jdresolve is a high speed DNS resolver. jdresolve-raptor is a quick and dirty hack to jdresolve to allow resolution of Axent Raptor firewall logfiles. It is provided here only for convenience, without any guarantee.

This package is 99.44% the same as jdresolve v0.5.2. The file jdresolve has been copied to jdresolve-raptor and slightly modified. All other files are untouched!

When DNS resolution is enabled on the firewall, a typical logfile line looks like this:

Sep 30 03:09:49.539 zeeko httpd[248]: 121 Statistics: duration=0.43 id=Xv1F sent=321 rcvd=140 srcif=Vpn6 src=192.168.1.17/4733 srcname=marcus dstif=Vpn4 dst=207.46.177.16/80 dstname=windowsupdate.microsoft.com op=GET arg=http://windowsupdate.microsoft.com/selfupd.cab result="304 Not Modified" proto=http rule=4

Without DNS resolution enabled, the line would not include the srcname= and dstname= tags. jdresolve-raptor will lookup the names of the addresses indicated by the src= and dst= tags (which are always present), and re-write the line, adding the appropriate srcname= and dstname= tags where programs like Reptor expect to find them.

jdresolve-raptor works just like jdresolve does. Specify a file to process on the command line or use - for STDIN. Output is sent to STDOUT. Don't muck with filenames if you're using Reptor. In other words, rename your new output so that it matches the original filename. For example, you might use something like this:

jdresolve-raptor --nostats --recursive logfile.20000323 > temp
mv temp logfile.20000323
reptor.pl --date 20000323

Or, if you're really brave, you could try something like this:

remotelogfile host logfile.20000323 | jdresolve-raptor - | reptor.pl --log -

You can download a tarball or a zip. The packages are otherwise identical.

RTFM.

You're on your own.