You can configure BloxOne Threat Defense to display or export DNS Forwarding Proxy (DFP) logs from your hosts. For BloxOne Threat Defense to properly pull the log data, you must have hosts set up and configured to run DFP service. Otherwise, no data can be generated. Depending on your service log configuration, you can view the logs in a separate browser window or download the log files (in .log format) for future reference.
When you select to view the service logs, BloxOne Threat Defense displays the logs in a separate browser window for the host you have selected. You can select only one host at a time, and you can set the time frame for the logs from five minutes to six hours, depending on your requirements. If you want to make the logs more readable, you can install supported plug-ins based on the browser you are using.
When you choose to download the service logs, the downloaded file is saved in this file name format: <on-prem host ID>-yyyy-mm-dd.log. You can select up to five hosts from which you want to pull log data, and you can retrieve the data only for a specific date. Also, you can download DFP logs separately, but only one service type at a time. When you select multiple hosts, BloxOne Threat Defense generates one .log file for each host, and the files you download include the host ID and the selected service in the file name. If desired, you can install a plug-in that allows you to open the logs in a more readable format.
For additional information on DNS forwarding proxy service level logs, see the following: