Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
EricFo
New Contributor

DNS-logging doesn´t work

Running fortios 6.0.4. I´ve enabled DNS-logging in both the disk settings and tried to send DNS-logs to a syslog server. But no DNS-logs appears. Get all other logs that I tried, but the DNS-logs wont appear on the FW or the Syslog-server.

 

config log disk filter

set dns enable

end

 

config log syslogd filter

set dns enable

end

 

Also tried set the Log Level to Information, which was implied by fortinet. But I´m stuck at this point. Any help or things that I can check?

 

 

3 REPLIES 3
Hosemacht
Contributor II

Hey there,

 

please have a look at this post:

https://forum.fortinet.com/tm.aspx?m=178731&tree=true#

 

Regards

sudo apt-get-rekt

sudo apt-get-rekt
Hosemacht

thanks for your reply, please let me know if it works for you (it doesnt for me)

 

Regards

sudo apt-get-rekt

sudo apt-get-rekt
EricFo
New Contributor

Thanks. Not really what I´m looking for. I wan´t to use this solution:

 

DNS Logging (401757)

FortiOS logging now includes the Detailed DNS log message type. DNS events were previously recorded as event logs. In FortiOS 5.6 DNS log messages are a new category that also includes more DNS log messages to provide additional detail about DNS activity through the FortiGate. You can enable DNS logging from the CLI using the following command (shown in this example for memory logging):

 

config log memory filterset dns enableend 

DNS log messages include details of each DNS query and response. DNS log messages are recorded for all DNS traffic though the FortiGate and originated by the FortiGate.

 

The detailed DNS logs can be used for low-impact security investigation. Most network activity involves DNS activity of some kinds. Analyzing DNS logs can provide a lot of details about the activity on your network without using flow or proxy-based resource intensive techniques.

Labels
Top Kudoed Authors