17 Replies Latest reply on Apr 7, 2010 5:30 PM by thebastidge

    Syslog from secondary node IP's

    byrona

      In many cases our nodes have more than one IP associated with them, however; Orion only seems to be aware of a a single IP per node.  If a node is sending Syslog messages to Orion from a different IP than the IP Orion has for that node it seems that those logs don't get associated with that node.

      Has anybody else encountered this problem and what is the solution?

      Thanks in advance for any suggestions!

        • Re: Syslog from secondary node IP's
          ecklerwr1

          If it's a cisco device make sure the nodes are in NPM based on loopback address usually loopback0 and then add the following:

          logging trap debugging
          logging facility syslog
          logging source-interface Loopback0
          logging xxx.xxx.xxx.xxx  <--- put your NPM servers IP here

            • Re: Syslog from secondary node IP's
              ecklerwr1

              I also add the following:

              snmp-server community xxxx RO 98
              snmp-server community xxxx RW 98
              snmp-server ifindex persist
              snmp-server location xxxxx
              snmp-server contact xxxxx
              snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
              snmp-server enable traps tty
              snmp-server enable traps bgp
              snmp-server enable traps config
              snmp-server enable traps syslog
              snmp ifmib ifindex persist

                • Re: Syslog from secondary node IP's
                  byrona

                  In the event of an edge case where I am unable to configure things this way is there anyway to solve this problem?

                  This makes me curious why Orion doesn't associate IP's with the other interfaces it discovers on nodes, it seems it would be beneficial to do so.

                    • Re: Syslog from secondary node IP's
                      viol8tor

                      Hi Byrona,

                      It's definitely best to configure your devices for source interfaces, but in the event you can't - just add ICMP Only or External Nodes with the IP address in question.

                      Not the best solution. - but I've done it with externally managed devices that might use HSRP or VRRP.

                      - v

                        • Re: Syslog from secondary node IP's
                          njoylif

                          I've got a SQL script that pulls IPs/masks from NCM to NPM interfaces to custom properties to populate on map for live documenting, but i see what you're saying where traps/syslog sourced from one of those aren't associated with the node itself...

                          I think this is a feature request or something SW has to comment on...

                  • Re: Syslog from secondary node IP's
                    njoylif

                    typically that is why management systems best practices say to use loopback addresses (never go down) and you configure your devices to source SNMP and syslog from the loopback.

                    • Re: Syslog from secondary node IP's
                      scottd

                      Yes,

                      Our solution is to discover or change the ip address(in solarwinds) of the offending node to the ip address that the syslog message is coming from.

                      This should do it.

                      • Re: Syslog from secondary node IP's
                        epenney

                        Totally agree with best practice of using loopback0 for all sources (logging, snmp, tacacs etc) for consistency. However that aside, Orion is not YET capable of being aware of a router with multiple IP addresses and aware of network reachability (ie: hsrp) hence one of the main reasons some companies are hesitant to pack up their Openview NNM systems just yet. 

                          • Re: Syslog from secondary node IP's
                            ecklerwr1

                            You can do what viol8tor suggested and add those extra HSRP IP's as ICMP only nodes so you at least monitor the up/down status of them.

                              • Re: Syslog from secondary node IP's
                                thebastidge

                                We're also struggling with this issue. Without seeing the IPs associated with the interface, we've resorted to monitoring each interface as a seperate node. The suggestion to add them as ICMP only nodes is a small step better, but not much. Adding it as another SNMP node as we did in the past also has issues with being imported into NCM multiple times if you're not careful. I haven't tried the ICMP node setup yet- does anyone know whether NCM tries to import these?

                                Since a router has both physical and logical "up/down" states, it's problematic to monitor the interface at only the physical level: the router could have problems at layer 3 without ever losing the physical connection.

                                We really need to see this enhancement.

                              • Re: Syslog from secondary node IP's

                                Hi bryron--

                                Not sure but this may be a feature that NPM dev is working on for the next release. See this If you're curious as to what we're working on..., look under Syslog and Traps, Items 6 and 8.

                                Let me know if this helps.

                                M

                                  • Re: Syslog from secondary node IP's
                                    byrona


                                    Hi bryron--

                                    Not sure but this may be a feature that NPM dev is working on for the next release. See this If you're curious as to what we're working on..., look under Syslog and Traps, Items 6 and 8.

                                    Let me know if this helps.

                                    M

                                     



                                    No, this doesn't seem to be covered. 

                                    With most NMS's that I have worked with, they will discover all of the IP's associated with the different interfaces on a device.  Orion already comes three quarters of the way there by discovering the different interfaces associated with a device, associating their MAC address and giving you the option to monitor them; the only thing it isn't doing is grabbing the IP addess and associating that as well. 

                                    I am curious why the development team didn't take that last step since this is what just about every other NMS does.

                                • Re: Syslog from secondary node IP's
                                  Gob


                                  In many cases our nodes have more than one IP associated with them, however; Orion only seems to be aware of a a single IP per node.

                                   



                                  I created a new resource that displays messages from all addresses of node.  Syslog from related node IP's