syslog message originating from nat network

Mr_Reyes · January 17, 2017, 10:45:46 PM

Hey all

i need some tips on handling syslog messages originating from behind a nat router.

the source and host in the messages takes the routers info, but the messages contains <time><device><log event>

how can i handle these messages, so they will end up on the correct devices (i have an agent running snmp off the devices)?

i cant seem to figure out how to use the parser for this...

Victor Kirhenshtein · January 18, 2017, 12:20:08 AM

Hi,

if syslog message contains correct device name and you have that device under same name in NetXMS, try to set server configuration parameter SyslogNodeMatchingPolicy to 1 (which means "host name then IP") and restart server.

Best regards,
Victor

Mr_Reyes · February 10, 2017, 03:50:34 PM

here is the problem;

the string looks like this, without the hostname set...

[6d:06h:02m:45s] NEXANS-00C029260F62:Port Link Change: Link-State=100FDX, Portnumber=1, Description=TP-1, Name=<none>

first a timestamp containting the running time, then the hostname, and then the syslog message

Victor Kirhenshtein · February 23, 2017, 07:32:11 PM

Then NetXMS server cannot match it to correct device - there are just no enough information. You can setup syslog proxy on agent behind NAT so it will receive syslog messages from original addresses and forward to NetXMS server.

Best regards,
Victor

NetXMS Support Forum

News:

syslog message originating from nat network

Mr_Reyes

Victor Kirhenshtein

Mr_Reyes

Victor Kirhenshtein