This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG DNS Logging and offload to SIEM

I've successfully configured our XG Firewalls to push logs to our SIEM solution which works well, though when trying to trace source of DNS requests I can't find anything logged either locally on the XG, or anything on the SIEM other than a UDP port 53 request which doesn't help in determining the source as it doesn't include DNS name of the request, just source/destination IPs.

Is there any way I can enable DNS logging on the XGs and have DNS logs pushed to our SIEM solution?

This thread was automatically locked due to age.

Parents

0 Raphael Alganes over 1 year ago

Hello there,

Good day and thank you for reaching out to Sophos Community

May we ask if you are still facing this concern?

Are you looking for log lines from User DNS logs resolving? or Logs from Firewall DNS resolving/querieng from it's designated DNS server?

Many thanks for your time and patience and thank you for choosing Sophos

Cheers,

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 dm4884 over 1 year ago in reply to Raphael Alganes

Hi Raphael,

Thanks for the reply!

This is still an issue for us, it's Logs from the Firewall DNS resolving/querying that we're having problems with - this doesn't seem to be covered by any of the options in the log forwarding on the XG.

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Raphael Alganes over 1 year ago in reply to dm4884

Hello there,

It seems this feature is currently unavailable on SF.

This would be a Feature Request, I may recommend you to reach out to your Account Manager, Sales Engineer or Sales Representative so that they can enter this request into our system.

Additionally, you can use the in-product feedback in the Sophos Firewall located in the Top Menu Bar.

Thanks for your time and patience and thank you for choosing Sophos.

Cheers,

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Raphael Alganes over 1 year ago in reply to dm4884

Hello there,

It seems this feature is currently unavailable on SF.

This would be a Feature Request, I may recommend you to reach out to your Account Manager, Sales Engineer or Sales Representative so that they can enter this request into our system.

Additionally, you can use the in-product feedback in the Sophos Firewall located in the Top Menu Bar.

Thanks for your time and patience and thank you for choosing Sophos.

Cheers,

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data