DNS Lookups Format

Question

DNS Lookups Format

bdorr1105 opened this issue 4 years ago · 2 comments

I am in this --> nano 10_input_netflow_ipv4.logstash.conf and the format looks different that it used to be.

Previously, to enable DNS Lookups, you would do this below:

Environment="ELASTIFLOW_RESOLVE_IP2HOST=true"
Environment="ELASTIFLOW_NAMESERVER=10.10.10.11"

However, the file looks way different.

input {
  # Netflow
  udp {
    host => "${ELASTIFLOW_NETFLOW_IPV4_HOST:0.0.0.0}"
    port => "${ELASTIFLOW_NETFLOW_IPV4_PORT:9995}"
    workers => "${ELASTIFLOW_NETFLOW_UDP_WORKERS:4}"
    queue_size => "${ELASTIFLOW_NETFLOW_UDP_QUEUE_SIZE:4096}"
    receive_buffer_bytes => "${ELASTIFLOW_NETFLOW_UDP_RCV_BUFF:33554432}"
    codec => netflow {
      versions => [5,9,10]
      include_flowset_id => "true"
      netflow_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/netflow.yml"
      ipfix_definitions => "${ELASTIFLOW_DEFINITION_PATH:/etc/logstash/elastiflow/definitions}/ipfix.yml"
    }
    type => "netflow"
  }
}

Answer 1 · 2020-12-18T23:13:56.000Z

You are in the wrong file. To set environment variables you need to edit the systemd config file /etc/systemd/system/logstash.service.d/elastiflow.conf

Answer 2 · 2020-12-19T00:07:40.000Z

Thanks for the information