I have my router keeping a list of IP’s of the websites that are visited. Is there a way to do a script that will resolve the names once a day for me and put the names in the log as an info or so I can print the names out?
Thanks
You can use :resolve command. Are these in an address-list ? Wait, resolve does forward resolve, do you want reverse ?
Sam
These IP’s are in an address list that came from a prerouter firewall rule. Basically if its tcp and port 80 it looks a a lists called sites. If it’s not on the list then it addes it with a TTL of 24hrs. SO… i’m wanting to resolve the IP’s the clients were searching to. This is in a TV station and we need to monitor the sites visited and black list some. You wouldn’t believe the abuse a T1 can get with over 100 computers on it.
Thanks!
An easier way would be to use the web-cache (instead of firewall+scripting), and have it log all requests.
But…
You could do this by using the router as a DNS cache, and forcing all the internal machines to use it for DNS resolution.
Have your address list timeout fairly quickly, like five minutes.
Then have a script run at the same freqency (5 min, or whatever) that checks the IPs in your address list against the entries in “/ip dns cache all”.
Something like (quick, dirty hack):
:local ENTRIES [/ip firewall address-list find list=port80]
:local ADDRESSES ""
:local SITES ""
:foreach ENTRY in $ENTRIES do={
:local ADDRESS [/ip firewall address-list get $ENTRY address]
:set ADDRESSES ([:toarray $ADDRESSES] . [:toarray $ADDRESS])
}
:foreach ADDRESS in $ADDRESSES do={
:local REF-SITES [/ip dns cache all find data=$ADDRESS]
:foreach REF-SITE in $REF-SITES do={
:local SITE [/ip dns cache all get $REF-SITE name]
:set SITES ([:toarray $SITES] . [:toarray $SITE])
}
}
:local MESSAGE ("Likely visited sites: " . $SITES)
:log info $MESSAGE
It will miss things with a really short TTL, but should catch most.
–Eric
OK, It may have been a down and dirty script but it works
thanks loads!!! 