Orion Syslog sending wrong IP for device

Ritika

Hi ,

We are using the Syslog functionality of Orion. One of our device ( for eg, IP 1.1.1.1) is sending a syslog message
to Orion. I am able to see this message in syslog coming from 1.1.1.1. All is good till here.

We have configured an alert/rule which matches this syslog message and as a trigger action for that alert, it sends an SNMP trap to the SNMP server.
so basically, we are forwarding syslog messages to the SNMP server.

Now here is when the problem comes. I am able to see the trap on SNMP server.
But the trap on SNMP server (coming directly from Syslog server on Orion) is showing incorrect IP address for the device.

In the received trap, there are 2 fields which interest me:

'SOLARWINDS-TRAPS::nodeName' => {
                                              'value' => '1.1.1.1'
                                            },
SOLARWINDS-TRAPS::nodeIP' => {
                                            'value' => 'Wrong Type (should be IpAddress): "2.2.2.2"'
                                          },

This SNMP server parses the trap and sends it to our management system, EventUAL. We monitor EventUAL for alerts. So because of above , we are getting
wrong alerts on EventUAL ( they are really coming from IP 1.1.1.1, but EventUAL shows them as coming from 2.2.2.2)

 

Thanks,

Ritika

sean.martinez

Can you do a wireshark capture and see what the SourceIP Address is noted in the packet? If the SourceIP is noted correctly, please open a Support case.

 

Support would need the Wireshark trace and Diagnostics to further investigate this issue.