cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to prevent client cache overload with too many user names with detected IP and DNS resolution?

daniil_kochetov
Participant

Hello.

Our DCRUM works in ISP mode tracking IP addresses from various selected subnets. Recently I found our client cache is growing for ~1k of new users a day. I even had to extend default limit of clients up to 100k while it is currently filled with 77k of users. Our storage period is also a bit extended for our needs:
AMD_STORAGE_PERIOD = UEM_STORAGE_PERIOD = 62
AMD_DAILY_TRENDS_LEN = UEM_DAILY_TRENDS_LEN = 93
AMD_MONTHLY_TRENDS_LEN = UEM_MONTHLY_TRENDS_LEN = 6

Our DCRUM monitors many applications with many users, but 77k (growing for 1k every day) looks a bit too much and I think I could understand the root cause.
As many other organizations we use DHCP, so every day any user have good chances to be assigned with another IP address. In the most of cases I don't configure user name recognition rules, therefore total most of our users are recorded in " <IP> (<DNS name>)" format. It is easy to imagine that each day we have at least 1k users which have their IP addresses changed. For DCRUM these are new users, while it still keeping statistics for their previous associations for a long time.

Is there any way to prevent DCRUM from reverse resolving only client IP addresses, but keep reverse lookup for server IP addresses?

4 REPLIES 4

It would be useful to know the version of CAS you have.

Product Name: Central Analysis Server
Version: 12.4.7.17

Go to advanced properties and set

DNS_DISABLE_CLIENT_RESOLVING=true (or add this property if not exist)

apm.resolve.timeout=900000000000

This will effectively stop client resolving (after some time i.e. when all currently queued users are resolved).

Thank you, Robert.
The solution seems to work! At least I started seeing many usernames as IP without DNS resolution. I think this should resolve my problem with client cache saturation. I have to temporary increase client cache limit (new clients without DNS will coexist with previously recognized ones), but hope I will be able to set it back soon.