NetXMS Support Forum

I need to have reverse DNS lookup on the message portion of a custom event that is created from a syslog message. For instance I have create an event from a syslog message and the event looks like the below (taken from a proxy):

20.01.2015 06:35:43 firewall Warning PROXY_BLOCK Blocked Category: Web Ads; Srcip: 10.30.29.45; Name: web request blocked, forbidden category detected; statuscode: 403; URL: https://googleads.g.doubleclick.net/

I need a reverse lookup on the message portion of the event to convert the "Srcip" to hostname or FQDN instead of IP. Currently I do this manually but it would be great to automate this with NetXMS. Is this possible? Anyone know?

General answer is "no" - nxsl do not provide any way to do a back resolve. We can add function for that and then it can be implemented quite easily: in EPP, in create alarm /  send notification section – you use %{scriptName} instead of the message (%m, usually), and in this "scriptName"  (from Script Library) you do any transformation you like (extract IP, resolve and combine message back together). You can register feature request in our bug tracker: https://dev.raden.solutions/projects/netxms/.

Right now you can do this kind of a hack:
1) in EPP add "execute external application" as action
2) write script (shell, python, application - anything), which split message, extract IP, do back resolve, compose new message
3) push it back to NetXMS using "nxevent" command line utility. Note, you should use different event for that – or you'll create infinite loop.

Thanks. That does work. However it's the long way around. I posted a feature request to add that to a future release.

v/r