i think i explain my question in the wrong way
what i really want to know is the fallowing
if the security team ask me, the ip 192.168.10.10 had a unexpected behavior on august 1
who had that IP that day?
I wouldnt be able to see that information the way you telling me, i guess it would be possible with a report, but its a guessing.
Has anyone configure something like that?
Carlos