Configuring a syslog server using a hostname instead of an IP

book

Article ID: 168073

calendar_today

Updated On:

Products

XOS

Issue/Introduction

Configuring a syslog server using a hostname instead of an IPN/A

Cause

You want to enable syslog to an external syslog server. However, you want to use a system name, not an IP address, as the syslog server entry.

You want to avoid a manual edit of the system's /etc/hosts file to achieve this.

Resolution

To do this, you must establish the following:
1) A DNS server that can resolve the system hostname
2) A configured DNS search suffix so that the simple name (alias) of the host can be resolved (and not just the FQDN)

Syslogd requires that the system name NOT be an FQDN hostname in most instances. As such, you need to establish resolution of the syslog system's alias name via DNS.

For example, your syslog server has a DNS record name of "mysyslog.mynetwork.com". For syslog to function properly, you will need to simply be able to resolve "mysyslog" to an IP address in lieu of the entire string.

To do this:
1) In this example, the Syslog system's hostname is mysyslog.mynetwork.com (ip is 10.8.1.152), and my DNS server IP is 10.1.1.150.
2) On the X-series system, add in an DNS server that can resolve this name (i.e., a local Windows DNS server), as such:

CBS# configure dns server 10.1.1.150 (i.e., your internal DNS server's address)

3) Then configure the search suffix (i.e., mynetwork.com), as such:

CBS# configure dns search-name mynetwork.com

This allows any DNS query to 10.1.1.150 to automatically append the "mynetwork.com" suffix to the query. This may be REQUIRED for most implementations of syslog, requiring a single word name as the destination logging server.

4) Then configure your syslog logging server as, simply, "mysyslog" in the CLI:

CBS#configure logging server mysyslog

5) Test whether or not you can ping the simple name, mysyslog, from the shell:

[[email protected] admin]# ping mysyslog
PING
mysyslog.mynetwork.com (10.8.1.152) from 192.168.30.180 : 56(84) bytes of data.
64 bytes from
mysyslog.mynetwork.com (10.8.1.152): icmp_seq=1 ttl=127 time=0.202 ms
64 bytes from
mysyslog.mynetwork.com (10.8.1.152): icmp_seq=2 ttl=127 time=0.389 ms

This validates that the hostname is solely resolvable. If you cannot resolve the simple host name, check your DNS server's host entry.

As a test, temporarily change your console logging level for testing (the following tcpdump shows UDP 514 (syslog) was being sent to the syslog system):

[[email protected] admin]# tcpdump -i any -n port 53 or 514
tcpdump: listening on any
08:40:03.177317 192.168.30.180.syslog > 10.8.1.152.syslog: udp 42 (DF)
08:40:03.179354 192.168.30.180.syslog > 10.8.1.152.syslog: udp 42 (DF)
08:40:04.308290 192.168.30.180.syslog > 10.8.1.152.syslog: udp 25 (DF)

Workaround

N/A