• State Verified Answer
  • Locked Locked
  • Replies 17 replies
  • Subscribers 38 subscribers
  • Views 1027 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Syslog from secondary node IP's

byrona

In many cases our nodes have more than one IP associated with them, however; Orion only seems to be aware of a a single IP per node.  If a node is sending Syslog messages to Orion from a different IP than the IP Orion has for that node it seems that those logs don't get associated with that node.

Has anybody else encountered this problem and what is the solution?

Thanks in advance for any suggestions!

  • 0

    If it's a cisco device make sure the nodes are in NPM based on loopback address usually loopback0 and then add the following:

    logging trap debugging
    logging facility syslog
    logging source-interface Loopback0
    logging xxx.xxx.xxx.xxx  <--- put your NPM servers IP here

  • 0

    typically that is why management systems best practices say to use loopback addresses (never go down) and you configure your devices to source SNMP and syslog from the loopback.

  • 0 in reply to ecklerwr1

    I also add the following:

    snmp-server community xxxx RO 98
    snmp-server community xxxx RW 98
    snmp-server ifindex persist
    snmp-server location xxxxx
    snmp-server contact xxxxx
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps tty
    snmp-server enable traps bgp
    snmp-server enable traps config
    snmp-server enable traps syslog
    snmp ifmib ifindex persist

  • 0 in reply to ecklerwr1

    In the event of an edge case where I am unable to configure things this way is there anyway to solve this problem?

    This makes me curious why Orion doesn't associate IP's with the other interfaces it discovers on nodes, it seems it would be beneficial to do so.

  • 0 in reply to byrona

    Hi Byrona,

    It's definitely best to configure your devices for source interfaces, but in the event you can't - just add ICMP Only or External Nodes with the IP address in question.

    Not the best solution. - but I've done it with externally managed devices that might use HSRP or VRRP.

    - v

  • 0 in reply to viol8tor

    I've got a SQL script that pulls IPs/masks from NCM to NPM interfaces to custom properties to populate on map for live documenting, but i see what you're saying where traps/syslog sourced from one of those aren't associated with the node itself...

    I think this is a feature request or something SW has to comment on...

  • 0

    Yes,

    Our solution is to discover or change the ip address(in solarwinds) of the offending node to the ip address that the syslog message is coming from.

    This should do it.

  • 0

    Totally agree with best practice of using loopback0 for all sources (logging, snmp, tacacs etc) for consistency. However that aside, Orion is not YET capable of being aware of a router with multiple IP addresses and aware of network reachability (ie: hsrp) hence one of the main reasons some companies are hesitant to pack up their Openview NNM systems just yet. 

  • 0 in reply to epenney

    You can do what viol8tor suggested and add those extra HSRP IP's as ICMP only nodes so you at least monitor the up/down status of them.

  • 0 in reply to epenney

    Hi bryron--

    Not sure but this may be a feature that NPM dev is working on for the next release. See this post, look under Syslog and Traps, Items 6 and 8.

    Let me know if this helps.

    M

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.