cancel
Showing results for 
Search instead for 
Did you mean: 
scottl
Level 7

Property to get client's hostname?

Jump to solution

Often src IP exceptions can be too static because of DHCP so I'm curious if there is a property that will do a reverse lookup on the connecting client IP and get the hostname so it can apply policy to it?  I did not see anything in a search of the properties or in the admin guide.  The "system.hostname" property resolved to the hostname of the proxy not the client. 

Thanks.

PS Using 7.0.1.4.0

Message was edited by: scottl on 9/14/10 3:20:04 PM CDT
0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Property to get client's hostname?

Jump to solution

Hello,

we have:

DNS.Lookup
IP List
List of IP addresses found in a DNS lookup for the specified host name
String: Host name

and

DNS.Lookup.Reverse
String List
List of host names found in a reverse DNS lookup for the specified IP address
IP: IP address of the host name

But careful, in case there is an issue with DNS, browsing will automtically get slow as we need to do a lookup for the configured item. The DNS-cache will store results though.

thanks,

Michael

7 Replies
McAfee Employee

Re: Property to get client's hostname?

Jump to solution

Hello,

we have:

DNS.Lookup
IP List
List of IP addresses found in a DNS lookup for the specified host name
String: Host name

and

DNS.Lookup.Reverse
String List
List of host names found in a reverse DNS lookup for the specified IP address
IP: IP address of the host name

But careful, in case there is an issue with DNS, browsing will automtically get slow as we need to do a lookup for the configured item. The DNS-cache will store results though.

thanks,

Michael

scottl
Level 7

Re: Property to get client's hostname?

Jump to solution

That was what I was looking for, my bad for missing it, and thanks for the help.

I used it so I it would do a lookup on any connecting client by referencing the Client.IP property in the parameter of DNS.Lookup.Reverse as below

DNS.Lookup.Reverse (Client.IP)....at least one in list...Blocked list

However, it looks like there are no wildcard lists permitted in the Operand, is that your opinion as well? I needed to put in the fully qualified DNS name for it to work, I tried "contains" as well. Although it is not case sensitive which is good.

0 Kudos
McAfee Employee

Re: Property to get client's hostname?

Jump to solution

If I understood correctly, then this shall work:

reverse.jpg

Sample rule set attached.

best,

Michael

Valeinrete
Level 9

Re: Property to get client's hostname?

Jump to solution

Hi Michael,

Thank you very much for your usefull information.

I have another problem, I would like to write hostnames straight away into the access.log file, while the appliance is logging.

The problem is that I can't find the right way to use the DNS.Lookup.reverse or DNS.Lookup property to write these reversed hostnames within the access.log, because I guess this is the best way to have hostnames into webreporter.

Any help ?

Many Thanks

0 Kudos
bkirk
Level 7

Re: Re: Property to get client's hostname?

Jump to solution

I know this is 5 years too late but I was trying to write to the logs too but couldn't call DNS.Lookup.Reverse either, so I figure out a way to get it.  I creates a User-Defiend.ReverseDNS, and made it a list of strings to match what DNS.Lookup.Reverse returns, and then I did this for the event on all logs:


Set User-Defined.ReverseDNS = DNS.Lookup.Reverse(Client.IP)


Hope this saves other people some time, You also don't need to do the above as long as you convert the DNS.Lookup.Reverse from a List.OfString.ToString, but I like to have it stored so I could possibly use it in multiple places, without doing multiple lookups.

Thank you,

Brian

0 Kudos
akekarat_c
Level 7

Re: Property to get client's hostname?

Jump to solution

Hi Brain,

I need to write client host name on the log too. Could you kindly help to give me your example configuration or capture screen? Thanks.

Regards,

Akekarat C.

0 Kudos
akekarat_c
Level 7

Re: Property to get client's hostname?

Jump to solution

Hi Brain,

Now I can stamp host name to the log by adding "List.OfString.ToString (DNS.Lookup.Reverse (Client.IP), "")" to the event.

I try to change host name and see how long time WMG use for update information. I found it take time a few min.

Now I looking for an option for adjust time to be shorter. Do you have any idea? Thanks.

Regards,

Akekarat C.