UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Lieutenant
Lieutenant
287 views

Unable to find the machine name from VPN logs

We have configured VPN to ESM. Now from the VPN logs I cannot see the machine name. I can see the source IP address and when do a nslookup we can get machine name but this shouldn't be practice to check one by one Hence need to know which filter to select in order to populate the machine name automatically

Labels (1)
0 Likes
4 Replies
Ensign
Ensign

Hey souarv

What do you exactly mean by machine name? do you happen to mean source Host name!

0 Likes
Fleet Admiral
Fleet Admiral

Hi Saurav,

Can you see DNS resolve in connector level ?

Cheers

Gayan

Mr
0 Likes
Lieutenant
Lieutenant

how do you check in connector. Machine name is the source host name

0 Likes
Fleet Admiral
Fleet Admiral

is correct here! Set the DNS resolution at the connector level and make sure the Connector itself has the ability to resolve (like make sure it has a local DNS setup for the TCP/IP configuration and that it has network access to send and receive the DNS request) and go from there - if you are getting the IP address in there, the SmartConnector will then lookup the name.

If you are using ESM for the management (as a lot of customers do), you can see the settings in the connector itself. Go to the connector double click to open the Inspect / Edit for it and then click the Default tab. You will see the options here:

Capture.PNG

Select the relevant options to reflect what you want - so turn on DNS resolution. I would also recommend that you have Wait For Name Resolution turned off and that you have a Name Resolution TTL set to 3600 to minimize the requests and delay in the processing of the log data.

However, be aware that if you are using say a Syslog SmartConnector for this - it will do name resolution on all log data coming through it of all log types. Chances are you might have turned this off for a reason, so check before you turn it on and make sure you aren't going to break anything. If you have turned off DNS resolution for a reason, use a new SmartConnector for your VPN logs and go from there.

Once you have the changes, don't forget to press Apply and then the connector will get the update and start doing the DNS resolution - it will then start filling in the names. But, as I mentioned above, if you haven't setup the DNS side of your TCP/IP on the SmartConnector in the first place, it wont work, so check the following:

1) Make sure you have a DNS server defined on the server that is running the SmartConnector

2) Make sure you have relevant rules / policies to allow the outbound and inbound DNS data to that SmartConnector.

Otherwise it wont work....

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.