A firewall administrator wants to avoid overflowing the company syslog server with traffic logs.
What should the administrator do to prevent the forwarding of DNS traffic logs to syslog?
A firewall administrator wants to avoid overflowing the company syslog server with traffic logs.
What should the administrator do to prevent the forwarding of DNS traffic logs to syslog?
To prevent the forwarding of DNS traffic logs to syslog, the administrator should go to the Log Forwarding profile used to forward traffic logs to syslog and, under traffic logs match list, create a new filter with application not equal to DNS. This will ensure that only non-DNS traffic logs are forwarded to the syslog server, effectively keeping DNS traffic logs from being sent.
sloud be B
B is correct, as I have tested it in my Lab, when I was using the eq to DNS filter I could still see that DNS traffic logs were forwarded but when using not equal to DNS the DNS-related traffic was non existed to be forwarded
Im ok with B, but why not A? If i have a policy rule for DNS traffic, I just have to put log forwarding option as "none" to avoid sending that logs right?
Could be because those rule might be allowing some other Apps, and you would lose the logs for them as well.
B is correct. Filter should include "not equal
B - Prevent the forwarding of DNS
Option B Create a new log forwarding profile which forwards logs only to Syslog device. Create a specific security policy for DNS traffic https://live.paloaltonetworks.com/t5/general-topics/how-to-stop-dns-traffic-logs-going-to-log-collector/td-p/290425
NOT equal to DNS
B is correct.