V 2.0 : DNS Logs

https://docs.umbrella.com/umbrella-user-guide/docs/log-format-and-versioning#dns

V 2.0: DNS Logs

Base Rule

General DNS Information

Information

V 2.0: DNS Traffic Allowed

Sub Rule

Traffic Allowed by Network Firewall

Network Allow

V 2.0: DNS Traffic Blocked

Sub Rule

Traffic Denied by Network Firewall

Network Deny

Action

<action>
<tag1>

Text/String

Whether the request was allowed or blocked.

Blocked Categories

<result>

Text/String

The categories that resulted in the destination being blocked. Available in version 4 and above.

Categories

<subject>

Text/String

The security or content categories that the destination matches. For category definitions, see Understanding Security Categories and Understanding Content Categories.

Domain

<domainimpacted>

Text/String

The domain that was requested.

External IP

<dip>

IP Address

The external IP address that made the request.

Identities

<object>
<login>

Text/String

All identities associated with this request.

Identity Types

<objecttype>

Text/String

The type of identity that made the request. For example, Roaming Computer, Network, and so on. Available in version 3 and above.

Internal IP

<sip>

IP Address

The internal IP address that made the request.

Most Granular Identity

 N/A

N/A

The first identity matched with this request in order of granularity.

Most Granular Identity Type

N/A

N/A

The first identity type matched with this request in order of granularity. Available in version 3 and above.

Query Type

 <sessiontype>

Text/String

The type of DNS request that was made. For more information, see Common DNS Request Types.

Response Code

<responsecode>

Number

The DNS return code for this request. For more information, see Common DNS return codes for any DNS service (and Umbrella).

Timestamp

N/A

N/A

When this request was made in UTC. This is different from the Umbrella dashboard, which converts the time to your specified time zone