17 Replies Latest reply on Apr 7, 2010 5:30 PM by thebastidge

Syslog from secondary node IP's

byrona Mar 16, 2010 10:34 AM

In many cases our nodes have more than one IP associated with them, however; Orion only seems to be aware of a a single IP per node. If a node is sending Syslog messages to Orion from a different IP than the IP Orion has for that node it seems that those logs don't get associated with that node.

Has anybody else encountered this problem and what is the solution?

Thanks in advance for any suggestions!

Re: Syslog from secondary node IP's

ecklerwr1 Mar 16, 2010 11:04 AM (in response to byrona)

If it's a cisco device make sure the nodes are in NPM based on loopback address usually loopback0 and then add the following:
logging trap debugging
logging facility syslog
logging source-interface Loopback0
logging xxx.xxx.xxx.xxx <--- put your NPM servers IP here
Like (0)

Actions
- Re: Syslog from secondary node IP's
  
  ecklerwr1 Mar 16, 2010 11:07 AM (in response to ecklerwr1)
  
  I also add the following:
  
  snmp-server community xxxx RO 98
  snmp-server community xxxx RW 98
  snmp-server ifindex persist
  snmp-server location xxxxx
  snmp-server contact xxxxx
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  snmp-server enable traps tty
  snmp-server enable traps bgp
  snmp-server enable traps config
  snmp-server enable traps syslog
  snmp ifmib ifindex persist
  
  Like (0)
  
  Actions
  - Re: Syslog from secondary node IP's
    
    byrona Mar 16, 2010 11:47 AM (in response to ecklerwr1)
    
    In the event of an edge case where I am unable to configure things this way is there anyway to solve this problem?
    This makes me curious why Orion doesn't associate IP's with the other interfaces it discovers on nodes, it seems it would be beneficial to do so.
    
    Like (0)
    
    Actions
    - Re: Syslog from secondary node IP's
      
      viol8tor Mar 16, 2010 11:55 AM (in response to byrona)
      
      Hi Byrona,
      It's definitely best to configure your devices for source interfaces, but in the event you can't - just add ICMP Only or External Nodes with the IP address in question.
      Not the best solution. - but I've done it with externally managed devices that might use HSRP or VRRP.
      - v
      
      Like (0)
      
      Actions
      - Re: Syslog from secondary node IP's
        
        njoylif Mar 16, 2010 12:09 PM (in response to viol8tor)
        
        I've got a SQL script that pulls IPs/masks from NCM to NPM interfaces to custom properties to populate on map for live documenting, but i see what you're saying where traps/syslog sourced from one of those aren't associated with the node itself...
        I think this is a feature request or something SW has to comment on...
        
        Like (0)
        
        Actions
Re: Syslog from secondary node IP's

njoylif Mar 16, 2010 11:05 AM (in response to byrona)

typically that is why management systems best practices say to use loopback addresses (never go down) and you configure your devices to source SNMP and syslog from the loopback.
Like (0)

Actions
Re: Syslog from secondary node IP's

scottd Mar 16, 2010 12:10 PM (in response to byrona)

Yes,
Our solution is to discover or change the ip address(in solarwinds) of the offending node to the ip address that the syslog message is coming from.
This should do it.
Like (0)

Actions
Re: Syslog from secondary node IP's

epenney Mar 16, 2010 12:53 PM (in response to byrona)

Totally agree with best practice of using loopback0 for all sources (logging, snmp, tacacs etc) for consistency. However that aside, Orion is not YET capable of being aware of a router with multiple IP addresses and aware of network reachability (ie: hsrp) hence one of the main reasons some companies are hesitant to pack up their Openview NNM systems just yet.
Like (0)

Actions
- Re: Syslog from secondary node IP's
  
  ecklerwr1 Mar 16, 2010 1:18 PM (in response to epenney)
  
  You can do what viol8tor suggested and add those extra HSRP IP's as ICMP only nodes so you at least monitor the up/down status of them.
  
