Unable to find the machine name from VPN logs
We have configured VPN to ESM. Now from the VPN logs I cannot see the machine name. I can see the source IP address and when do a nslookup we can get machine name but this shouldn't be practice to check one by one Hence need to know which filter to select in order to populate the machine name automatically
is correct here! Set the DNS resolution at the connector level and make sure the Connector itself has the ability to resolve (like make sure it has a local DNS setup for the TCP/IP configuration and that it has network access to send and receive the DNS request) and go from there - if you are getting the IP address in there, the SmartConnector will then lookup the name.
If you are using ESM for the management (as a lot of customers do), you can see the settings in the connector itself. Go to the connector double click to open the Inspect / Edit for it and then click the Default tab. You will see the options here:
Select the relevant options to reflect what you want - so turn on DNS resolution. I would also recommend that you have Wait For Name Resolution turned off and that you have a Name Resolution TTL set to 3600 to minimize the requests and delay in the processing of the log data.
However, be aware that if you are using say a Syslog SmartConnector for this - it will do name resolution on all log data coming through it of all log types. Chances are you might have turned this off for a reason, so check before you turn it on and make sure you aren't going to break anything. If you have turned off DNS resolution for a reason, use a new SmartConnector for your VPN logs and go from there.
Once you have the changes, don't forget to press Apply and then the connector will get the update and start doing the DNS resolution - it will then start filling in the names. But, as I mentioned above, if you haven't setup the DNS side of your TCP/IP on the SmartConnector in the first place, it wont work, so check the following:
1) Make sure you have a DNS server defined on the server that is running the SmartConnector
2) Make sure you have relevant rules / policies to allow the outbound and inbound DNS data to that SmartConnector.
Otherwise it wont work....