I have a series of firewall logs and a few lists of “interesting” domains.
I would like to “mine” the logs to find any instances where traffic is going to the interesting domains.
As a further complication, some of the logs don’t have translated addresses (i.e. they’re in four octets), but all of the domain lists are translated (e.g. xyz.com).
Please let me know.
I would create a lookup table that relates each of your interesting domains with its IP address. Then do a search for your plaintext domain list, as well as any IPs that are in the interesting domain IP lookup table.
You can try the Geo Location Lookup Script plugin to get location based meta data for the IP addresses. Here's a similar one that uses Google Maps to map the locations.