In this article
Follow this guide to navigate the DNS Query Log. This log represents all DNS traffic to your DNSFilter account.
The DNS Query Log has many uses, including quickly finding the who, what, when, and where of any DNS query to troubleshoot filtering policies and manage policy settings with the Actions menu. The DNS Query Log is customizable and the data can easily export via email.
Having trouble loading the DNS Query Log?
During especially high query traffic times the captured data isn't processed fast enough to appear in the Query Log: the return comes back "no data found" or the data is 10-20 minutes behind the current time.
The information is being processed, but can take up to 20 minutes to appear in the dashboard. We've identified two ways to work around this issue:
- A simple refresh of the DNS Query Log can correct the issue
- Wait 10-20 minutes for traffic to slow and the data to catch up
The DNS Query Log is one of several in-app tools to help manage data collection and policy settings. Find it from the DNSFilter dashboard Tools tab and select DNS Query Log.
The default page opens to all DNS queries in the last 15 minutes: no Site required! The query data is available up to the last 9 days depending on your license. More on time range filters under Data Filters below.
Other defaults include rows per page set to 25 (edit to view up to 100 per page) and the Time and Actions columns are pinned to the left and right of the table.
✍️ The Policy Audit Log has a similar name that can be confusing. The Policy Audit Log only represents changes to Filtering Policies and no DNS traffic.
Data Filters
Filter the DNS Query Log to view the query data that matters most for your needs.
Select Filters to view filtering options.
Any option with a drop down menu also has an auto-complete option. Start typing the name of the specific item to quickly jump to it in the list.
Add more filters until the data set meets your requirements. Remove all at once with REMOVE ALL or remove individually via the X in the filter menu.
Select a field from the dropdown menu to filter.
Time. Filter a time range by quick values—last 15 minutes up to the last 9 days depending on your license—specific dates, or specific time ranges on specific dates.
Note that the DNS traffic data is only available up to your license limits: see in the example below the farthest back to filter is 3 days and all other dates/times cannot be selected.
FQDN. Filter by Fully Qualified Domain Name to see all traffic to an exact location of a network resource on the internet.
Result. Narrow results to isolate only blocked or allowed results.
Categories. See results for specific Filtering Policy Categories as a quick way to troubleshoot content not fully loading.
Application. See results that can be blocked by AppAware to adjust settings with the Actions menu.
Site. Start typing the name to quickly hone in on a specific Site.
Deployment. Select a Roaming Client by name to isolate a user's activity.
Deployment Type. Filtering by Site, Roaming Client, or Relay.
Local User Name / IP Address. Another option to isolate a specific user's or location's activity.
Collections Names. Filter by a group of users.
Example Use Case: Help Desk Ticket
Use Query Log filters to resolve tickets reporting blocked content that should be allowed: Filter around the ticket's time stamp, select the user or Roaming Client name, and set Result to "blocked" to isolate the related DNS traffic. Use the Actions menu to update policy Allow/Block Lists to correct the issue.
Customize the Log View
Alongside all the filtering options, the DNS Query Log also has several ways to edit how to view the data according to your preferences.
Data Columns. Toggle different columns to show or hide. Columns are searchable, and you can show or hide all options in one click.
✍️ All columns are included in data exports: the show/hide options do not alter the export.
The default view includes two pinned columns: Time and Actions. Pin any additional column by right-clicking on the column menu. Filter or hide the column from this option as well.
Columns can also be reordered and adjusted to different widths: click and drag to your specifications.
Row Density. Select how to view the rows: compact (most dense), standard, or comfortable (least dense).
Export Data. Export a filtered data set to your inbox in just one click.
Save View. Save your customized view. All customizations save to local browser storage (if you switch to mobile device or different browser the settings will default). Reset the log view with Use Default.
Refresh. Data won't update unless you select the browser or in-app refresh option.
Actions menu
The Actions menu is useful to quickly add/remove a specific domain to/from the Allow List, Block List (or multiple at once), or in AppAware for the Organization's Filtering Policies—all without leaving the DNS Query Log.
- Locate the domain to update by using data filters
- Select the Actions menu
- Select the applicable action
- Update the domain
The Filtering Policy will automatically update as new settings save and allow/block DNS traffic according to the updated requirements.
Related Data Tools
Check out our other data and reporting resources:
Comments
0 comments
Article is closed for comments.