Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
zaoar
Participant

Search Logs using Domain Name in Src

Hi mates,

 

I was wondering if there is any way or workaround to do a search in logs (gathering all my logs on SMS)

using an *.domain_name*  as source.

I ve seen another thread with similar question and answer is : "i cant " 

But since this was a 2020 topic and we are now almost 4 years after , I was wondering if anything changed.

 

A guess would be that Source in logs is stored with IP only and on SmartConsole when I query them there is a live reverse lookup happening, and that's why i see the names listed in Source, but this information is  not stored so i cant use this parameter to search???

Or maybe not...  🙂

 

Anyone can help me or take me out of my miserly confirming that there is nothing i can do?

 

Regards,

Aris

0 Kudos
2 Replies
G_W_Albrecht
Legend
Legend

You can only search for src: if the search term resolves to an IP.

 

CCSE CCTE CCSM SMB Specialist
0 Kudos
zaoar
Participant

i,

 

thanks for reply.

Ok this makes sense 

Although a SmartConsole feature to be able to filter src: *domainname* on a list of logs that has been already resolved would be great.

I mean, fore example, 

I've filtered my logs for a specific timeframe and dst machine in my DMZ network and I am able to see a list of logs with Sources IPs and resolved names. Which is great. All I need now is to filter on top of this result using part of domain name as source.

 

I mean i realized and tested and works, that if i export the search result to a csv, the domain names are also exported. So I can then do what i need from Excell and find for example if any source *domainname* accessed my DST server.

Regards,

Aris

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events