This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
CarlosDias
Contributor
‎2024-08-29 06:54 AM

Filter by DNS query the DNS requests

Hi,

On the security logs on the Manager, how can I filter on DNS requests, the logs that have a specific DNS_query without opening line by line and see the DNS_query field ?

 

Regards

0 Kudos
9 Replies
AkosBakos
MVP Silver
MVP Silver
‎2024-08-29 09:09 AM

Hi @CarlosDias 

You mean that, you want to search among the logs for eg.: nasa.org?

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2024-08-29 09:29 AM

Hi @CarlosDias 

I checked in a working cluster. Here, the APPL and URLF blade are switched on.

When I type a simple URL, the relevant results are shown in the log.

Akos

 

----------------
\m/_(>_<)_\m/
the_rock
MVP Diamond
MVP Diamond
‎2024-08-29 09:33 AM
In response to AkosBakos

Same here, works in my R81.20 and R82 lab.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PA
Explorer
‎2026-03-18 12:46 AM
In response to the_rock

Hello,

I have version R82. How can I make the "dns_query" field appear in the domain-udp query logs? I tried the solutions from sk116694 and sk183647 without success, but it works in R81.20.

0 Kudos
CarlosDias
Contributor
‎2024-08-30 01:40 AM
In response to AkosBakos

Hi,

No that is not what I mean. That way I can find traffic that goes to a specific url or domain.

What I want is on a DNS packet sent to the DNS server I could filter the DNS_query field.

If you open a DNS packet log on the checkpoint you can see a field called DNS_query, where you can see what url it is asking to the DNS server. I am not able to filter that. The only solution is to open this dns traffic logs, one by one.

Regards

0 Kudos
Lesley
MVP Gold
MVP Gold
‎2024-08-30 03:44 AM
In response to CarlosDias

dns.jpg

Btw is the version you still run is supported? I don't recall it is possible to see this in supported versions

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
CarlosDias
Contributor
‎2024-08-30 03:46 AM
In response to Lesley

Hi,

I am running R81.10, which I thinks its still supported.

Regards

0 Kudos
PA
Explorer
‎2026-03-18 01:41 AM
In response to Lesley

Hi,

I have version R82. How can I make the "dns_query" field appear in the domain-udp query logs? I tried the solutions from sk116694 and sk183647 without success, but it works in R81.20.

0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2024-08-30 04:15 AM
In response to CarlosDias

Hi @CarlosDias 

If its field is not indexed, you  can'T search for it with regular expression.

What is the most painful for me, the NAT field is te same.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events