Question about logreport (resolving hostnames)
Joost van Baal
joostvb at logreport.org
Wed Oct 20 12:53:19 CEST 2004
Hoi Jeffeny,
On Sun, Oct 17, 2004 at 06:51:42PM +0200, Jeffeny Hoogervorst wrote:
>
> Is it possible (or idea) for LogReport to resolving hostnames or list
> country codes
> in LogReport's report?
Yes, but you'd need to do some Lire Perl hacking first.
> For example in section:
>
> "Volume per sending IP, per destination port, blocked TCP
> Packets, Top 10 IPs, Top 10 ports"
I've made a start with this, in march 2004. In the
development at logreport.org list archives is a little bit of discussion
about this. In the 2004-03-30 19:29 entry in the Lire ChangeLog it's
mentioned too. In the Lire BUGS file you can find "- wishlist:
implement a mechanism to translate IP address to FQDN."
In Lire::Firewall, there is a firewall_resolve() subroutine. In
Lire::Utils, there is host_by_addr(). These functions are not yet
fully integrated in the Lire framework. What still needs to be done
is described by Francis in
Date: Thu, 25 Mar 2004 11:56:05 -0500
From: "Francis J. Lacoste"
Subject: Re: how to hack DNS name lookups in iptables and firewall DLF
conversion? (was: Re: adding resolved hostnames to ...)
Cc: LogReport Development List
Message-id: <1080233764.9699.23.camel at Arendt.Contre.COM>
archived at http://logreport.org/contact/lists/development/msg00918.php
.
Anybody with some Perl clue could do this hacking.
> It is very handy if you handle security issues
Yes.
> because
> you could see in what county a specific IP adres is located.
No, you cannot. mdcc.cx is not located on the Christmas Islands.
Groeten,
Joost
--
. . http://logreport.com/
| '.| /^LogReport$/
| Lire http://logreport.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.logreport.org/pipermail/questions/attachments/20041020/2f553ef7/attachment.bin
More information about the Questions
mailing list