Search, Filter and Export DNS Logs

Search, Filter and Export DNS Logs

Each DigitalStakeout PDNS company (tenant) has a private log data store where detailed DNS and web activity logs are recorded in real-time.  Users can search and analyze logs to investigate incidents and to hunt threats.

Search and Filter DNS Logs

Under the "Traffic Logs" section, you can create complex filters to isolate logs. Your log query will be summarized and the detail log records will be below the summary charts. Simply click on the "New filter condition" to expand your filter. Click on the "x" of a filter item to remove the filter condition. You will have to press "Submit" to run the query to update your results.

Log entries will are in the following format:

Time: UTC time of request.
Action: Label if request allowed or denied.
Reason: Policy component that allowed or denied the request.
Source: The client IP address of the request.
DNS Server: The target DNS server processing the request.
Direction: The direction of the request.
Query Name: The host name being queried.
Query Type: The type of DNS record query.
Protocol: The DNS protocol being used in the query.
Domain Rank: The DigitalStakeout Domain Rank of the query.
Context: The context of what PDNS process blocked or allowed the query.
Event: Whether the asset query is a new or a repeat query.
TTL: Time to live of the response of the query.
Answer Name: The answer name of the query.
Record Type: The type of record returned in the query.
Response Data: The response data that returned with the query.
AS Number: The target AS Number of the resolved IP of the response.
AS Name: The target AS Name of the resolved IP of the response.
City: The city of the resolved IP of the response.
Country: The country of the resolved IP of the response.
 
Exporting DNS Logs

To export the logs from your query, simply click on the export button on the right hand side of the traffic log table. Your logs will be exported into a JSON file in DigitalStakeout PDNS log format.

Note: You can only export less than 10,000 log entries at a single time.

If you require access to all your logs, you can perform this action with the real-time log HTTP Log Forwarding or Syslog Forwarding feature.

    • Related Articles

    • Search and Filter DigitalStakeout PDNS Logs

      Each DigitalStakeout PDNS company has a private log data store where detailed DNS and web activity logs are recorded in real-time.  Users can search and analyze logs to investigate incidents and to hunt threats. Search and Filter DNS Logs Under the ...

    • Syslog Fowarding DNS Logs

      DigitalStakeout PDNS supports real-time log syslog forwarding. Log forwarding is a real-time fork of your DNS log data to a target syslog server. We do the hard work by enriching and annotating your logs with contextual information. DNS logs are ...

    • HTTP Log Forwarding DNS Logs

      DigitalStakeout PDNS supports real-time log HTTP forwarding. Log forwarding is a real-time fork of your DNS log data to a target HTTP webhook endpoint. We do the hard work by enriching and annotating your logs with contextual information. DNS logs ...

    • DNS Acronyms

      These acronyms and terms are frequently used when discussing securing DNS. DNS: Domain Name System. This is a system that translates human-readable domain names (such as www.example.com) into numerical IP addresses that computers can use to ...

    • DNS Return Codes

      There are many reasons why a DNS query may succeed or fail. Below is a list of the return codes and what they mean. You can filter for DNS response codes in your DigitalStakeout Securd DNS Dashboard and Log Analytics. 0: NoError. This indicates that ...