none
How do I have a batch file convert .txt log entry from private ip to hostname? RRS feed

  • Question

  • batch file to convert .txt log entry from private ip to hostname



    I would like to input log files into a batch script and output the log with our private ips, 172.22.9.9 translated to hostnames.
    I know ping -a and nbtstat -a, as a start, will convert inputted ip addresses to hostnames.  Would like to see how to use them to get this done:

    take this line in log file:

    2016-01-22 17:17:27 Local4.Notice Jan 22 2016 09:17:53 nnnnnnnnnnnnnnnn : %ASA-5-304001: 172.22.2.13 Accessed URL 96.16.7.82:<<Url link>> KiwiClientID=KiwiTunnelClientDA

    and change the entry "172.22.9.9" to the machine's hostname here its JoeTPC:

    2016-01-22 17:17:27 Local4.Notice Jan 22 2016 09:17:53 nnnnnnnnnnnnnnnn : %ASA-5-304001: JoeTPC Accessed URL 96.16.7.82:<<URl link>> KiwiClientID=KiwiTunnelClientDA

    Thursday, January 28, 2016 3:04 PM

Answers

  • I agree with Bill, you should really be using PowerShell for this.

    See how it easy it makes things?

    $hostname = [System.Net.Dns]::GetHostEntry('172.22.9.9').HostName
    
    $hostname


    • Marked as answer by itproquo Monday, February 1, 2016 2:22 PM
    Thursday, January 28, 2016 3:10 PM
  • Thanks Mike and Bill.

    Well, I'm still in the dark as to how to include Mike's answer into a script.  From my awkward attempt at code, you see I've tried!

    $logentry = (select-string -path c:\logs\*.txt -pattern "172.22.*")# -allmatches –simplematch)
    
    $ip=($logentry -split "Accessed URL")[0].substring(15)
    
    
    $hostname = [System.Net.Dns]::GetHostEntry($ip).HostName
    
    $hostname
    
    
    

    Anyway, the point is mute.  I found out from the logging program's forum how to switch on an option to include DNS resolution.  Within that option is setting to automagically translate ip addresses to hostnames.

    Thanks again -- Joe Tursone

    • Marked as answer by itproquo Monday, February 1, 2016 2:22 PM
    Friday, January 29, 2016 2:12 PM
  • This works using a quick test in my environment:

    (Get-Content .\log.txt) | ForEach {
    
        If ($_ -like '*172.22.*') {
    
            $ipAddr = $_.Split(':')[6].Trim().Split(' ')[0]
    
            $hostname = [System.Net.Dns]::GetHostEntry($ipAddr).HostName
    
            $_ = $_.Replace($ipAddr,$hostname)
    
        }
    
        $_
    
    } | Out-File .\log.txt
    
    
    log.txt:
    2016-01-22 17:17:27 Local4.Notice Jan 22 2016 09:17:53 nnnnnnnnnnnnnnnn : %ASA-5-304001: 172.22.2.13 Accessed URL 96.16.7.82:<<Url link>> KiwiClientID=KiwiTunnelClientDA
    garbage 1
    2016-01-22 17:17:27 Local4.Notice Jan 22 2016 09:17:53 nnnnnnnnnnnnnnnn : %ASA-5-304001: 172.22.2.14 Accessed URL 96.16.7.82:<<Url link>> KiwiClientID=KiwiTunnelClientDA
    garbage 2
    2016-01-22 17:17:27 Local4.Notice Jan 22 2016 09:17:53 nnnnnnnnnnnnnnnn : %ASA-5-304001: 172.22.2.15 Accessed URL 96.16.7.82:<<Url link>> KiwiClientID=KiwiTunnelClientDA
    garbage 3
    garbage 4


    String parsing breaks if the input format ever changes though.


    • Marked as answer by itproquo Thursday, February 4, 2016 8:56 PM
    Friday, January 29, 2016 2:48 PM

All replies

  • Sounds interesting. What does your script look like so far? (We would definitely recommend PowerShell rather than a batch file.)

    -- Bill Stewart [Bill_Stewart]

    Thursday, January 28, 2016 3:06 PM
    Moderator
  • I agree with Bill, you should really be using PowerShell for this.

    See how it easy it makes things?

    $hostname = [System.Net.Dns]::GetHostEntry('172.22.9.9').HostName
    
    $hostname


    • Marked as answer by itproquo Monday, February 1, 2016 2:22 PM
    Thursday, January 28, 2016 3:10 PM
  • Well, too batch file usage prevails here.  So far in powershell I found this but don't know how to get the ip address piped out to nbtstat -a to get hostname.
    select-string -path c:\logs\*.txt -pattern "172.22.*" 
    -allmatches –simplematch

    Thursday, January 28, 2016 6:02 PM
  • You don't need to pipe to nbtstat.

    Look at Mike Laughlin's answer carefully.


    -- Bill Stewart [Bill_Stewart]

    Thursday, January 28, 2016 6:07 PM
    Moderator
  • Thanks Mike and Bill.

    Well, I'm still in the dark as to how to include Mike's answer into a script.  From my awkward attempt at code, you see I've tried!

    $logentry = (select-string -path c:\logs\*.txt -pattern "172.22.*")# -allmatches –simplematch)
    
    $ip=($logentry -split "Accessed URL")[0].substring(15)
    
    
    $hostname = [System.Net.Dns]::GetHostEntry($ip).HostName
    
    $hostname
    
    
    

    Anyway, the point is mute.  I found out from the logging program's forum how to switch on an option to include DNS resolution.  Within that option is setting to automagically translate ip addresses to hostnames.

    Thanks again -- Joe Tursone

    • Marked as answer by itproquo Monday, February 1, 2016 2:22 PM
    Friday, January 29, 2016 2:12 PM
  • This works using a quick test in my environment:

    (Get-Content .\log.txt) | ForEach {
    
        If ($_ -like '*172.22.*') {
    
            $ipAddr = $_.Split(':')[6].Trim().Split(' ')[0]
    
            $hostname = [System.Net.Dns]::GetHostEntry($ipAddr).HostName
    
            $_ = $_.Replace($ipAddr,$hostname)
    
        }
    
        $_
    
    } | Out-File .\log.txt
    
    
    log.txt:
    2016-01-22 17:17:27 Local4.Notice Jan 22 2016 09:17:53 nnnnnnnnnnnnnnnn : %ASA-5-304001: 172.22.2.13 Accessed URL 96.16.7.82:<<Url link>> KiwiClientID=KiwiTunnelClientDA
    garbage 1
    2016-01-22 17:17:27 Local4.Notice Jan 22 2016 09:17:53 nnnnnnnnnnnnnnnn : %ASA-5-304001: 172.22.2.14 Accessed URL 96.16.7.82:<<Url link>> KiwiClientID=KiwiTunnelClientDA
    garbage 2
    2016-01-22 17:17:27 Local4.Notice Jan 22 2016 09:17:53 nnnnnnnnnnnnnnnn : %ASA-5-304001: 172.22.2.15 Accessed URL 96.16.7.82:<<Url link>> KiwiClientID=KiwiTunnelClientDA
    garbage 3
    garbage 4


    String parsing breaks if the input format ever changes though.


    • Marked as answer by itproquo Thursday, February 4, 2016 8:56 PM
    Friday, January 29, 2016 2:48 PM