Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1222
Views
0
Helpful
2
Replies

IP address duplication problem for syslog transfer

WangSteven02215
Level 1
Level 1

‎12-09-2020 11:08 AM

Hi, I have no expertise on the network. I always appreciate your taking the time to answer my question.

 

We will connect independent systems using the L3 Switch and send the syslog to the cyber security operation center like attached picture. (Network switch will send via syslog function, and agent will be installed on workstation)

첨부 그림.JPG


If IP addresses are duplicated between independent systems, is there a problem in transmitting logs?


Then, what is the solution to this problem?

 

Best regards,

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎12-09-2020 11:34 AM - edited ‎12-09-2020 11:35 AM

i do not  believe any issue sending logs, but co-relation is the issue,

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎12-12-2020 08:54 AM

If I am understanding the original post correctly there will be an agent installed on workstations which will be sending syslog messages to a server and that it is possible that several workstations may have the same IP address. The original question is whether there would be a problem in transmitting the logs. The answer depends on how the agent will be sending the logs. If it just uses UDP and the syslog port number then transmission of logs should go through without a problem. But if the agent is sending the logs using anything that expects a reply/acknowledgement then there would be a problem because the reply/acknowledgement may not find the correct source.

 

I believe that there is a bigger question here than just will the log messages be sent. What if a log message is sent from an agent that indicates a problem on the workstation? How do you interpret that error and how do you respond to it if you can not identify the particular workstation that generated the message? (if the error came from 192.168.7.241 and there are 4 workstations that have this IP then which workstation do you go to?)

 

And there is a bigger problem than just managing syslog messages. If multiple devices in the network may have the same IP then how will they function on the network? If a workstation has IP 192.168.14.122 and is running an application that requests some data and there are multiple workstations that use this IP address then how does the application get its data? A network where multiple workstations may have the same IP address is a problem. The best solution to the issue is to have some system that assures that each workstation IP address is unique (such as using DHCP to assign addresses) or if IP addresses are manually configured then some system that manages addresses being used to prevent duplicate addresses. A different solution might be to divide the network into several parts (think several areas) where you can assure that within an area IP addresses are unique, and to use address translation when communicating between areas.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card