How does PIM Endpoint resolves IP to hostname in audit log?
Release : 12.8
Component : CA ControlMinder - Unix
There are 2 use cases how PIM resolves IP to hostname.
1. When PIM checks the rule
2. When user runs seaudit command
At the first use case, IP addresses are resolved to hostname by utilizing LADB (lookaside database) and also system call if osuser_enabled=yes is set in seos.ini. Please refer below documentation for more about lookaside database.
At the 2nd use case, PIM will resolve using system call. So, when system cannot resolve the IP address, seaudit command may show IP address only.