Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > syslog resolve dns instead of IP?

Reply
Thread Tools

syslog resolve dns instead of IP?

 
 
Michael Letchworth
Guest
Posts: n/a
 
      12-26-2004
Can I have the PIX or is their a program that translated the IP address to
the HOST name? Also, any suggestion on programs that can generate good
reports on usage (employees working or going to eBay).


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      12-26-2004
In article <Vaszd.3350$2_4.715@okepread06>,
Michael Letchworth <(E-Mail Removed)> wrote:
:Can I have the PIX or is their a program that translated the IP address to
:the HOST name?

The pix certainly won't do it.

The hardest part about writing your own program to do it is in
doing the caching for efficiency.


:Also, any suggestion on programs that can generate good
:reports on usage (employees working or going to eBay).

That turns out to be a lot more difficult to do efficiently.

Doing the DNS lookup can be as simple as pattern patching on dotted
quads, looking up the quads and doing replacements in the output.

Producing a report, though, requires that the program be able to
understand about connection builds, teardowns, what the various kinds
of denials mean, what order the parameters are in for each message
type, and so on. And producing a report on potential abuse
requires some evaluation of whether a site is a "good site"
or a "bad site".

I do not know of any publically available freeware or commercial
program that is able to perform the tasks you seek.
Network Intelligence's Private I programs are the closest I know of.
Their software has a nontrivial cost, but you can use their time-
limited demo to decide whether it has the functions you want.



I wrote my own programs, one a report generator that doesn't try to
evaluate sites [that one cannot handle PIX 6.2 or 6.3], and the other
one that knows how to evaluate sites but not how to produce nice usage
reports [that one is good to at least PIX 6.3(1)]. It took me a number
of months of efforts to write the programs and make them reasonably
efficient. Both of them would need some polishing for public release. I
am, though, ah "advised", that there are other programs of higher
priority, so I do not anticipate a release in the near future.
--
"Mathematics? I speak it like a native." -- Spike Milligan
 
Reply With Quote
 
 
 
 
Cletus Van Damme
Guest
Posts: n/a
 
      12-26-2004
Kiwi Syslog Daemon (http://www.kiwisyslog.com) will resolve IP to host name
when logging. There's a freeware and commercial version with the free
version being limited in features.

Cletus

"Michael Letchworth" <(E-Mail Removed)> wrote in message
news:Vaszd.3350$2_4.715@okepread06...
> Can I have the PIX or is their a program that translated the IP address to
> the HOST name? Also, any suggestion on programs that can generate good
> reports on usage (employees working or going to eBay).
>



 
Reply With Quote
 
Brant I. Stevens
Guest
Posts: n/a
 
      12-27-2004
I was under the impression that a plain-ol' vanilla syslogd that ships with
*nix will do the reverse resolution provided you use the proper command-line
options.



On 12/26/2004 08:43 AM, in article 41cec013$0$12716$(E-Mail Removed),
"Cletus Van Damme" <(E-Mail Removed)> wrote:

> Kiwi Syslog Daemon (http://www.kiwisyslog.com) will resolve IP to host name
> when logging. There's a freeware and commercial version with the free
> version being limited in features.
>
> Cletus
>
> "Michael Letchworth" <(E-Mail Removed)> wrote in message
> news:Vaszd.3350$2_4.715@okepread06...
>> Can I have the PIX or is their a program that translated the IP address to
>> the HOST name? Also, any suggestion on programs that can generate good
>> reports on usage (employees working or going to eBay).
>>

>
>


 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      12-27-2004
In article <BDF5D66A.396CE%(E-Mail Removed)>,
Brant I. Stevens <(E-Mail Removed)> wrote:
:I was under the impression that a plain-ol' vanilla syslogd that ships with
:*nix will do the reverse resolution provided you use the proper command-line
ptions.

Not on any version I am familiar with.

Remember that the PIX embeds IP addresses within the logged
messages, and it is those embedded IPs that the OP wants translated.
syslogd does not know anything about the content of what it is logging,
so it wouldn't be a good idea for syslogd to blindly do lookups
on everything it logged that looked like an IP address.
--
"There are three kinds of lies: lies, damn lies, and statistics."
-- not Twain, perhaps Disraeli, first quoted by Leonard Courtney
 
Reply With Quote
 
Tom
Guest
Posts: n/a
 
      12-28-2004

"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:cqptve$do2$(E-Mail Removed)...
> In article <BDF5D66A.396CE%(E-Mail Removed)>,
> Brant I. Stevens <(E-Mail Removed)> wrote:
> :I was under the impression that a plain-ol' vanilla syslogd that ships

with
> :*nix will do the reverse resolution provided you use the proper

command-line
> ptions.
>
> Not on any version I am familiar with.
>
> Remember that the PIX embeds IP addresses within the logged
> messages, and it is those embedded IPs that the OP wants translated.
> syslogd does not know anything about the content of what it is logging,
> so it wouldn't be a good idea for syslogd to blindly do lookups
> on everything it logged that looked like an IP address.
> --
> "There are three kinds of lies: lies, damn lies, and statistics."
> -- not Twain, perhaps Disraeli, first quoted by Leonard Courtney



I simply put an entry in /etc/hosts for any device that I log to my syslog
server to that they are easily identified in the logs.


 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      12-28-2004
In article <(E-Mail Removed)>, Tom <chris@nospam> wrote:
:I simply put an entry in /etc/hosts for any device that I log to my syslog
:server to that they are easily identified in the logs.

You are referring to something completely different than what the OP
was looking for. You are referring to name resolution of the
device that sent the log message; the OP needs name resolution of
the content logged.

For example,

Dec 28 12:52:01 6V:npix Dec 28 2004 12:58:23: %PIX-6-302014: Teardown TCP connection 97294 for outside:XX.YYY.ZZZ.WW/1795 to inside:172.17.51.13/3114 duration 32:05:13 bytes 23251 Conn-timeout

'npix' is the resolved name of the device that sent the message
(172.17.51.1), but the OP would want the XX.YYY.ZZZ.WW and 172.17.51.13
resolved, and may also wish to see the port numbers named as well.
--
Suppose there was a test you could take that would report whether
you had Free Will or were Pre-Destined. Would you take the test?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
perl 5.8.8 make test hangs on ext/Sys/Syslog/t/syslog................... indefinitely Bad Dog Perl Misc 0 08-09-2007 04:47 PM
src-resolve: Cannot resolve the name ... ivanet@gmail.com XML 1 03-23-2007 12:10 PM
is there any API available to implement Syslog server using Java (to capture all syslog messages - UDP protocol, port 514)? santa19992000@yahoo.com Java 2 06-20-2006 12:54 PM
Xtra DNS continuing to resolve names after DNS moved away Richard NZ Computing 4 08-09-2005 05:27 AM
Syslog replay script for centralized syslog host leroy isaac Perl Misc 1 10-29-2004 04:23 AM



Advertisments