NetXMS Support Forum

We recently upgraded NetXMS 1.2.17 to 2.0.3 (1.2.17 > 2.0.2 > 2.0.3) but the syslog data from existing nodes are being displayed as <unknown>. However nodes (Same model and firmware from <unknown> syslog data) added after upgrade to 2.0.3 are being identified correctly. Any ideas?

After upgrading to 2.0.4 and performed nxdbmgr upgrade, previously known source in syslog became <unknown>. What's the debug level for Syslog logging?

What are your "SyslogIgnoreMessageTimestamp" and "SyslogNodeMatchingPolicy" server configuration variables configured to?

Also, did you get it working before 2.0.4, or is this the same issue persisting from 2.0.2/2.0.3?

SyslogIgnoreMessageTimestamp and SyslogNodeMatchingPolicy are 0. It's working properly in 1.2.x branch but not after upgrade to 2.0.x branch.

Please run tcpdump (or wireshark or similiar) and look at the actual packets of the incoming syslog messages.

What IP address do they come from?
If you put ">that_ip_address" into the object tree filter, does it find anything (make sure to prefix the IP with ">")?

The source IP address of the syslog message packet gets looked up across all your nodes present in NetXMS.
Are you sure you have a node with the address of the syslog messages present in NetXMS?

Bonus info: are syslogs coming over IPv4 or IPv6?

The IPv4 address of Syslog source does have a node found by using filter ">ip_address" and match its "primary host name" field.

Hi,

it shows <unknown> in "Source" column of syslog monitor? That means that server was unable to find node object by source IP address or host name. Are you using zones? If not, could you please run command (on NetXMS server console):

nxadm -c "show index nodeaddr"

and check that problematic node's source address is there?

Best regards,
Victor

Hi Victor,

I'm using zones and "show index nodeaddr" returns nothing.

Hi Victor,

I deleted then re-added a node and the source can display properly but the "show index nodeaddr" still return nothing.