Testing Splunk by devouring the syslog from my router with Tomato firmware installed. Is there a way to have Splunk do lookups on SRC and DST ip addresses to show host/domain names vs. just the IP? (Something similar to what wallwatcher.com can do? - http://bit.ly/Q4ZZry )
Aug 23 14:25:49 192.168.1.1 Aug 23 14:26:32 kernel: ACCEPT IN=br0 OUT=vlan1 SRC=192.168.1.70 DST=74.125.130.108 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=16424 DF PROTO=TCP SPT=53610 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B4010303040101080A2DCEF5B90000000004020000)
host=192.168.1.1 Options| sourcetype=syslog Options| source=udp:514
... View more