Log Search

navigate to the sidebar menu reports and log and select the log search tab in t he side navigation menu overview the log search module is designed to provide granular visibility into your network traffic this tool allows administrators to search and filter dns logs to quickly identify relevant information, track user activity, and troubleshoot specific security events how it works the system records raw data for the dns requests processed by your networks you can use multiple search parameters simultaneously to pinpoint exact traffic events, understanding not only if a domain was blocked, but exactly why the system made that decision interface overview the interface is divided into two main areas the top search parameters and the main log results table top controls search parameters use these tools to narrow down the vast amount of log data to exactly what you need to see interface element description & focus range date select predefined timeframes like last 15 minutes, last hour, last 24 hours, or set a custom range fqdn a text field where you can search by a specific domain name action filter by the outcome of the query, selecting from all, granted, denied, or unresolved reason filter by the exact rule that triggered the action, such as blocked due to policy configuration, allowed due to exceptions, or blocked due to geoblocking networks select one or more specific networks to filter the origin of the traffic categories filter logs by specific content categories like advertising, adware, or alcohol policies filter the data to view only the traffic managed by a specific security profile results limit the number of rows displayed in the table, choosing between 30, 50, 100, 250, or 500 entries list view log table the main workspace displays the raw data matching your search criteria interface element description & focus query type the specific technical dns record requested by the client action indicates whether the request was granted or denied by the filter fqdn the fully qualified domain name that the user attempted to access category the content classification assigned to the requested domain date and time the exact timestamp of when the query occurred source ip address the ip address originating the network request policy the specific security profile that managed and evaluated the request network the deployment location the traffic belongs to country the geographic origin associated with the request configuration & logic using the search filters to begin an investigation, start by setting your desired range date to establish the timeframe you can then layer additional filters to find specific events for instance, if you want to find out why a user was blocked from a specific site, you can set the action to denied, and review the reason column to see if it was blocked due to policy configuration or blocked due to ip block managing applied filters as you select different criteria from the dropdown menus, they are summarized in the applied filters box located just above the results table this gives you a clear visual confirmation of the parameters currently shaping your view if you want to start a fresh search, simply click the clear filters button located on the right side of this summary box to reset all fields at once