All Apps and Add-ons

Destination/Server IP in a log

New Member

Would it be possible to have a destination / server IP field in a log?
How it's could be configured?

0 Karma

Motivator

Hello Jurij,
add to the log dest_ip=IP.toString(URL.dstIP)

Beware that this property triggers a DNS lookup.

Best regards
Pavel

0 Karma

Contributor

Thank you. We'll try that

0 Karma

Motivator

Hi

You need to enable dest ip rule in the mwgaccess3.log configuration. The rule is already there, just enable it.
Go policy > log handler > mwgaccess3.log

0 Karma

Contributor

there is a field called "dest_ip", but it does not bring back those values:

value count %
1 116 16.089%
1132 4 0.555%
1125 3 0.416%
1188 3 0.416%
1438 3 0.416%
517 3 0.416%
6647 3 0.416%
6653 3 0.416%
1008 2 0.277%
1042 2 0.277%

0 Karma

Contributor

the props.conf has this:
FIELDALIAS-destip = dst AS destip
REPORT-dst = mwg_dst

Does the Destination IP even come over from McAfee Web Gateway?

the src_ip field works fine.

When you say add to the log, I need to ask the McAfee admins to add this?

0 Karma