4 Replies Latest reply on May 21, 2015 1:27 PM by bitginsu

    Node name resolution in LEM

    njoylif

      Running 5.4

      I have a handful of nodes that are not resolving the node name, just shows IP.

      I pinged the hostname from the SSH CLI in appliance mode and it worked properly.

      Pinging address ap-exx-xxxxx-a--inside.net.nxxxx.com for 1 packets.

              [OK] Ping received from ap-xxx-xxxxx-a--inside.net.nxxxx.com

      cmc::acm#

       

      what can I do to fix this?

        • Re: Node name resolution in LEM
          nicole pauls

          The node name for non-agent devices (i.e. syslog, SNMP, remote devices) is displayed as it is received in the syslog (or SNMP, etc) data.

           

          That is, if your syslog message looks like:

          May 11 2012 11:06:00 192.168.168.1 Something_Cool_Happened

          LEM will display "192.168.168.1" in the node list. If it looks like:

          May 11 2012 11:06:00 main-fw1 Something_Cool_Happened

          LEM will display "main-fw1" in the node list.


          We aren't doing any name resolution inside of LEM for displaying node data outside of what the native syslog server is doing. We do do name resolution in our correlation engine, so that if "main-fw1" and "main-fw1.domain.local" and "192.168.168.1" are the same thing we correlate them together (as long as we've got reliable DNS), but it's not displayed anywhere, it's pretty much behind the scenes.


          For agent nodes, we display the address the appliance sees the agent connect from as a part of the agent's information.

          1 of 1 people found this helpful