I have a big list of firewall logs

#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path

2011-03-14 10:51:44 DROP TCP 192.168.1.1 72.14.204.99 5401 1058 52 FA 500922910 946706061 64387 - - - RECEIVE

I really just want to know the destination IP like 72.14.204.99=google

I have about 5000 entires, so doing it by hand is going to be near impossible, any ideas?

3/18/2011 10:12:18 AM

do you know any programming languages?

you can script it pretty easily, say using a feature like this in .net http://msdn.microsoft.com/en-us/library/system.net.dns.gethostentry.aspx

[Edited on March 18, 2011 at 10:18 AM. Reason : .]

3/18/2011 10:17:43 AM

Prefer not to code,but I can if I have to,

The only other thing I noticed that in the google example a whois says google, a nslookup says iad04s01-in-f99.1e100.net

3/18/2011 10:44:20 AM

well, i mean unless there happens to be a site where you can copy/paste a bunch of IPs and it'll do the lookup for you (there very well may be - i don't know of one), you'll probably have to do some kind of scripting yourself, even if it's just a command line script. you can do this a ton of different ways, it really just depends on what technology you're most capable with

3/18/2011 10:49:17 AM

yea, I got it going in powershell, stealing the code form the site you linked to (thanks by the way)

# Start of Script
###

# Convert $hostaddres to IPaddress class.

# Create one for next call
$a=Get-Content "C:\test.txt"

foreach ($i in $a) {
$hostaddress=$i
write-host $hostaddress
$HostIp = [System.Net.IPAddress]:arse("127.0.0.1")
if (! ([system.Net.IPAddress]::TryParse($hostaddress, [ref] $HostIP))) {"Not valid IP address"; return}

# Get Host info
$hostentrydetails = [System.Net.Dns]::GetHostEntry($HostIP)

# Print details:
"Host Name : {0}" -f $hostentrydetails.HostName
foreach ($alias in $hostentrydetails.alises) {
"Alias : {0}" -f $alias
}
foreach ($addr in $hostentrydetails.addresslist) {
"Address : {0}" -f $Addr.ipaddresstostring
}
}
# End of script

Powershell is actually pretty cool, just gets annoying at times.

3/18/2011 11:20:38 AM

sweet

3/18/2011 11:29:16 AM

^^that's awesome

3/18/2011 11:47:25 AM

i was going to suggest some regex + Net:NS::Resolver

3/18/2011 1:23:14 PM