Using syslog output from Netfilter/Iptables.
Reading it into Splunk, but cant get IP resolved to DNS.
Tried several links available.
Also tried Iptable and Lookup plugins
No luck: whats next ?
Would appreciate a fine Firewall dashboard, maybe there is a better solution around ?
Should not be complicated:
I get a list of IPnrs form the remote syslog, fine, but whatever I try, nameresolution fails.
It remains a list of IPnumber, I like to see names.
Ihe links I mentioned deal with this issue, but no go here.
What else to try ?
(Even beter: a dashboard for Netfilter/IpTables, with graphs and all, but the ones available dont work properly. Ill get to that later.)
Just post an EXAMPLE of what doesn't work. Stop keep describing it and SHOW us. And post it in your question, not as an answer, which it is not.
There, I fixed it. Case of RTFM, and proper field names. Also sorted the columns. Nice.
host="192.168.x.x" | lookup dnslookup clientip as DST OUTPUT clienthost as DSTRESOLVED | lookup dnslookup clientip as SRC OUTPUT clienthost as SRCRESOLVED | Table time SRC SRCRESOLVED DST DST_RESOLVED PROTO DPT
Digging in Netfilter-Iptables after this.