nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Syslog node names?

samuryan89

I have a number of syslog devices pointed at LEM, but they all show up as IP addresses for node name. Is there a way to change the name of these nodes?

Thanks!

Find more posts tagged with

Accepted answers

All comments

donthomas

Are the Cisco? If they are Cisco devices, make sure you have enabled origin-id logging for syslog messages. The command is:

logging origin-id { hostname | ip | ipv6 | string user-defined-id }

"hostname" specifies that the hostname will be used as the message origin identifier and "ip" specifies that the IP address of the sending interface will be used as the message origin identifier.

samuryan89

Some are Cisco, some aren't. For the Cisco ones, I don't seem to have the "logging origin-id" option. I do have "logging device-id hostname" which doesn't seem to have affected the name of the node in LEM. Any ideas?

donthomas

Cisco docs says the command has been supported from 12.2(15)T release train onwards. Is your device an ASA? ASA command reference states that "logging device-id hostname" would set the hostname of the device as the device id to be sent in syslog messages.

FormerMember

Hi,

is there a way to change it on LEM itself other than from the source device.

curtisi

No, the LEM gets the node names from what it sees in the logs and those aren't customizable in the LEM interface.

samuryan89

It's unfortunate that LEM doesn't include some way of changing IP addresses to human readable node names. Donthomas provided a way of fixing this from a Cisco device running 12.2 or later, but what if I have older devices? What if I have non-Cisco devices? There should be some way to manually map IP addresses to names.

curtisi

In my experience, most vendors provide a way to change the source name of log messages, like Cisco. Those are usually available from the various vendor admin guides. If you have devices older than IOS 12.2, then you have other problems: why are you worrying about logging and auditing with a version of IOS that has so many known vulnerabilities instead of addressing the vulnerabilities?

badami

Hello, Solarwinds has a database for Syslog. In this DB there are a HOSTNAME_UNICODE column which is used to show Syslog Hostname under Syslog web page.

Is uses DNS to fill this column, and if DNS does not work it fills it with IP address, but it's not regularly updated.

We changed hostnames of our devices but Syslog kept showing old ones. No DNS is configured.

I found a couples ways to fix this.

You can:

1) Update Syslog.Hostname_UNICODE field to match Node.Caption or Node.Sysname using SQL update statement.

2) Using Syslog Viewer application from your Solarwinds server you can define which columns to show on the syslog web page, and you may replace Source Hostname (from Syslog.Hostname) with Node Name (From Nodes.Caption).

curtisi

That may work for NPM Syslog, but you won't be able to get that access to LEM's database (and the DB isn't SQL).