Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
971
Views
5
Helpful
1
Replies

Access Policy - how to exclude DNS querry from logging so Event viewer or export to syslog

NajtRajder
Level 1
Level 1

‎06-26-2020 06:33 AM

Hello,

 

I have an 3D 8140 device that is implemented inline between costumers LAN and Data Center. My costumer is required to log everything that goes on in the network for 30 days. I did that by creating a rule in the Access Policy to monitor all traffic and send it to syslog. Unfortunately, it resulted with 115Milion syslog messages in period of 24h. The thing is, 99% of that falls to DNS query’s towards Domain Controllers. Is there a way to exclude those connections from being logged in any way since I do have destination IP Protocol and Port?

log all.PNG

It is disabled ATM since it is killing my syslog device

 

I am configuring the device through vFMC 6.4.0.7

 

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎06-26-2020 06:39 AM

Hi,

Create another ACP rule at the top of the rule set, permitting dns to the domain controllers without logging enabled. Traffic will be permitted on this rule and will therefore not match your other rule which has logging enabled.

 

HTH

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card