Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
692
Views
0
Helpful
6
Replies

Syslog messages with the wrong hostname

LMH0103
Level 1
Level 1

‎11-26-2024 05:14 AM

Hi,

I have recently configured logging on 100+ devices, and all of them are successfully sending their logging messages to a Unix host.

However, 3 of them have an issue where they are sending the incorrect hostname within the message, and I cannot find any reason as to why they are doing this. For example, the router will have the hostname as router1, and the logging will be configured as:

logging origin-id hostname
logging source-interface Loopback0
logging host x.x.x.x
logging host y.y.y.y

However, when you inspect the logs on the collector, they will appear as:

Nov 26 12:53:10 router2.example.local 4554: router1: 004640: *Nov 26 13:22:09.884 UTC: %SYS-5-CONFIG_I: Configured from console by USER1 on vty0 (x.x.x.x)
Nov 26 12:53:19 router2.example.local 4555: router1: 004641: *Nov 26 13:22:18.015 UTC: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file

I cannot understand why the messages are being send with a different hostname, especially when I have configured it using origin-id.I have searched the config, and there is no mention of 'router2', and yet it sends the logging message with this hostname in the message. This is also happening across different versions, as one router is an old 887 running IOS 15.3(3), and it is also happening on another router running IOS XE 17.3.4a.

Can anyone please advise me on how to correct the messages so they have the correct hostname?

Thank you.

Labels:
0 Helpful
6 Replies 6

marce1000
Hall of Fame
Hall of Fame

‎11-27-2024 12:19 AM

 

 - I am suspecting that router2.example.local   is a DNS translation by the local syslog server of the IP from the sending host or
defined locally in a hosts file (for instance). 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-27-2024 01:27 AM

I would check the hostname configuration on the device and also check any DNS A entries that are resolving—remove them and test them.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

DanielP211
VIP Alumni
VIP Alumni

‎11-27-2024 02:06 AM

I belive this is a issue of the local domain lookup on the DNS that is configured on the syslog server.

Check the configuration there.

BR

****Kindly rate all useful posts*****
0 Helpful

LMH0103
Level 1
Level 1

‎11-27-2024 11:02 PM

I have checked the DNS settings on the collector, and this does not appear to be a DNS issue. It is configured to use an external resolver, so google.com etc. will succeed, whereas router2.example.local will fail.

I have also checked the DNS settings on the router itself, and router2.example.local does not resolve either.

0 Helpful

marce1000
Hall of Fame
Hall of Fame
In response to LMH0103

‎11-27-2024 11:24 PM

 

 - Check the collector's logging configuration , perhaps any translations are being configured in there 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to LMH0103

‎11-28-2024 08:06 AM

from syslog can you ping router1 and router2.example.com and post the output here.

from router can you post show run | in hostname

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents