Viewing Firewall and DNS Logs
The Zscaler service provides real-time log consolidation across the globe, so you can view every transaction performed by your users regardless of where they are in the world. From the firewall logs, you can view details such as the rule that was applied, the client and server details, and the network services and applications. From the DNS logs, you can view data, such as the DNS request and response details.
NOTE: Interactive reports support UTF-8 characters enabling the display of special characters.
- To immediately view logs for a certain item or segment in a dashboard or report:
- Click that item or segment in a chart.
- Select View Logs.
- To narrow down the scope of data and drill down to the logs:
- Click an item in chart.
- Select Analyze Chart.
The chart appears in an Insights window where you can apply filters and other settings to get to specific transactions.
- Click Logs from the left pane of the Firewall Insights or DNS Insights window.
The Firewall Insights or DNS Insights window displays the settings on the left pane and logs on the right pane. It lists up to 100 transactions at a time. Scroll down and click LOAD MORE at the bottom of the window to view the next group of up to 100 transactions.
To learn more about the firewall and DNS logs, expand a topic below.
Filtering and Finding Transactions
You can narrow down the list of transactions by doing the following on the left pane:
- Choose a predefined time frame or select Custom to use the calendar and time menus to define your own time frame. Note that you can set the time by hour, minutes, and seconds, if you need a more granular time frame.
- Apply filters to narrow down the list or to find transactions, such as those associated with a specific user or URL.
After you change the time frame or filters, you must always click Apply Filters to list the filtered list of transactions. You can also click Export to CSV to export the filtered list to a CSV file. The service exports only the columns that are visible. It exports up to 100,000 lines of data at a time. You can continue to use the service while the export is in progress.
Customizing the Logs
You can customize the logs as follows:
- Click the icon on the top right to list the available fields for display. Tick a box to add a column or clear it to remove a column. Alternatively, click Select all or Deselect all to display or remove all columns.
- Drag a column to another location.
- Resize a column by positioning the cursor on its border and dragging it to the desired width.
The settings are stored as a web cookie on your computer. They are retained as long as the cookie is not deleted.