Hello,
I want ask how to show Hostnames on Graylog instead of IP addresses , I’m using the latest version of Graylog on ubuntu 22.04
Best Regards,
Hello,
where do you want to see hostnames instead of IP addresses? In your query? In your alert notification?
Which field are you using? Like source in your search query.
Which logging format is being used (e.g. syslog / winlogbeat)?
Hello,
I want to see it in dashboard/sources
I want to see it from Cisco devices which I have including some Linux machines ?
Is it possible as well to see in alerts ?
Best Regards
You can use Graylog’s DNS Lookup Adapter via a Pipeline rule to perform a reverse dns lookup and add the hostname.
Here is a sample pipleline rule. You will need to customize the ip field and the lookup table name to suit your needs.
rule "PARSE IP to DNS"
when
has_field("source_ip")
&& regex(
pattern: "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
value: to_string($message.source_ip)
).matches == true
then
let rs = lookup_value("dns_lookups", to_string($message.source_ip));
set_field("source_ip_dns", to_string(rs));
end
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.