Unfortunately some logs just record the IP addresses and as Vantage reports whats in the log; that's all you see by default. Sometimes this is due to how the logging device is setup and other times the device doesn't have this feature. Please check your logging device information/user manual for details about this feature (eg. User Authentication). Either way this is not something to worry about as Vantage is designed with a built in Resolve IP feature.
A simple explanation about how the Resolve IP Feature works:
The Resolve IP feature asks the Domain Name Server for a resolved name of the IP address. It then builds an alias group with the resolved name using the IPs as keys. This means you can then apply this alias to your IP's field in your report templates, and Vantage will show the alias group names in your reports rather than the IPs.
How to set this up
First of all we need to make sure we have an alias ready and setup to gather the IP's and resolved names.
This means creating a new alias and adding the summary field in question to the summaries list for this alias.
From the above image you can see three summary fields have been added; Destination IP, Site Domain and Source IP. This means that this alias can be applied to data in those fields/summaries. Go ahead and add any other summaries in your schema that contain IP addresses.
Once you have a created your alias, select the alias and click Resolve IPs located in the left hand panel under the Import/Export group.
On the first page, select the storage/s and schema you want to Resolve IPs from and click Next.
Then ensure your new alias is selected on the Aliases page, like in the above image.
You can leave the Filters page blank if you want to resolve all IPs in your storage. But you can use this page to only resolve Internal IPs, external IPs and so on.
Once you click the OK button Vantage will contact your DNS server and attempt resolve any IPs it finds in the summary fields you have listed in your selected alias. In this case Source IP, Destination IP, and Site Domain.
It is important to note that as you import new data more IPs will be imported and some of these may not have a Resolved IP alias. As such you may want to run Resolve IP after importing new data.
If you have a task setup to import your new data you can add a Resolve IP task action after your import new logs task action. It is important to add the Resolve IP task action after the import new data but before any reporting task actions so that the Resolved IPs alias is up to date when the reports run. As this is an automated process this is a good way to ensure you Resolved IPs alias is always up to date.
Using your Resolved IPs alias with Summaries
Assuming the Resolve IPs is already done, its just a matter of applying the alias to your data.
Once you have run an analysis on the summaries dock and selected a summary such as Source IPs to view, you will see a list of aliases that can be applied in the Aliases task pad to the left. Select your Resolve IPs Alias and the data in the view will now show the Resolved IPs instead of the original IP addresses.
If your 'Resolved IPs' alias is not displayed here:
1) Go to the Aliases tab and select your 'Resolved IPs' alias.
2) Right click 'Edit'
3) Half way down you will see 'Apply alias to selected summaries' list - this is where we need to add the new summary field.
4) Select your schema from drop down list on the top of the left list box.
5) Now select the Summary that you want the alias to be applied to from the list and click the -> button to add it.
6) Click OK.
7) Go back to the Summaries tab. Select the Summary again and you will now see the alias in the Aliases task pad and you can apply it to your data.
Using your Resolved IPs alias with Reports
Assuming the Resolve IP is already done its just a matter of applying the alias to the data.
You will need to add the Resolved IPs alias to any template nodes that currently show IP addresses. So from the above example, any template nodes that report on Destination IP, Source IP, or Site Domain.
To add the 'Resolved IPs' alias to a template node:
1) Go to the Reports tab and find the report template that you want to run.
2) Click the name of the report. This should display the report template tree structure.
3) Right-click | Edit on a template node that reports on IPs.
4) On the first page of the wizard (general page) there is a Columns list at the bottom.
5) The first item in the list should be Summary 'key' field. Double-click this column to edit it.
6) On this dialog you will see Alias combo box. Select the 'Resolved IPs' alias and click OK.
7) Click OK again to save the template node.
8) Repeat steps 3-7 for all other Template nodes that report on IPs.
Your Resolved IPs alias will now be applied to the appropriate nodes in your report when you generate the report.
A possible Internal DHCP Resolving issue
Something to be aware of when using resolve IPs is that if you resolve internal IPs in a DHCP environment there is a chance that the IPs wont match to the computer it was assigned to when the hit occurred. Why might you ask? This is due to the DHCP lease timeframe and if you are using dynamic IPs.
So if you have a monthly report, the IPs at the beginning of the month may be resolved to an alias that does not match correctly by the end of the month.
Alias Group JOE with the key 192.168.0.14 is set up at the beginning of the month.
But sometime in the month the DHCP server has given JOE a new IP.
So JOE has been using 192.168.0.17 for part of the month.
Therefore it's important to match the report period to the DHCP lease timeframe, or assign static IPs.