Hello, I've been reading alot of posts here but I seem to be missing something because I'm not understanding.
Search Rule
ACCEPT | lookup dnslookup clientip AS src_ip OUTPUT clienthost as Hostname
Output
5/13/16
2:37:03.000 PM
2 698177307011 eni-8eceafeb 54.187.193.193 172.31.8.32 443 50656 6 8 3684 1463114223 1463114226 ACCEPT OK
dest_ip = 172.31.8.32 host = ip-10-20-6-215 src_ip = 54.187.193.193
5/13/16
I'm not getting and new field called "hostname" and it certainly isn't populating with a resolved DNS.
What am I missing? I want to see all the resolved IP's hostnames in a field populated.
Any assistance appreciated.
↧