Question about logreport (resolving hostnames)

Joost van Baal joostvb at logreport.org
Wed Oct 20 17:37:03 CEST 2004 

On Wed, Oct 20, 2004 at 12:53:19PM +0200, Joost van Baal wrote:
> On Sun, Oct 17, 2004 at 06:51:42PM +0200, Jeffeny Hoogervorst wrote:
> > 
> > Is it possible (or idea) for LogReport to resolving hostnames or list 
> > country codes
> > in LogReport's report?
> 
> Yes, but you'd need to do some Lire Perl hacking first.
> 
> > For example in section:
> > 
> > "Volume per sending IP, per destination port, blocked TCP
> > Packets, Top 10 IPs, Top 10 ports"
> 
> I've made a start with this, in march 2004.  In the
> development at logreport.org list archives is a little bit of discussion
> about this.  In the 2004-03-30 19:29 entry in the Lire ChangeLog it's
> mentioned too.  In the Lire BUGS file you can find "- wishlist:
> implement a mechanism to translate IP address to FQDN."
> 
> In Lire::Firewall, there is a firewall_resolve() subroutine.  In
> Lire::Utils, there is host_by_addr().  These functions are not yet
> fully integrated in the Lire framework.  What still needs to be done
> is described by Francis in
> 
>  Date: Thu, 25 Mar 2004 11:56:05 -0500
>  From: "Francis J. Lacoste"
>  Subject: Re: how to hack DNS name lookups in iptables and firewall DLF
>         conversion?  (was: Re: adding resolved hostnames to ...)
>  Cc: LogReport Development List
>  Message-id: <1080233764.9699.23.camel at Arendt.Contre.COM>
> 
> archived at http://logreport.org/contact/lists/development/msg00918.php
> .
> 
> Anybody with some Perl clue could do this hacking.

Perhaps one should do the resolving after an xml report is generated.
Guess that's a nice balance between "quick hack" and "generic solution".

An lr_xmlresolve script which substitutes all ipadress xml thingies in a
Lire report into <blah>foo.example.com [10.1.2.3]</blah> would be nice
(and not too difficult to make).  Of course, Lire::Utils::host_by_addr()
could be used for this.

If you have more time left: deal with IPv6 addresses.  Deal with making
the script idempotent.

Patches are welcome and will be integrated in a Lire release if the
license permits ( see http://logreport.org/dev/guidelines.php ).

Bye,

Joost

-- 
.    .                                        http://logreport.com/
| '.|                        /^LogReport$/
| Lire                                        http://logreport.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.logreport.org/pipermail/questions/attachments/20041020/b3d7ff9f/attachment.bin

More information about the Questions mailing list