Cisco ASA DNS Logging

MikeO5422 — Tue, 12 Mar 2019 05:59:08 GMT

I was playing around with URL logging on an ASA 5510 the other day. Pretty neat. But I was wondering if you could do a similar thing with DNS queries. I setup a regex to match anything and setup a class that referenced the regex. Then, I created a DNS inspection policy map that references the class and logs the matches. However, it only logs something similar to "410004 - DNS Classification: Received DNS query (id: xxxxx) for host x.x.x.x and so on" I was wondering if there was a way to actually log the domain being queried, similar to the URL logging? Here is the example setup just for reference. This would work great if I had some specific domain (or list of domains) I was interested in, but in this case I want to log any DNS query and see the domain being queried for.

regex matchall "."

class-map type inspect dns match-any re.dnsQueries

match domain-name regex matchall

policy-map type inspect dns dnsQueries

parameters

class re.dnsQueries

log

policy-map global_policy

class inspection_default

inspection dns dnsQueries

Hi,This is not currently

Vibhor Amrodia — Sat, 23 May 2015 12:47:37 GMT

Hi,

This is not currently possible at least for now.

Thanks and Regards,

Vibhor Amrodia

topic Hi,This is not currently in Network Security

Cisco ASA DNS Logging

Hi,This is not currently