DNS Lookup - Extract source and destination ip within syslog message and do reverse dns lookup

[GoogleCodeExporter]

I would like to reverse lookup source and destination ip's within firewall 
syslog and rewrite the syslog message, before it is indexed.

I know this will have a huge impact on performance, but i need the function 
anyway :-)

This feature will make syslog entries more valid when searching for activities 
made by mobile user (WiFi, remote access) that constantly change ip address. 

Exsample on how i would like the have the syslog message changed.

Syslog message before:

Teardown UDP connection 22782816 for Outside:8.8.4.4/53 to 
Inside:10.0.128.50/51410(XXXX\USERXXX) duration 0:00:00 bytes 110

Syslog message after:

Teardown UDP connection 22782816 for Outside:8.8.4.4/53 
{google-public-dns-b.google.com} to Inside:10.0.128.50/51410 
{fileserver.yourdomain.local}(XXXX\USERXXX) duration 0:00:00 bytes 110

Original issue reported on code.google.com by jacobrav...@gmail.com on 4 Mar 2013 at 10:52

[GoogleCodeExporter]

Sorry, wrong "Type". This is not a defect

Original comment by jacobrav...@gmail.com on 4 Mar 2013 at 10:53

[GoogleCodeExporter]

I think this can be done with the new PostProcessor plugin system.  A new 
plugin needs to be created which takes the batch file (the last minute's logs), 
and runs them through DNS lookups.  This would work well since it would be 
offline, and would not cause the system to drop logs due to things like DNS 
timeouts, etc.  It would also make efficient use of caching.  However, this 
would require a new log class to be created which has the DNS names.

I can do this, but I will have to put this as lower priority right now since I 
have bugs to fix first.

Original comment by mchol...@gmail.com on 4 Mar 2013 at 2:20

• Added labels: Priority-Low, Type-Enhancement
• Removed labels: Priority-Medium, Type-Defect

[GoogleCodeExporter]

Any chance you can look at this soon?

Original comment by jacobrav...@gmail.com on 12 Aug 2014 at 8:32