We need to add users to our (unauthenticated) internal proxy logs. Currently the proxy logs only identity the initiator by IP address.
We have DHCP and/or windows desktop logs to link the IP to a hostname. We have windows logon events which contain the hostname and user fields. Multiple users are able to log onto certain hosts and indeed might be logged on at the same time (using fast user switching).
Has anyone any advice on how to solve this problem at scale (30 million events/hour)