I would like to perform a DNS lookup on all internal IPs in my ASA firewall logs. However, I am a Splunk Cloud (SC) customer therefore my cloud instance does not have access to my internal DNS servers once the data is passed to the indexers. This makes it impossible to resolve IP addresses to host names.
Therefore, I have to append the host name from a DNS lookup BEFORE the data is sent to SC.
I am currently using a Universal Forwarder on my Syslog server to forward to my cloud indexers, but I am going to use a heavy forwarder to relay ASA events from the syslog server to SC.
So - how do I configure the HF to do a DNS lookup before it forwards the ASA data to my cloud instance?
↧