How does IP address name resolution work in NFA compared to RA?
In ReporterAnalyzer(RA) 9.0 and earlier IP Address Hostname resolution of conversations and hosts worked differently than it does in Network Flow Analysis(NFA) 9.1.x and newer.
In RA hostnames found in Host and Conversation data where loaded into the reporter.address_definitions table on the console server, as the data was processed through the Pump Service on the RA console server.
Once the IP address is in the address_definitions table on the console server, the NetQos ReporterAnalyzer Manager service will attempt to perform the DNS resolution lookup at the next scheduled interval.
In NFA this works differently because of the way the software was redesigned to allow for a Two Tier architecture.
In a two tier architecture, data no longer passes through the Pump service on the console to be processed, so IP addresses are no longer loaded automatically into the address_definitions table.
Instead, the trigger to load IP Addresses into the address_definitions table happens when you open a report in the Web Browser that contains the IP address in question. The report must be viewed in the Web UI, viewing an copy of the report in an Email PDF will not trigger this to take place.
Once the IP address is in the address_definitions table, it will be resolved just like it was in RA 9.0.
You can also adjust how often the DNS check will be performed by looking at the 'Administration->Addresses' page in the NFA Web UI.
In NFA if there is an IP address that is not getting resolved, first check to see if the IP address is in the Admin->Addresses page of NFA.
If it is verify that the name can be resolved from the Console server.
If the IP address is not on the Admin->Addresses page, run a report in the NFA Web UI that will have that IP address and view the report there, then check the Admin->Addresses page again in NFA to see if the if IP address now shows up.
At that point if the IP address is there, you have the option to manually update the host name or wait for the next cycle of when the ReporterAnalyzer Manager Service will attempt to check DNS for the Address.
If there is an Address which you are still not seeing in the Admin->Addresses page of NFA, you can manually insert the IP address using the command below on the NFA Console server where x.x.x.x is the IP address you want to insert:
mysql -P3308 -D reporter -t -e "insert into address_definitions values (inet_aton('x.x.x.x'), 1, 'NULL' , 'Y', '3n', unix_timestamp(), unix_timestamp());"
Once inserted, NFA should attempt to resolve the IP address with DNS shortly after.