Advanced DNS Security Resolver now generates system log events to provide enhanced visibility into license management, configuration changes, and quota monitoring. These informational-level syslog events enable you to track critical operational changes and integrate with your existing security information and event management (SIEM) systems for comprehensive monitoring and alerting.

The new system log events cover three key operational areas. First, license expiry events are generated when a tenant license expires, automatically removing the tenant configuration from the Advanced DNS Security Resolver service and logging a Delete event with the description Removed ADNS resolver config due to license expiry. Second, license update events capture any licensing changes, including license expiry, user count modifications, or SKU updates, generating an Update event that includes the tenant ID and specific SKU information. Third, quota violation events help you monitor usage patterns and prevent service disruptions by tracking three quota states: normal (usage within allocated limits), transient (temporary quota violation detected), and consistent (persistent quota violation detected). When quota states change, the system automatically log Update events.

All system log events share common attributes including Event Time, Sub Type (system), Log Type (system), Severity (Informational), Platform Type (ADV_DNS_RESOLVER), Log Source (DNS security resolver config), Vendor Name (Palo Alto Networks), and Tenant ID. These events can be forwarded to your SIEM platform using log forwarding profiles configured in Strata Cloud Manager, enabling you to monitor events across your organization, set up automated alerts for quota violations, track configuration changes for compliance and audit purposes, and correlate Advanced DNS Security Resolver events with other security telemetry.