In some alarm and events we are not getting destination IPs or ports details or any other information.
So what it the issue in this? How to resolve this issue?
What product is this in relation to so I can move your question to a forum better suited to get an answer. I assume SIEM is that correct
The source IP and destination IP address "not-set values or aggregated values appear as "::" instead of as "0.0.0.0" in all result sets.
If there is no IP address in the event packet for receiver to parse the ESM will display that as :: instead of leaving the field blank or displaying 0.0.0.0
Is in the Log-File a IP-Address for Destination IP or anything else? IF not you can do nothing on the parser site. If yes you can write your own parser.
Or you configure your Log on the machine and add the destination IP if is possible.