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/base-fields.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/base-fields.yml deleted file mode 100644 index 7c798f4534c..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/base-fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: '@timestamp' - type: date - description: Event timestamp. diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/fields.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/fields.yml deleted file mode 100644 index a7cd550f46a..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/fields/fields.yml +++ /dev/null @@ -1,145 +0,0 @@ -- name: efficient_ip.log - type: group - fields: - - name: dhcp - type: group - fields: - - name: client_hostname - type: keyword - - name: decline - type: group - fields: - - name: message - type: keyword - - name: duid - type: keyword - - name: discover - type: group - fields: - - name: message - type: keyword - - name: iaid - type: keyword - - name: inform - type: group - fields: - - name: message - type: keyword - - name: interface - type: group - fields: - - name: ip - type: ip - - name: ip - type: ip - - name: forward_name - type: keyword - - name: lease - type: group - fields: - - name: duration - type: long - - name: message - type: keyword - - name: lease_query - type: group - fields: - - name: message - type: keyword - - name: link_address - type: keyword - - name: message - type: text - - name: network - type: keyword - - name: offered - type: group - fields: - - name: duration - type: long - - name: peer_address - type: keyword - - name: relay - type: group - fields: - - name: interface - type: group - fields: - - name: ip - type: ip - - name: name - type: keyword - - name: release - type: group - fields: - - name: info - type: keyword - - name: request - type: group - fields: - - name: message - type: keyword - - name: router - type: group - fields: - - name: ip - type: ip - - name: trans_id - type: keyword - - name: uid - type: keyword - - name: validation_second - type: long - - name: service_name - type: keyword - - name: type - type: keyword - - name: view - type: keyword - - name: dns - type: group - fields: - - name: after_query - type: text - - name: answers_policy - type: text - - name: before_query - type: text - - name: category - type: text - - name: failed_message - type: text - - name: message - type: text - - name: view_name - type: text - - name: version - type: text - - name: header_flags - type: keyword - - name: rpz - type: group - fields: - - name: action - type: keyword - - name: domain - type: keyword - - name: domain_rewrite - type: keyword - - name: query_class - type: keyword - - name: query_class_rewrite - type: keyword - - name: rule_type - type: keyword - - name: type - type: keyword - - name: answers - type: group - fields: - - name: ancount - type: long - - name: type - type: keyword - - name: data - type: keyword diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/manifest.yml b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/manifest.yml deleted file mode 100644 index 7409a05942c..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/manifest.yml +++ /dev/null @@ -1,43 +0,0 @@ -title: "EfficientIP Logging" -type: logs -streams: - - input: udp - title: "logs via UDP" - description: |- - Collect EfficientIP logs via UDP - template_path: udp.yml.hbs - vars: - - name: tags - type: text - title: Tags - multi: true - required: true - show_user: false - default: - - forwarded - - efficientip-log - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original`. - type: bool - multi: false - default: false - - name: tz_offset - type: text - title: Timezone Offset - multi: false - required: true - show_user: true - default: local - description: >- - By default, datetimes in the logs will be interpreted as relative to the timezone configured in the host where the agent is running. If ingesting logs from a host on a different timezone, use this field to set the timezone offset so that datetimes are correctly parsed. Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00") from UCT. - - name: processors - type: yaml - title: Processors - multi: false - required: false - show_user: false - description: >- - Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/sample_event.json b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/sample_event.json deleted file mode 100644 index 03a0729c923..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/data_stream/log/sample_event.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "@timestamp": "2026-02-25T10:14:26.000Z", - "client": { - "ip": "10.10.10.10", - "port": 58860 - }, - "dns": { - "question": { - "class": "IN", - "name": "test.foo.bar.", - "type": "A" - }, - "response_code": "NXDOMAIN" - }, - "ecs": { - "version": "8.11.0" - }, - "efficient_ip": { - "log": { - "dns": { - "category": "answer" - }, - "service_name": "named", - "type": "DNS" - } - }, - "event": { - "created": "2026-02-25T10:14:26.000Z", - "original": "<13>Feb 25 10:14:26 named[52927]: client 10.10.10.10#58860 (test.foo.bar.): answer: test.foo.bar. IN A (10.0.0.1) -> NXDOMAIN" - }, - "log": { - "syslog": { - "priority": 13 - } - }, - "network": { - "protocol": "dns" - }, - "process": { - "pid": 52927 - }, - "related": { - "hosts": [ - "test.foo.bar." - ], - "ip": [ - "10.0.0.1" - ] - }, - "server": { - "ip": "10.0.0.1" - } -} \ No newline at end of file diff --git a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/docs/README.md b/packages/efficient_ip/build/packages/efficient_ip/0.0.1/docs/README.md deleted file mode 100644 index eed6ed8959a..00000000000 --- a/packages/efficient_ip/build/packages/efficient_ip/0.0.1/docs/README.md +++ /dev/null @@ -1,81 +0,0 @@ - - - -# EfficientIP Integration for Elastic - -The EfficientIP integration collects and parses data from [EfficientIP](https://efficientip.com/) DDI (DNS, DHCP, and IPAM) solutions, enabling centralized monitoring and analysis of network infrastructure events within Elastic. - -## Overview - -The EfficientIP integration for Elastic enables collection of event logs from DNS, DHCP and IPAM. This integration enables the -following use cases: -- DNS query monitoring and threat detection -- DHCP lease management and IP address tracking -- IPAM auditing and infrastructure compliance -- Network anomaly identification and security investigations - -### Compatibility - -This integration is tested with EfficientIP version 8.4.7e - -## What data does this integration collect? - -This integration collects the following data types from EfficientIP DDI solutions: - -- **DNS Events**: Query logs, response codes, and DNS transactions -- **DHCP Events**: Lease assignments, renewals, releases, and IP address allocations -- **IPAM Events**: Address space changes, subnet modifications, and infrastructure audits - -All events are forwarded via syslog and processed through Elastic ingest pipelines for analysis and visualization within the Elastic Stack. - - -## What do I need to use this integration? - -Minimum requierment Elastic stack 9.0.x and EfficientIP version 8.4.7e - - -## Deployment methods -This integration supports the following deployment methods: - -**Syslog-based**: EfficientIP nodes forward events to a syslog destination where Elastic Agent collects and processes the data. - -To configure syslog forwarding on an EfficientIP node: - -1. Access the EfficientIP administration interface -2. Navigate to **System Settings** > **Logging** or **Event Forwarding** -3. Select **Syslog** as the destination type -4. Enter the syslog receiver host IP address and port -6. Verify the connection and enable syslog forwarding -7. Configure Elastic Agent to listen on the syslog port and ingest the forwarded events - -Refer to the EfficientIP documentation for your version for detailed configuration steps specific to your deployment. - -### Agent-based deployment -Elastic Agent must be installed. For more details, check the Elastic Agent [installation instructions](docs-content://reference/fleet/install-elastic-agents.md). You can install only one Elastic Agent per host. - -Elastic Agent is required to stream data from the syslog or log file receiver and ship the data to Elastic, where the events will then be processed via the integration's ingest pipelines. - -### Inputs used - -These inputs can be used with this integration: -