I am trying to display the fqdn instead of the IP address for the internal host in a syslog message. In the example below, I would like to resolve the 10.10.10.100 address to FQDN and display that in Splunk, instead of the IP address.
Any assistance would be greatly appreciated.
Jul 31 01:46:08 [10.10.10.1] Jul 31 2012 01:46:08 EXT-FW : %ASA-4-338008: Dynamic Filter dropped blacklisted TCP traffic from inside:10.10.10.100/54749 (100.100.100.100/57315) to outside:126.96.36.199/80 (188.8.131.52/80), destination 184.108.40.206 resolved from dynamic list: 220.127.116.11/255.255.255.255, threat-level: very-high, category: Malware
... View more