I'm trying to run a search for hits to a particular ACL on a firewall and then resolve the names via reverse DNS. I've tried this 100 ways to Sunday but I'm still not able to figure it out. No matter what I pass to dnslookup, it returns with:
"Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table."
Here's the search:
host=dc1-ra-01.mbsbooks.com destip=108.160.160.0/20 | lookup dnslookup ip AS src_ip OUTPUTNEW host AS hostname
The following already existed in my transform.conf:
[dnsLookup]
external_cmd = external_lookup.py host ip
fields_list = host, ip
Can reverse DNS lookups be done at searchtime like this? What am I missing?
Thanks,
-Jeff
... View more