IPTables logging with domain resolution?
Is there a way to make IPTables resolve the domain name of the destination so that it shows in the logs?
|
you really wouldn't want something so critical as iptables doing this, but it'd be easy enough to write a simple script to do a reverse lookup offline as it were.
|
Ok, I actually knew that ... ;)
How would I go about scripting it? The fundamentals I know I'll have to get are: - Parse the log file, grabbing the destination IP from each line (DST=xxx.xxx.xxx.xxx), which happens to be the 9th space-separated field. - Remove the 'DST=' part from the parsed field. - dig the IP for it's hostname - Reinsert the hostname into the log. What utilities should I concentrate on to make this happen? |
All times are GMT -5. The time now is 05:18 AM. |