DNS Security logs are accessible directly on the firewall or through
Strata Logging Service
-based log viewers (
AIOps for NGFW Free
,
Cloud Management
,
Strata Logging Service
, etc). While the firewall allows you to access malicious
threat log entries that are generated when users make DNS queries, benign DNS requests
are not recorded. DNS Security data is also forwarded to
Strata Logging Service
through log forwarding (as threat logs) and
DNS Security telemetry (as DNS
Security logs), which are then referenced by various activity log viewer applications.
DNS Security telemetry operates with minimal overhead, which limits the amount of data
sent to
Strata Logging Service
; as a result, only a subset of DNS queries are
forwarded to
Strata Logging Service
as DNS Security log entries, regardless of
the severity level, threat type, or category. The threat logs for malicious DNS requests
that are forwarded to
Strata Logging Service
using log forwarding are available
in their entirety. As a result, Palo Alto Networks recommends viewing logs for malicious
DNS requests as threat logs instead of DNS Security logs.