This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS queries search in logs?

UTM 9 SG115 latest firmware. (as of today)

 

Out of the box default settings. webfiltering enabled.

On our internal domain the DC acts as DNS\DHCP for all the workstations.  The DC uses OPENDNS as the DNS forwarders the clients will use.

 

Open DSN reports malware DNS queries from my WAN IP.

I would have assumed I could search "bad.url.phishscam.ld" or whatever was being reported by OPENDNS.

 

As it stands I have to enable DNS loggin on the DNS server and let it run for a day. Then I can search by key work and find the internal IP of who is making the DNS request.

 

IS there anyway to make this easier on the UTM appliance? is there a specific DNS log setting that i need to enable to capture this?

it seems to be getting every other DNS query made.

I have 4 sites with the same issue and layout.

 

any help?!

 



This thread was automatically locked due to age.
  • Tyler, please show us an example of the message you want to evaluate and the relevant line from the log file from one of those in #1 in Rulz.

    You might want to consider using the approach in DNS Best Practice.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA