CharlieEriksen
commented
8 years ago +1, I think this would be great.
Open LikeARock47 opened 8 years ago
CharlieEriksen
commented
8 years ago +1, I think this would be great.
drewmmiranda
commented
7 years ago +1 as well.
It would be awesome to have DNS lookip on IIS logs where we have a field like "HTTPclientIp":"10.0.0.1"
joschi
commented
7 years ago It's most likely that this will be implemented in the message pipeline processors, see Graylog2/graylog-plugin-pipeline-processor#27
xames81
commented
2 years ago Where are the source field? i think i don't have it, any results over another filed different thank source?
Would it be possible to make this plugin configurable to look at a field in the message other than source? Assuming "dns_resolver_run_before_extractors=false" is set, the extractors would run first and create many other fields in the messages. It would be great to be able to configure this plugin to look at one or more fields created by the extractors, which contain IP addresses, and do an RDNS on those. This plugin could then be used to do RDNS on IPs in firewall log messages, rather than just on the IP of the device sending the message to Graylog. I unfortunately cannot contribute to this as I don't have much in the way of Java skills, but it would be really cool if it could be done.