syslog resolve dns instead of IP?

Discussion in 'Cisco' started by Michael Letchworth, Dec 26, 2004.

  1. Can I have the PIX or is their a program that translated the IP address to
    the HOST name? Also, any suggestion on programs that can generate good
    reports on usage (employees working or going to eBay).
     
    Michael Letchworth, Dec 26, 2004
    #1
    1. Advertising

  2. In article <Vaszd.3350$2_4.715@okepread06>,
    Michael Letchworth <> wrote:
    :Can I have the PIX or is their a program that translated the IP address to
    :the HOST name?

    The pix certainly won't do it.

    The hardest part about writing your own program to do it is in
    doing the caching for efficiency.


    :Also, any suggestion on programs that can generate good
    :reports on usage (employees working or going to eBay).

    That turns out to be a lot more difficult to do efficiently.

    Doing the DNS lookup can be as simple as pattern patching on dotted
    quads, looking up the quads and doing replacements in the output.

    Producing a report, though, requires that the program be able to
    understand about connection builds, teardowns, what the various kinds
    of denials mean, what order the parameters are in for each message
    type, and so on. And producing a report on potential abuse
    requires some evaluation of whether a site is a "good site"
    or a "bad site".

    I do not know of any publically available freeware or commercial
    program that is able to perform the tasks you seek.
    Network Intelligence's Private I programs are the closest I know of.
    Their software has a nontrivial cost, but you can use their time-
    limited demo to decide whether it has the functions you want.



    I wrote my own programs, one a report generator that doesn't try to
    evaluate sites [that one cannot handle PIX 6.2 or 6.3], and the other
    one that knows how to evaluate sites but not how to produce nice usage
    reports [that one is good to at least PIX 6.3(1)]. It took me a number
    of months of efforts to write the programs and make them reasonably
    efficient. Both of them would need some polishing for public release. I
    am, though, ah "advised", that there are other programs of higher
    priority, so I do not anticipate a release in the near future.
    --
    "Mathematics? I speak it like a native." -- Spike Milligan
     
    Walter Roberson, Dec 26, 2004
    #2
    1. Advertising

  3. Kiwi Syslog Daemon (http://www.kiwisyslog.com) will resolve IP to host name
    when logging. There's a freeware and commercial version with the free
    version being limited in features.

    Cletus

    "Michael Letchworth" <> wrote in message
    news:Vaszd.3350$2_4.715@okepread06...
    > Can I have the PIX or is their a program that translated the IP address to
    > the HOST name? Also, any suggestion on programs that can generate good
    > reports on usage (employees working or going to eBay).
    >
     
    Cletus Van Damme, Dec 26, 2004
    #3
  4. I was under the impression that a plain-ol' vanilla syslogd that ships with
    *nix will do the reverse resolution provided you use the proper command-line
    options.



    On 12/26/2004 08:43 AM, in article 41cec013$0$12716$,
    "Cletus Van Damme" <> wrote:

    > Kiwi Syslog Daemon (http://www.kiwisyslog.com) will resolve IP to host name
    > when logging. There's a freeware and commercial version with the free
    > version being limited in features.
    >
    > Cletus
    >
    > "Michael Letchworth" <> wrote in message
    > news:Vaszd.3350$2_4.715@okepread06...
    >> Can I have the PIX or is their a program that translated the IP address to
    >> the HOST name? Also, any suggestion on programs that can generate good
    >> reports on usage (employees working or going to eBay).
    >>

    >
    >
     
    Brant I. Stevens, Dec 27, 2004
    #4
  5. In article <BDF5D66A.396CE%>,
    Brant I. Stevens <> wrote:
    :I was under the impression that a plain-ol' vanilla syslogd that ships with
    :*nix will do the reverse resolution provided you use the proper command-line
    :eek:ptions.

    Not on any version I am familiar with.

    Remember that the PIX embeds IP addresses within the logged
    messages, and it is those embedded IPs that the OP wants translated.
    syslogd does not know anything about the content of what it is logging,
    so it wouldn't be a good idea for syslogd to blindly do lookups
    on everything it logged that looked like an IP address.
    --
    "There are three kinds of lies: lies, damn lies, and statistics."
    -- not Twain, perhaps Disraeli, first quoted by Leonard Courtney
     
    Walter Roberson, Dec 27, 2004
    #5
  6. Michael Letchworth

    Tom Guest

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:cqptve$do2$...
    > In article <BDF5D66A.396CE%>,
    > Brant I. Stevens <> wrote:
    > :I was under the impression that a plain-ol' vanilla syslogd that ships

    with
    > :*nix will do the reverse resolution provided you use the proper

    command-line
    > :eek:ptions.
    >
    > Not on any version I am familiar with.
    >
    > Remember that the PIX embeds IP addresses within the logged
    > messages, and it is those embedded IPs that the OP wants translated.
    > syslogd does not know anything about the content of what it is logging,
    > so it wouldn't be a good idea for syslogd to blindly do lookups
    > on everything it logged that looked like an IP address.
    > --
    > "There are three kinds of lies: lies, damn lies, and statistics."
    > -- not Twain, perhaps Disraeli, first quoted by Leonard Courtney



    I simply put an entry in /etc/hosts for any device that I log to my syslog
    server to that they are easily identified in the logs.
     
    Tom, Dec 28, 2004
    #6
  7. In article <>, Tom <chris@nospam> wrote:
    :I simply put an entry in /etc/hosts for any device that I log to my syslog
    :server to that they are easily identified in the logs.

    You are referring to something completely different than what the OP
    was looking for. You are referring to name resolution of the
    device that sent the log message; the OP needs name resolution of
    the content logged.

    For example,

    Dec 28 12:52:01 6V:npix Dec 28 2004 12:58:23: %PIX-6-302014: Teardown TCP connection 97294 for outside:XX.YYY.ZZZ.WW/1795 to inside:172.17.51.13/3114 duration 32:05:13 bytes 23251 Conn-timeout

    'npix' is the resolved name of the device that sent the message
    (172.17.51.1), but the OP would want the XX.YYY.ZZZ.WW and 172.17.51.13
    resolved, and may also wish to see the port numbers named as well.
    --
    Suppose there was a test you could take that would report whether
    you had Free Will or were Pre-Destined. Would you take the test?
     
    Walter Roberson, Dec 28, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RGVyZWtQ?=

    Resolve DNS

    =?Utf-8?B?RGVyZWtQ?=, Apr 11, 2006, in forum: Wireless Networking
    Replies:
    0
    Views:
    529
    =?Utf-8?B?RGVyZWtQ?=
    Apr 11, 2006
  2. bPstyles

    Mysteriously Unable to Resolve Web Pages (DNS)

    bPstyles, Feb 27, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    3,934
    Jim Berwick
    Feb 28, 2005
  3. Bart Fisher

    1841 & DNS Resolve Problems

    Bart Fisher, Feb 5, 2007, in forum: Cisco
    Replies:
    3
    Views:
    517
    Doug McIntyre
    Feb 6, 2007
  4. Richard
    Replies:
    4
    Views:
    425
    Chris Hope
    Aug 9, 2005
  5. Sabrtooth

    506e wont resolve DNS names

    Sabrtooth, Mar 23, 2008, in forum: Cisco
    Replies:
    0
    Views:
    563
    Sabrtooth
    Mar 23, 2008
Loading...

Share This Page