search cancel

Configuring a syslog server using a hostname instead of an IP


Article ID: 168073


Updated On:




Configuring a syslog server using a hostname instead of an IPN/A


You want to enable syslog to an external syslog server. However, you want to use a system name, not an IP address, as the syslog server entry.

You want to avoid a manual edit of the system's /etc/hosts file to achieve this.


To do this, you must establish the following:
1) A DNS server that can resolve the system hostname
2) A configured DNS search suffix so that the simple name (alias) of the host can be resolved (and not just the FQDN)

Syslogd requires that the system name NOT be an FQDN hostname in most instances. As such, you need to establish resolution of the syslog system's alias name via DNS.

For example, your syslog server has a DNS record name of "". For syslog to function properly, you will need to simply be able to resolve "mysyslog" to an IP address in lieu of the entire string.

To do this:
1) In this example, the Syslog system's hostname is (ip is, and my DNS server IP is
2) On the X-series system, add in an DNS server that can resolve this name (i.e., a local Windows DNS server), as such:

CBS# configure dns server (i.e., your internal DNS server's address)

3) Then configure the search suffix (i.e.,, as such:

CBS# configure dns search-name

This allows any DNS query to to automatically append the "" suffix to the query. This may be REQUIRED for most implementations of syslog, requiring a single word name as the destination logging server.

4) Then configure your syslog logging server as, simply, "mysyslog" in the CLI:

CBS#configure logging server mysyslog

5) Test whether or not you can ping the simple name, mysyslog, from the shell:

[[email protected] admin]# ping mysyslog
PING ( from : 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=127 time=0.202 ms
64 bytes from ( icmp_seq=2 ttl=127 time=0.389 ms

This validates that the hostname is solely resolvable. If you cannot resolve the simple host name, check your DNS server's host entry.

As a test, temporarily change your console logging level for testing (the following tcpdump shows UDP 514 (syslog) was being sent to the syslog system):

[[email protected] admin]# tcpdump -i any -n port 53 or 514
tcpdump: listening on any
08:40:03.177317 > udp 42 (DF)
08:40:03.179354 > udp 42 (DF)
08:40:04.308290 > udp 25 (DF)