Log files and host names.

DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
Hi,

Quick question,

In checkpoint there is a function in smart view tracker to resolve IP in the logs. Now does this take place as each log entry is made, or only when you are viewing the logs?

The reason I ask is if I look at the Logs 2 weeks after the event, is the host name I see resolved, the Device that was using the IP Address at the time the log was made, or the one currently using it.

I want to be sure I can track back not only what IP address is in the log, but the specific device that that data came from, even if since then it may have changed its IP.

Cheers
  • If you can't explain it simply, you don't understand it well enough. Albert Einstein
  • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.

Comments

  • DPGDPG Member Posts: 780 ■■■■■□□□□□
    Logging is only done by IP address as far as I know. The hostnames are resolved in real-time when you use SmartView Tracker.

  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    OK cheers.

    this seems a odd way to do it, as with DHCP IP assigment will change and part of the reason for having logs is so you can go back and see who did what when?

    I have a requirment that we need to be able to go back and tell what PC sent the data, from what you are saying the only was is to staticly assing the IP address.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    DevilWAH wrote: »
    OK cheers.

    this seems a odd way to do it, as with DHCP IP assigment will change and part of the reason for having logs is so you can go back and see who did what when?

    I have a requirment that we need to be able to go back and tell what PC sent the data, from what you are saying the only was is to staticly assing the IP address.

    Identity awareness was the way to go, turned on it authentic traffic agisnt AD and logs this, giving even more traceability than IP or resolved host names :)
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Sign In or Register to comment.