Logs are not forwarded to syslog server by the Aria Operations when the server hostname is defined by IP
search cancel

Logs are not forwarded to syslog server by the Aria Operations when the server hostname is defined by IP

book

Article ID: 386164

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Log Forwarding under Administration > Control Panel > Log Forwarding in Aria Operations has been configured using an IP in the Host field, but no logs are being sent.

Environment

VMware Aria Operations 8.x

Cause

An extra non IP address character is present in the IP address if due to copying and pasting in to the Host field.

Resolution

  1. Log in to Aria Operations and navigate to  Administration > Control Panel > Log Forwarding
  2. Delete everything in the Host field
  3. Type the IP address in to the host field and click Apply Changes

Additional Information

Aria Operations uses the Aria Operations for Logs agent that is preinstalled on the appliance VMs to forward logs.

Entries like below will be seen in the /var/log/loginsight-agent/liagent_<date>.log file on the appliance VM.

<trace> Config:292         | Read config param [server].hostname = 10.1.2.3
...
<trace> Logger:209         | Thread "SyslogConnection" has id 0x7fe8822196c0
<error> SyslogConnectio:265| Resolver failed. Host not found (authoritative)
  • Read config param [server].hostname = 10.1.2.3
    • verifies that the server is set by IP and not FQDN

  • Resolver failed. Host not found (authoritative)
    • indicates that the Aria Operations for Logs agent tried to resolve the IP address as a FQDN in DNS

Reviewing the log entry with cat -e will reveal an invisible character in the IP address

grep -m 1 'Read config param \[server\].hostname' /var/log/loginsight-agent/liagent_*.log | rev | cut -d' ' -f1 | rev | cat -e
  • The IP address should only contain digits 0-9 and .
  • The log entry should end with a non-breaking space followed by a line feed (indicated by $ with cat -e)

Example

$ grep -m 1 'Read config param \[server\].hostname' /var/log/loginsight-agent/liagent_*.log | rev | cut -d' ' -f1 | rev | cat -e
10.1.2.3M-BM- $
  • Note the M-BM- character at the end of the IP. This invisible character caused the agent to interpret the IP as a FQDN to be resolved in DNS.

Correct Example

$ grep -m 1 'Read config param \[server\].hostname' /var/log/loginsight-agent/liagent_*.log | rev | cut -d' ' -f1 | rev | cat -e
10.1.2.3 $

 

Powered by Wolken Software