Settings for a connector of the etw type are described in the following tables.
Basic settings tab
Setting |
Description |
---|---|
Name |
Unique name of the resource. The maximum length of the name is 128 Unicode characters. Required setting. |
Tenant |
The name of the tenant that owns the resource. Required setting. |
Type |
Connector type, etw. Required setting. |
URL |
URL of the DNS server. Required setting. |
Session name |
Session name that corresponds to the ETW provider: Microsoft-Windows-DNSServer {EB79061A-A566-4698-9119-3ED2807060E7}. If in a connector of the etw type, the session name is specified incorrectly, the wrong provider is specified in the session, or an incorrect method is specified for sending events (to send events correctly, on the Windows Server side, you must specify "Real time" or "File and Real time" mode), events will not arrive from the agent, an error will be recorded in the agent log on Windows, and the status of the agent will be green. At the same time, no attempt will be made to get events every 60 seconds. If you modify session settings on the Windows side, you must restart the etw agent and/or the session for the changes to take effect. For details about specifying session settings on the Windows side to receive DNS server events, see the Configuring receipt of DNS server events using the ETW agent section. Required setting. |
Extract event information |
Extraction of the minimum set of event information that can be obtained without having to download third-party metadata from the disk. This method helps conserve CPU resources on the computer with the agent. By default, the toggle switch is enabled and all event data is extracted. |
Extract event properties |
Extraction of event properties. If this toggle switch is disabled, event properties are not extracted, which helps save CPU resources on the machine with the agent. By default, the toggle switch is enabled and event properties are extracted. You can use the Extract event properties switch only if the Extract event information toggle switch is enabled. |
Description |
Description of the resource. The maximum length of the description is 4000 Unicode characters. |
Advanced settings tab
Setting |
Description |
---|---|
Debug |
Ths switch enables resource logging. This toggle switch is turned off by default. |
Character encoding |
Character encoding. The default is UTF-8. |
TLS mode |
TLS encryption mode using certificates in pem x509 format. Available values:
When using TLS encryption, you cannot specify an IP address as the URL. |
Compression |
Drop-down list for configuring Snappy compression:
|
If you edit a connector of this type, the TLS mode and Compression settings are visible and available on the connector resource as well as the collector. If you are using a connector of this type on a collector, the values of TLS mode and Compression settings are sent to the destination of automatically created agents.
Page top