DNS lookups will effectively rate limit flow export, though, even if you're
hitting a cache. Do it after the fact in your presentation layer with a
cache, don't do it at the collection level, because you'll also have to
store it. I dunno what your flow volume is, but this is generally a bad
idea. You're increasing processing time per flow with a multi-millisecond
block, and you're increasing storage per flow by up to 64 bytes, in more
egregious cases. Per flow. This is a scale exercise that can get out of
hand very quickly.
On Mon, Dec 5, 2016 at 9:10 AM, Hiep Huynh <hhu...@firescope.com> wrote:
> When aggregating on src_host and dst_host, the outputs are IP addresses.
> Is it possible to also get DNS equivalent? Can pmacct perform a reverse DNS
> lookup and output it along with the IP addresses?
> If not, is there a workaround involving the 'networks_file' option where
> both IP address and its DNS/label are included in its output?
> pmacct-discussion mailing list
pmacct-discussion mailing list