Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
2
Replies

Umbrella IP & Proxy logs in AWS S3 bucket

zietgiestt
Level 1
Level 1

‎05-10-2024 10:21 AM

Hello,

I have been tasked with ingesting Umbrella logs into our new SOC monitoring.

During this onboarding process I was able to allow the SOC access to my S3 bucket for umbrella logs but noticed that only DNS logs are current.
I have old IP & Proxy logs in my bucket, but those haven't been reported to my S3 bucket since 2019.

Maybe these logs aren't used by umbrella any longer?

I'm not sure why they stopped or how to re-enable IP & proxy logging to my S3 bucket.

Can anyone shed any light on this as a starting point to investigate please?

 

Thanks,

Labels:
0 Helpful
2 Replies 2

mmaciw
Cisco Employee
Cisco Employee

‎06-25-2024 07:57 AM

 

Hello there,

 

Have you checked the Umbrella dashboard, Policies > web policy > ruleset logging ?

 

It is possible someone has disable logging for web traffic. This assumes that your Umbrella subscription includes the web proxy. If not, and your subscription is DNS only, then check the DNS policy for the similar logging settings and also a setting that allows you to enable/disable the intelligent proxy.

 

Regards,

Mark

0 Helpful

Pulkit Mittal
Spotlight
Spotlight

‎07-03-2024 04:34 AM

Hi,

Please check if your ruleset logging is enables to log all requests under your web policies. 

PulkitMittal_0-1720006388770.png

If you find this useful, please mark it helpful and accept the solution.

0 Helpful
Customers Also Viewed These Support Documents