Add IP lookup capabilities to the watchdog module

+1 for this patch.

Shouldn't target="blank" read target="_blank" (with under score)?

-1 for using the target attribute. That's browsers UI functionality.

another -1 on target blank; As nielsen points out (http://www.useit.com/alertbox/9605.html #9) opening new windows is

Opening up new browser windows is like a vacuum cleaner sales person who starts a visit by emptying an ash tray on the customer's carpet. Don't pollute my screen with any more windows, thanks (particularly since current operating systems have miserable window management).

removed target? Then now I can +1 this.

Why is this usefull? Can't you set up Apache to do the looking up?

Just two random questions.

Several reasons:

1. Yes, Apache can be configured to do this. However, it is resource intensive. Apache would have to do a DNS reverse lookup request for every IP address. This is generally considered to be a bad idea on any Apache server that has any kind of load. Thus, it will be turned off on most hosting arrangements.

2. Not everybody runs Apache. :-)

3. It's convenient, somewhat useful and very lightweight to provide it.

ok, more questions: How long is that service already there? How long will it stay available? Does their TOS allow this kind of integration?

This is very useful.

Not all apache installations enable DNS name resolution, and if you are on a shared hosting that does not have it, you are out of luck.

This patch does the lookup selectively for links that are interesting to the admin when viewing the logs.

Moreover, it provides way more info than just a name resolution every did, or will do. You as the site admin can detect abuse, get organization contacts, blacklisted status, ...etc.

whois.sc has been available for a while, and provides a lot of nifty info. For example try http://whois.sc/drupal.org for some fun. Run it on your domain and see more fun.

As far as ToS, this is something that needs to be checked.

I too would prefer to use PHP's gethostbyaddr to lookup the hostname. I'm not too fond of using external services.

Plus, we should probably introduce a format_ip_address() function because there are more places where IP addresses are shown (eg. statistics module).

I'm marking this active.

Since I already have an account at whois.sc I am able to use their service as much as I want; I feel that this module feature should be as configurable as generally required:

= Chose to use internal php gethost;
= Chose to use external source (like WhoIS.sc)
= Chose to use internal (read Private DNS) for intranet sites.
= Chose _self or _blank
= Chose active - flowed JS window to auto-display when each details page is requested from watchdog.

Making somethings automatic doesnt mean that there would be anyone other than the site admin looking -- therefore there should not be a possibility of repeated robitic activity causing WHoIS or similar harm.

+1 as well

Agree with sneex, a few configuration options would be great. Use the PHP function on as-needed-basis, choose whether to use an external source for a list of drop downs, or enter your own, and checkbox to turn this on/off as needed.

I guess I should do it as I have a good idea what I want (and hopefully other would desire them as well) -- It will give me a chance to learn more about Drupal and PHP. Any help during my learning curve would be most appreciate =)

sneex i'm interested in helping out as well, let me know! be on IRC monday morning to chat.

As I am still learning PHP, and related things (mostly inside MediaWiki at present), I do not wish to hold up this plug-ins development; I apologize to the group for butt'ing in -- this module is definitely needed for Drupal but after my long research into the API, etc, I do not feel capable of writing/adding it at this time. I hope to be a strong, value-adding community member when I am better at PHP, etc.

I submitted a patch with this functionality for the statistics module. Details can be found here:
http://drupal.org/node/63544

Still a feature request?

Moving to cvs.

Gosh, what a shame that this useful feature request has been ignored for so long. Rather than completely internal to the Watchdog module, it would be nice to have a call-able function. I have added a Top Spammers report (using Mollom's info) and it would be super-nice to add this feature to that.

This is probably a duplicate of #16221: Integrate WhoIs facility in to Watchdog, although a nicer patch.

I was looking to see if there was an easy way to work that change into a themable function that I could just drop into an admin theme.

Would be a nice addition, but I don't know that imbedding:

    $output .= ' <tr><th>'. t('Hostname') .'</th><td><a href="http://www.whois.sc/' . $watchdog->hostname . '" target="blank">' . $watchdog->hostname . "</a></td></tr>";

Is stable enough for core.

Subscribing.

Marked #16221: Integrate WhoIs facility in to Watchdog as a duplicate of this issue.

Taking from j.somer's patch: http://drupal.org/node/16221#comment-1166656

We should be able to write a custom function based on dblog_event() in modules/dblog/dblog.admin.inc [say we call it dblog_event_whois()] and simply include this item for the Hostname:

       array(
         array('data' => t('Hostname'), 'header' => TRUE),
         l($dblog->hostname, 'http://whois.domaintools.com/'. $dblog->hostname),
       ),

We can then just use hook_menu_alter() to replace the call to something like:

dblog_menu_alter(&$items) {
    $items['admin/reports/event/%']['page callback'] = 'dblog_event_whois';
}

I think this would work, but haven't tried it. I don't think this could get into core, but it should be either a contrib module or added to a contributed admin theme.

There are also a few other places where presenting more information about the visitor can really help diagnose a problem.

Subscribe.

I've reached out to domaintools.com about this and hope to get some feedback soon about this. Not sure how this fits in their ToS. Also, there may be privacy concerns about doing this that we should investigate.

This is a won't fix IF it can be done from contrib. Do we have the necessary hooks to make it happen? If not, let's add one.

Agreed with this approach @chx. I don't know if the proper hooks already exist. I'd assume they don't in D7 as folks aren't using them.

It would be nice to have the hook. For now, I am using mgifford's codes at comment #24 in Geolocate Logs module that I developed to geolocate the Drupal log event's hostname IP with appended whois link.

Needs an update re #28.

Moved to dblog.module for future triage.

I just checked. There is no hook to modify the IP rendered on the event log page. The current alternative is to alter route to use a different controller to display the event log detail page.

In D7 there is a module that provides this functionality: https://www.drupal.org/project/watchdog_event_extras

Maybe we could provide a service to format IP addresses, like mentioned in #11.

I checked again 3 years later and now the module https://www.drupal.org/project/watchdog_event_extras implements the approach of altering the route.

Based on #28 and #29 I'm marking this as won't fix.