[phpLogCon] IP's in log files

Rainer Gerhards rgerhards at hq.adiscon.com
Fri Jun 6 09:23:13 CEST 2008


I think it would be a good addition to phpLogCon to be able to resolve
IP addresses in log files to DNS names. As of now, we can already
identify/guess what an IP address is. We currently use that to generate
a link to the knowledge base which then has additional information.

However, I think the probably most useful information (and useful even
within private address space) is the name that has been assigned to this

So I propose we add the optional (!) capability to resolve IP addresses.
I suggest we add them, in curly braces, to after the IP address. The
knowledge base link should still exists, as it provides valuable
additional information.

This may look like this here:{system.example.net}

Note that a log may already contain something like this:[server.example.com]

Where the machine identifies itself. I suggest we make it configurable
if the phpLogCon-resolved name will be added in such cases. I see value
in it, because the phpLogCon-resolved name is consistent. I would, for
example, expect things like this:{system.example.net}[server.example.com]

I would appreciate if we could add this functionality relatively soon,
at least if there is no objection.


More information about the phpLogCon mailing list