Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CarlosDias
Contributor

Filter by DNS query the DNS requests

Hi,

On the security logs on the Manager, how can I filter on DNS requests, the logs that have a specific DNS_query without opening line by line and see the DNS_query field ?

 

Regards

0 Kudos
7 Replies
AkosBakos
Leader Leader
Leader

Hi @CarlosDias 

You mean that, you want to search among the logs for eg.: nasa.org?

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
AkosBakos
Leader Leader
Leader

Hi @CarlosDias 

I checked in a working cluster. Here, the APPL and URLF blade are switched on.

When I type a simple URL, the relevant results are shown in the log.

Akos

 

----------------
\m/_(>_<)_\m/
the_rock
Legend
Legend

Same here, works in my R81.20 and R82 lab.

Andy

0 Kudos
CarlosDias
Contributor

Hi,

No that is not what I mean. That way I can find traffic that goes to a specific url or domain.

What I want is on a DNS packet sent to the DNS server I could filter the DNS_query field.

If you open a DNS packet log on the checkpoint you can see a field called DNS_query, where you can see what url it is asking to the DNS server. I am not able to filter that. The only solution is to open this dns traffic logs, one by one.

Regards

0 Kudos
Lesley
Leader Leader
Leader

dns.jpg

Btw is the version you still run is supported? I don't recall it is possible to see this in supported versions

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
CarlosDias
Contributor

Hi,

I am running R81.10, which I thinks its still supported.

Regards

0 Kudos
AkosBakos
Leader Leader
Leader

Hi @CarlosDias 

If its field is not indexed, you  can'T search for it with regular expression.

What is the most painful for me, the NAT field is te same.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events