Check Whois records for IP addresses in log entries
To get more information about the source of traffic that triggered a log entry, you can look up the Whois record of IP addresses in log entries.
The Whois record contains registration information and related contact details provided at the time of domain registration. The contents of the Whois record vary depending on the information provided by the owner of the domain or network segment. For IP addresses used by customers of an ISP, the information shown in the Whois record is usually the ISP’s information.
The Whois information is queried from the relevant Regional Internet Registry (RIR). These registries include the ARIN (American Registry for Internet Numbers), the RIPE NCC (Réseaux IP Européens Network Coordination Centre), and the APNIC (Asia Pacific Network Information Centre). More information about the main RIRs can be found at the following links:
- ARIN at a glance: https://www.arin.net/about_us/overview.html
- RIPE Database: https://www.ripe.net/manage-ips-and-asns/db
- About APNIC: https://www.apnic.net/about-APNIC/organization
The computer running the Management Client performs the Whois query. To be able to perform Whois queries, the security policy applied on the computer running the Management Client must meet the following criteria:
- DNS queries must be allowed so that the Management Client can resolve the relevant RIR server IP address.
- Opening TCP43 (Whois) connections must be allowed.
For more details about the product and how to configure features, click Help or press F1.
Steps
Whois Information dialog box
Use this dialog box to view Whois information for an IP address in a selected log entry.
Option | Definition |
---|---|
Close | Closes the window. |