  Like (0)
  
  Actions
  - Re: Syslog from secondary node IP's
    
    thebastidge Apr 7, 2010 5:30 PM (in response to ecklerwr1)
    
    We're also struggling with this issue. Without seeing the IPs associated with the interface, we've resorted to monitoring each interface as a seperate node. The suggestion to add them as ICMP only nodes is a small step better, but not much. Adding it as another SNMP node as we did in the past also has issues with being imported into NCM multiple times if you're not careful. I haven't tried the ICMP node setup yet- does anyone know whether NCM tries to import these?
    Since a router has both physical and logical "up/down" states, it's problematic to monitor the interface at only the physical level: the router could have problems at layer 3 without ever losing the physical connection.
    We really need to see this enhancement.
    
    Like (0)
    
    Actions
- Re: Syslog from secondary node IP's
  
  MarieB Mar 17, 2010 3:16 PM (in response to epenney)
  
  Hi bryron--
  Not sure but this may be a feature that NPM dev is working on for the next release. See this If you're curious as to what we're working on..., look under Syslog and Traps, Items 6 and 8.
  Let me know if this helps.
  M
  
  Like (0)
  
  Actions
  - Re: Syslog from secondary node IP's
    
    byrona Mar 17, 2010 3:28 PM (in response to MarieB)
    
    Hi bryron--
    Not sure but this may be a feature that NPM dev is working on for the next release. See this If you're curious as to what we're working on..., look under Syslog and Traps, Items 6 and 8.
    Let me know if this helps.
    M
    
    No, this doesn't seem to be covered.
    With most NMS's that I have worked with, they will discover all of the IP's associated with the different interfaces on a device. Orion already comes three quarters of the way there by discovering the different interfaces associated with a device, associating their MAC address and giving you the option to monitor them; the only thing it isn't doing is grabbing the IP addess and associating that as well.
    I am curious why the development team didn't take that last step since this is what just about every other NMS does.
    
    Like (0)
    
    Actions
    - Re: Syslog from secondary node IP's
      
      ecklerwr1 Mar 17, 2010 4:34 PM (in response to byrona)
      
      I have to agree with byron here... why would you not show the associated IP's with the interfaces listed on node details for a device??? An example is on a router with say 8 interfaces... why under the routers nodes detail where interfaces are listed would you list the port and description but not show the IP assigned to it??? Is there are reason for this???
      EDIT:
      I end up having to ssh to the router sometime when I'm in a rush to check an Interfaces IP since NPM won't show it under node details. You would think it might show the IP and mask for each interface...
      
      Like (0)
      
      Actions
      - Re: Syslog from secondary node IP's
        
        MarieB Mar 18, 2010 4:52 PM (in response to ecklerwr1)
        
        Hi Bill and Byron--
        I'll mark this for development and the PM and see what they have to say.
        M
        
        Like (0)
        
        Actions
        
        Re: Syslog from secondary node IP's
        
        ecklerwr1 Mar 19, 2010 9:10 AM (in response to MarieB)
        
        Thanks Marie I think everyone would like to see the IP's and subnet mask associated with each interface on their routers under node details. I wouldn't think this would be too complicated to add under node details and as you can see from the thread some people have done this themselves (njoylif) with custom properties.
        Best Regards,
        Bill
        
        Like (0)
        
        Actions
        
        Re: Syslog from secondary node IP's
        
        bshopp Apr 6, 2010 8:12 PM (in response to ecklerwr1)
        
        Got it and makes sense, thanks for the feedback
        
        Like (0)
        
        Actions
Re: Syslog from secondary node IP's

Gob Mar 31, 2010 12:21 AM (in response to byrona)

In many cases our nodes have more than one IP associated with them, however; Orion only seems to be aware of a a single IP per node.

I created a new resource that displays messages from all addresses of node. Syslog from related node IP's
Like (0)

Actions

Go to original post