https://community.checkpoint.com/t5/General-Topics/Search-Logs-using-Domain-Name-in-Src/m-p/200411#M33450 <P>Hi mates,</P><P>&nbsp;</P><P>I was wondering if there is any way or workaround to do a search in logs (gathering all my logs on SMS)</P><P>using an *.domain_name*&nbsp; as source.</P><P>I ve seen another thread with similar question and answer is : "i cant "&nbsp;</P><P>But since this was a 2020 topic and we are now almost 4 years after , I was wondering if anything changed.</P><P>&nbsp;</P><P>A guess would be that Source in logs is stored with IP only and on SmartConsole when I query them there is a live reverse lookup happening, and that's why i see the names listed in Source, but this information is&nbsp; not stored so i cant use this parameter to search???</P><P>Or maybe not...&nbsp; <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>Anyone can help me or take me out of my miserly confirming that there is nothing i can do?</P><P>&nbsp;</P><P>Regards,</P><P>Aris</P> Wed, 13 Dec 2023 09:51:24 GMT zaoar 2023-12-13T09:51:24Z https://community.checkpoint.com/t5/General-Topics/Search-Logs-using-Domain-Name-in-Src/m-p/200411#M33450 <P>Hi mates,</P><P>&nbsp;</P><P>I was wondering if there is any way or workaround to do a search in logs (gathering all my logs on SMS)</P><P>using an *.domain_name*&nbsp; as source.</P><P>I ve seen another thread with similar question and answer is : "i cant "&nbsp;</P><P>But since this was a 2020 topic and we are now almost 4 years after , I was wondering if anything changed.</P><P>&nbsp;</P><P>A guess would be that Source in logs is stored with IP only and on SmartConsole when I query them there is a live reverse lookup happening, and that's why i see the names listed in Source, but this information is&nbsp; not stored so i cant use this parameter to search???</P><P>Or maybe not...&nbsp; <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>Anyone can help me or take me out of my miserly confirming that there is nothing i can do?</P><P>&nbsp;</P><P>Regards,</P><P>Aris</P> Wed, 13 Dec 2023 09:51:24 GMT https://community.checkpoint.com/t5/General-Topics/Search-Logs-using-Domain-Name-in-Src/m-p/200411#M33450 zaoar 2023-12-13T09:51:24Z https://community.checkpoint.com/t5/General-Topics/Search-Logs-using-Domain-Name-in-Src/m-p/200485#M33453 <P>You can only search for src: if the search term resolves to an IP.</P> <P>&nbsp;</P> Wed, 13 Dec 2023 13:37:40 GMT https://community.checkpoint.com/t5/General-Topics/Search-Logs-using-Domain-Name-in-Src/m-p/200485#M33453 G_W_Albrecht 2023-12-13T13:37:40Z https://community.checkpoint.com/t5/General-Topics/Search-Logs-using-Domain-Name-in-Src/m-p/200496#M33454 <P>i,</P><P>&nbsp;</P><P>thanks for reply.</P><P>Ok this makes sense&nbsp;</P><P>Although a SmartConsole feature to be able to filter src: *domainname* on a list of logs that has been already resolved would be great.</P><P>I mean, fore example,&nbsp;</P><P>I've filtered my logs for a specific timeframe and dst machine in my DMZ network and I am able to see a list of logs with Sources IPs and resolved names. Which is great. All I need now is to filter on top of this result using part of domain name as source.</P><P>&nbsp;</P><P>I mean i realized and tested and works, that if i export the search result to a csv, the domain names are also exported. So I can then do what i need from Excell and find for example if any source *domainname* accessed my DST server.</P><P>Regards,</P><P>Aris</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 13 Dec 2023 14:32:45 GMT https://community.checkpoint.com/t5/General-Topics/Search-Logs-using-Domain-Name-in-Src/m-p/200496#M33454 zaoar 2023-12-13T14:32:45Z