Hi there,
My logs are coming in this format and I need to pickup the value associated with/or after "Destination DNS Hostname". Can someone please shed some light and help me on this?
Thanks and Regards,
Blason R
11:00:45 prevent 10.10.3.1 >lo session_id:{0x5c47eb62,0x38,0x10310ac,0xc0000001};Suppressed logs:40;sent_bytes:0;received_bytes:0;severity:4;log_id:2;src:192.168.100.199;dst:10.10.3.44;proto:t cp;Protection name:Andromeda.TC.co;description:Connection to DNS trap bogus IP. See sk74060 for more information.;Source OS:Windows;Confidence Level:3;malware_action:Communication with C&C site;Protection Type
NS Trap;malware_rule_id:{00000092-002C-0048-8719-E4CB04A2BCA8};
Destination DNS Hostname:amnsreiuojy.ru;protection_id:00466580E;scope:192.168.100.199;product:Anti Malware;service:80;s_port:52478