Graylog DNS Plugin

shenke · August 7, 2018, 7:49am

Hi all,

maybe I miss something, but I don’t know how to get the DNS resolver plugin working.
Got it from here: GitHub - graylog-labs/graylog-plugin-dnsresolver: Message filter plugin to reverse lookup the source field

The plugin file is placed in the right folder, the server is restarted. I can see it in the log file as loaded:

2018-08-07T09:30:01.503+02:00 INFO  [CmdLineTool] Loaded plugin: DnsResolverFilter 1.2.0 [org.graylog.plugin.filter.dns.DnsResolverFilterPlugin]

What should I do next to see results?
Is it something with the format of the message? I had a look in the source files but wasn’t sure, what’s wrong.

jan · August 7, 2018, 1:49pm

The readme reveals:

This message filter plugin can be used to do DNS lookups for the source field in Graylog messages.

It will just try the above - if possible. No configuration needed/possible.

shenke · August 8, 2018, 12:32pm

Hmkay.
Since the term “source” is used in different ways throughout the docs I found, I thought, I could use this plugin for reverse lookup of the src_ip and dst_ip.

jan · August 8, 2018, 2:28pm

you would need to use a lookup table for that - but the current release does not include the dns resolver. You would need to write your own lookup adapter.

system · August 22, 2018, 2:28pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Resolve IP - DNS resolver Graylog Central (peer support)	4	2517	October 6, 2017
Graylog IP to domain pipeline Graylog Central (peer support)	3	1240	March 8, 2018
Unable to Show Fully Qualified Domain Name Graylog Central (peer support)	7	3864	August 4, 2018
DNS Name in Quick Values Graylog Central (peer support)	2	1433	September 28, 2017
Is there a RBL-like input plugin? Development	1	808	July 27, 2017

Graylog DNS Plugin

Related topics