Re: Filter by DNS query the DNS requests

CarlosDias · ‎2024-08-29

Hi,

On the security logs on the Manager, how can I filter on DNS requests, the logs that have a specific DNS_query without opening line by line and see the DNS_query field ?

Regards

AkosBakos · ‎2024-08-29

Hi @CarlosDias

You mean that, you want to search among the logs for eg.: nasa.org?

Akos

----------------
\m/_(>_<)_\m/

AkosBakos · ‎2024-08-29

Hi @CarlosDias

I checked in a working cluster. Here, the APPL and URLF blade are switched on.

When I type a simple URL, the relevant results are shown in the log.

Akos

----------------
\m/_(>_<)_\m/

the_rock · ‎2024-08-29

Same here, works in my R81.20 and R82 lab.

Andy

CarlosDias · ‎2024-08-30

Hi,

No that is not what I mean. That way I can find traffic that goes to a specific url or domain.

What I want is on a DNS packet sent to the DNS server I could filter the DNS_query field.

If you open a DNS packet log on the checkpoint you can see a field called DNS_query, where you can see what url it is asking to the DNS server. I am not able to filter that. The only solution is to open this dns traffic logs, one by one.

Regards

Lesley · ‎2024-08-30

Btw is the version you still run is supported? I don't recall it is possible to see this in supported versions

-------
If you like this post please give a thumbs up(kudo)! 🙂

CarlosDias · ‎2024-08-30

Hi,

I am running R81.10, which I thinks its still supported.

Regards

AkosBakos · ‎2024-08-30

Hi @CarlosDias

If its field is not indexed, you can'T search for it with regular expression.

What is the most painful for me, the NAT field is te same.

Akos

----------------
\m/_(>_<)_\m/

Are you a member of CheckMates?

Filter by DNS query the DNS requests