When using the Nmap Logstash Codec, hostnames and their dns record type are not getting indexed into Elasticsearch, while the other Nmap data is. I'm following the Elastic blog on how to use the codec., and my Nmap data is in XML. However, the hostname field keeps coming back null.
My question is, how can I get the hostname indexed? Do I have some error in my configurations, or is there a bug?
Now here's what I've found so far:
Looking at XML structure, it looks like there is a "hostnames" tag then a "hostname" tag.
<host starttime="1516366213" endtime="1516366242"><status state="up" reason="echo-reply" reason_ttl="61"/>
<address addr="10.15.3.111" addrtype="ipv4"/>
<hostnames>
<hostname name="somename.example.com" type="PTR"/>
</hostnames>
<ports><extraports state="closed" count="17">
<extrareasons reason="resets" count="17"/>
</extraports>
<port protocol="tcp" portid="23"><state state="open" reason="syn-ack" reason_ttl="61"/><service name="telnet" method="table" conf="3"/></port>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="61"/><service
</ports>
<times srtt="1107" rttvar="509" to="100000"/>
</host>
And looking at the Github code, I don't know if it takes that into consideration, specifically the following line:
h['hostname'] = hashify_hostname(host.hostname)
I tinkered with the code, but couldn't get it working.
Here's my setup
Software Versions
Elasticsearch 5.6.7
Logstash 5.3.0
Nmap 7.40
Ubuntu 16.04
Thank you ahead of time.