Name Resolution
Overview
The ElastiFlow Unified Flow Collector can be configured to resolve IP addresses to hostnames. The following settings allow this feature to be tuned to the needs of your environment.
EF_PROCESSOR_ENRICH_IPADDR_DNS_ENABLE
This setting enables DNS reverse lookups of IP addresses found in the received flow records.
- Valid Values
true
,false
- Default
false
EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_IP
The default behavior of the collector is to use the operating system's configured name resolution to resolve IP addresses to hostnames. Optionally a nameserver can be specified in this setting, which will be used instead.
If configured, this setting MUST contain a valid IP address.
- Default
- empty
EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_TIMEOUT
If EF_PROCESSOR_ENRICH_IPADDR_DNS_NAMESERVER_IP
contains a valid IP address, this setting contains the timeout period, in milliseconds, for queries to the name server.
- Default
3000
(milliseconds)
EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PRIVATE
If DNS resolution is enabled (EF_PROCESSOR_ENRICH_IPADDR_DNS_ENABLE
is true
) this option specifies whether private IP addresses will be resolved to hostnames.
- Valid Values
true
,false
- Default
true
EF_PROCESSOR_ENRICH_IPADDR_DNS_RESOLVE_PUBLIC
If DNS resolution is enabled (EF_PROCESSOR_ENRICH_IPADDR_DNS_ENABLE
is true
) this option specifies whether public IP addresses will be resolved to hostnames.
- Valid Values
true
,false
- Default
true