We’re trying to use the DNS Resolution feature in Kiwi Syslog Server, to automatically resolve the IP addresses in the messages that are received.
Previously we were using m0n0wall and this feature worked correctly:
M0n0wall example:
Original message: 2013-03-12 13:44:05 Local0.Notice 192.168.32.100 Mar 12 13:43:59 ipmon[121]: 13:43:59.253452 fxp0 @100:45 p 192.168.32.29,54621 -> 192.168.10.181,1521 PR tcp len 20 52 -S K-S IN
Kiwi with DNS Resolution Message: 2013-03-12 13:44:05 Local0.Notice 192.168.32.100 Mar 12 13:43:59 ipmon[121]: 13:43:59.253452 fxp0 @100:45 p 192.168.32.29 (computer_name) ,54621 -> 192.168.10.180 (server_name) ,1521 PR tcp len 20 52 -S K-S IN
pfSense example:
Original message: 2013-04-01 10:32:08 Local0.Info pfsense.arrabidainformatica.pt pf: 00:00:00.533917 rule 59/0(match): pass in on bge0: (tos 0x0, ttl 127, id 9340, offset 0, flags [none], proto TCP (6), length 48) 192.168.32.22.3371 > 10.71.12.3.20007: Flags [S], cksum 0x0767 (correct), seq 1607911815, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Kiwi with DNS Resolution Message: 2013-04-01 10:32:08 Local0.Info pfsense.arrabidainformatica.pt pf: 00:00:00.533917 rule 59/0(match): pass in on bge0: (tos 0x0, ttl 127, id 9340, offset 0, flags [none], proto TCP (6), length 48) 192.168.32.22.3371 > 10.71.12.3.20007: Flags [S], cksum 0x0767 (correct), seq 1607911815, win 65535, options [mss 1460,nop,nop,sackOK], length 0
pfSense uses a ‘.’ To separate the ip address from the port number, and m0n0wall uses ‘,’.
The request is to allow the ip address and port separator to be configurable in the DNS resolution within the message text.
Case #457136 - "IP Port Separator"
