cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

261
Views
5
Helpful
1
Replies
Highlighted
Beginner

Access Policy - how to exclude DNS querry from logging so Event viewer or export to syslog

Hello,

 

I have an 3D 8140 device that is implemented inline between costumers LAN and Data Center. My costumer is required to log everything that goes on in the network for 30 days. I did that by creating a rule in the Access Policy to monitor all traffic and send it to syslog. Unfortunately, it resulted with 115Milion syslog messages in period of 24h. The thing is, 99% of that falls to DNS query’s towards Domain Controllers. Is there a way to exclude those connections from being logged in any way since I do have destination IP Protocol and Port?

log all.PNG

It is disabled ATM since it is killing my syslog device

 

I am configuring the device through vFMC 6.4.0.7

 

1 REPLY 1
Highlighted
VIP Advisor

Re: Access Policy - how to exclude DNS querry from logging so Event viewer or export to syslog

Hi,

Create another ACP rule at the top of the rule set, permitting dns to the domain controllers without logging enabled. Traffic will be permitted on this rule and will therefore not match your other rule which has logging enabled.

 

HTH