Hello,
I'm aware of How to add hostname to logs that normally do not contain hostname? but that is not applicable to my case.
My router's firewall sends syslog message but they only contain the IP of the host causing the rule being triggered.
I could provide IP<>hostname mapping by different means to ELKI.
How to manipulate the log message on ELKI, so that it contains the IP owner's hostname?
Thank you
Stefan
If you have the host name associated to each IP address you could use a translate filter in Logstash to enrich your document while processing.
Check the documentation for the translate filter.
I also have this example that I wrote a time ago on how to set up the translate filter using a dictionary file.
Thx for the quick response.
great knowing that there is an option.
I found a script in the MikroTik forum, sharing DHCP clients hostnames using SNMP.
Need to figure out how to combine these things but reads feasible
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.