Auto resolve IPaddress -> DomainName at FW logs
Using PFSense , FW flows many logs . is there auto dnslookup function ? (not manually)
if it is included , please point whereby to setup PFSense.
Even in awkward sentences, Thank you for reading.
So sounds like you want your firewall log to list fqdn of the IP addresses.. While that might work for some - your talking about a PTR, not all ips address have PTR setup, and even when they do its quite often just the IP address ;)
Example.. My public IP is 24.13.x.x – with comcast. If you do a PTR you get this.
;; ANSWER SECTION:
xx.xx.13.24.in-addr.arpa. 7194 IN PTR c-24-13-xx-xx.hsd1.il.comcast.net.
You do understand that logging PTR would be a lot of extra work for the firewall to have to query for every single IP it sees and logs.. Most of that would be blocked is just noise in the first place.. And as stated not all IPs have ptr setup.
So for example
PING cnn-cop.gslb.vgtf.net (22.214.171.124) 56(84) bytes of data.
if you try a PTR on 126.96.36.199 you get nxdomain
Thanks for reply , Since wireshark is worked like that , i guess pfsense also do work or add packages…but this function accordingly noisy :'( , i understand.
For PTR , I think to try to read some topics. Still beginner i am, i want to learn more.
Even in awkward sentences, Thank you for reading.and thanks for reply :)
Wireshark is a limited set of IPs, that only has to resolves the IPs in your capture. This is normally geared and even limited in the capture to a handful of ips.
Your asking for pfsense in real time to look up every single IP it sees – that is just nonsense, never seen a firewall ever do that. Click the little i if you want to lookup an IP.. But most of the time its going to get you nothing..
I see example , and i also do nslookup on firewall log screen. and many dns(port:53) logs up ..like this matter is existing , should not Introduce auto resolve function in PFSense , i interpreted.
I still like study of English is not enough :-[
Even in awkward sentences,Thank you for reading.