AKrause wrote:FortiOS 5.6We have recently upgraded to FortiOS 5.4.8 and want to use the DNS-Filter. I have configured a DNS-Filter and applied it to the corresponding firewall policy. Beside some Monitor or Block settings for some categories the DNS-Filter is configured to log all Domains. Where can I see the logs of the DNS-Filter? There is no DNS-Filter category on the Log & Report Section on the local FGT-1500D - nor can I find any logs on the connected FortiAnalyzer.
In FortiManager you can view the domains under the Log View -> DNS section:
And on the FGT's GUI under Log & Report -> DNS query
sidenote: In this case the IPv4 policy to which DNS filter was assigned was configured to log the UTM (security events) logs only.
Hope it helps!
Thanks & regards,
Prab
Thanks for your replies. However we are running FOS 5.4
I raised a ticket at fortinet support. After a lot of ticket pingpong (show screenshots etc..) they finally got the solution: There is no DNS-Filter log in FortiOS 5.4 at all.
Update to FortiOS 5.6 
AKrause wrote:Glad that the Support figured it out.Thanks for your replies. However we are running FOS 5.4
I raised a ticket at fortinet support. After a lot of ticket pingpong (show screenshots etc..) they finally got the solution: There is no DNS-Filter log in FortiOS 5.4 at all.
Update to FortiOS 5.6
There is something you could try, I am not sure if it will help:
Are the clients using the FGT as a DNS? If yes, then you could try creating a normal IPv4 policy for it and log the traffic for this policy. I think in that case you shall see some logs for the DNS request/replies etc.
