This feature adds a new section to FortiView that summarizes DNS activity on the network.
To generate DNS logs, the FortiGate needs a firewall policy that uses a DNS filter profile. The FortiGate must also be configured to send logs to the FortiAnalyzer.
To view DNS logs:
- If necessary, configure the FortiGate:
- Create a new DNS filter profile or customize a predefined profile.
- Use the DNS filter profile in a policy.
- On the FortiAnalyzer, go to SOC > FortiView > Traffic > DNS Logs. The DNS logs list is shown.
- Double click on an entry in the list to drill down to specific details about that domain.
The Source tab displays the sources that query the domain name from the DNS server. The number of sources matches the number in the # of Clients column in the DNS logs list.
The Destination tab displays the DNS servers that were queried for the domain name.
The Country/Region tab shows the country and/or region of the DNS server or servers.
- Double click on an entry in one of the drill down tabs to show related traffic logs.
From the log details, correlated DNS logs can also be viewed.
- To view DNS logs in a bubble chart, select Bubble as the chart type in the widget settings.
Hovering over a bubble displays a pop-up box that includes: # of Clients, Sessions, and Bytes.
Bubble chart data can be sorted by Bandwidth, Session, or # of Clients.
Double click on a bubble to open the drill down view. Click the back button in the top left of the content pane to return to the bubble chart.
- DNS logs can also be viewed by going to Log View > Security > DNS.