Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How can I filter internal DNS queries in the logs?

    Scheduled Pinned Locked Moved DHCP and DNS
    dnsfiltering
    3 Posts 2 Posters 548 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alsii
      last edited by

      I am analysing logs to tune what shall be indexed in the SIEM and what shall not. I am a PfSense newbie. How can I identify logs coming from DNS requests, and more precisely internal ones which I want to drop ?

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        Crank up the DNS (Resolver) log details.
        Use an external logger - have you logs send to a device with syslog, rsyslog, whatever.
        What is SIEM ?
        What do you mean with

        @alsii said in How can I filter internal DNS queries in the logs?:

        internal ones

        are there also external ones ??

        Why dropping DNS requests ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • A
          alsii
          last edited by

          Hi Gertjan,
          We forward the logs in a syslog server, and then the relevant ones in a Security Information and Event Management system (SIEM), splunk based. So we can always investigate in the syslog server (no log dropped at all), but for our security needs, internal DNS requests are irrelevant and I don't want to pay to index them in splunk.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.