Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

proxy log name resolution

jonathanfalconi
Explorer
‎07-23-2012 11:31 PM

In the context of proxy logs - could Splunk (via APIs or what not) enable the resolution of IP addresses to the logged in username for a particular log from a proxy?

Tags (1)
0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎07-24-2012 08:58 AM

Assuming the information is actually available, sure. But you need to drop a little more detail on us. The assumption would have to be that there is something that can tie the IP address in the proxy server logs to a logged-in user at the machine that is assigned the IP in the proxy logs themselves.

The clearest solution is to have the proxy require authentication. If you can't do that, then you need to be able to know who is logged into a given machine at a given time. With a multi-user system, like a Windows Terminal Server or any Unix machine this is far more difficult.

I think you need to figure out what data you have available to you before you can begin to try to piece together a solution.

Reply

MarioM
Motivator
‎07-24-2012 08:50 AM

what kind of IP? Public?internal? internal from dhcp?
Here an example of dns lookup dns lookup external script

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering. Because we’ve ...

How to Send Splunk Observability Alerts to Webex teams in Minutes

As a Developer Evangelist at Splunk, my team and I are constantly tinkering with technology to explore its ...

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...
Top