Unbound DNS
Unbound resolver logs include client queries, cache lookups, DNSSEC validation and protocol errors.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (17)
| Field | Type |
|---|---|
unbound.LogType Type of log entry (e.g., "info", "error", "debug"). | string |
unbound.Severity Severity level of the log message. | string |
unbound.ClientIP IP address of the client making the DNS request. | string |
unbound.Domain Domain name involved in the logged operation. | string |
unbound.RecordType DNS record type queried or processed (e.g., "A", "AAAA", "MX"). | string |
unbound.Class DNS class of the record (usually "IN" for Internet). | string |
unbound.Thread Identifier of the Unbound thread handling this request. | pint |
unbound.RequestList.Max Maximum size reached by the request list. | plong |
unbound.RequestList.Avg Average size of the request list over time. | pfloat |
unbound.RequestList.Exceeded Number of times the request list capacity was exceeded. | plong |
unbound.RequestList.Jostled Count of entries removed (jostled out) from the request list due to overflow. | plong |
unbound.Queries Total number of queries processed. | plong |
unbound.CacheHits Number of queries answered from cache. | plong |
unbound.Recursions Number of recursive queries performed. | plong |
unbound.Prefetch Number of prefetch operations executed. | plong |
unbound.Rejected Number of queries that were rejected (e.g., due to access control). | plong |
unbound.Msg Additional message or note associated with the log entry. | text_general |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.