converting ip numbers to domain names in log files

Wed Dec 29 18:38:40 UTC 1999

Actually, I was hoping to avoid nslookup. 
Getting IP numbers out of a log file is as easy as
filtering the file through something like:
	cut -d" " -f5 | sort | uniq
if the logfile is delimited by spaces and the IP numbers are in
the 5th field.

I currently use a perl script:
#!/usr/bin/perl

#  -----------------------------------------------------------------
#  Resolve IP numbers into names within a file, substituting IP NAME for the
IP NUMBER.
#  Using  perl gethostbyaddr
jdc---------------------------------------------

use Socket;
while (<STDIN>)  {
        chop($_);                       # Remove NL from input.
        @log_word = split(/ /, $_);     # Split all words on input line
(using SPACE delim)
foreach (@log_word)  {                  # Print all words from input line...
        if ( /255\.255\.\d*\.\d/ )  {   # match a broadcast number
                print "$_ ";
        } elsif ( /\d*\.\d*\.\d*\.0/ )   { # match a network number
                print "$_ ";
        } elsif ( /\d*\.\d*\.\d*\.255/ ) {   # match a network broadcast
                print "$_ ";
        } elsif ( /\d*\.\d*\.\d*\.\d/ )  {   # match an IP number
          $name="N/A";
# $_ now is an IP Number we will try to look up
#print "\nlooking up: $_ \n";
        $name = gethostbyaddr(inet_aton($_), AF_INET)
            or  print "Can't_resolve:";
        print "$name($_) ";
        # $name is the hostname ("www.perl.com")
                }
         else {
                print "$_ ";            # Print the other words on the line
          }
}
print "\n";                             # Print the NL after each line
}

But it lacks a few things, like caching lookups, returning domain
info when the address lacks a PTR record, and such. It works on any
thing, including router config files (where it got started).

I just learned of a parsing logfile perl script for ipmon at

http://www.antibozo.net/ogata/webtools/plog.txt

that does some caching, maybe I'll look at it.

Thanks,  J.D.

>> On Fri, Dec 24, 1999 at 10:15:19PM +0000, J.D. Carlson wrote:
>> I'd like to know if there is a program I can filter a log file through
>> that will resolve the ip numbers into the respective names. 

>>J.D. Carlson

>You can pass the bare IP addresses to 'nslookup', and it will return you
>the names.  For instance, if I give

>204.152.184.101
>204.152.184.27

>as input to 'nslookup', I get [something like]:
[...]
>Transforming the log files into lists of IP addresses is logfile-format-
>dependent, and is left as an exercise for the reader.  ;-)

>-- 
>Joe Yao				jsdy at cospo.osis.gov - Joseph S. D.
Yao
>COSPO/OSIS Computer Support					EMT-B
>-----------------------------------------------------------------------
>This message is not an official statement of COSPO policies.