EventID=3 Source and DestinationHostname not resolved? #186
Description
Describe the bug
We are not able to resolve SourceHostname and DestinationHostname in Evt.3 the same way it is done in Sysmon for Windows..
have tried to add true to the .xml but the log only shows "-"
All IP's are manually resolvable from the OS
To Reproduce
Look for Source and destination hostname in EventID=3 ?
Sysmon version
Version 1.3.3
Distro/kernel version
Red Hat Enterprise Linux 8.10 (Ootpa)
Ubuntu 20.04.6 LTS
Sysmon configuration
Since DNS lookup should (in the windows version at least) be enabled by default..?
have also tried with true with no result.
Logs
Oct 7 16:32:19 Server1 sysmon[1569566]: 354300x80000000000000001106903Linux-Sysmon/Operationalserver1.domain.local-2024-10-07 14:32:19.673{c30c9345-59f2-6703-b805-bfc8d8550000}2898441+/usr/libexec/sssd/sssd_berootudpfalsefalse10.1.1.1-53-false10.2.2.2-47348-
Expected behavior
Sysmon should resolve hostname from IP and place result i log..
Like:
10.1.1.1Server1.domain.local53-false10.2.2.2Server2.domain.local47348-
Additional context