Syslog messages appears on the wrong device after change of IP-address

larssonper · 24 January 2017 13:09

Hi.

I recently changed a firewall and the syslog messages stopped working in LibreNMS when I changed IP-adress on the devices.

During the installation of the new firewall (FW-NEW) I had a temporary IP (192.168.80.3). The old firewall (FW-OLD) had 192.168.80.1. Both devices was registered in LibreNMS and syslog messages where shown under each device.

When i changed the firewalls FW-OLD got 192.168.80.4 and FW-NEW got 192.168.80.1. I updated the DNS-records and all the data seemed ok. But when i look under FW-NEW > Log > Syslog i only see messages before the migration. If I look under FW-OLD > Log > Syslog, then I see the syslog messages from FW-OLD.

Why is that? Is the IP-address for the devices registered somewhere for syslog? How can I correct this?

Per

murrant · 24 January 2017 14:09

For syslog processing, it is matched by hostname, then primary ip, then any ip.

Did you happen to change the hostname?

larssonper · 24 January 2017 20:21

Ok.

No the hostname and fqdn are the same as before. Resolved IP under Device > Overview is also correct.

murrant · 24 January 2017 20:22

I mean on the device. Also, you can uncomment the logfile() line in syslog.php and check the output in logs/librenms.log

larssonper · 24 January 2017 20:43

The hostnames of the devices (firewalls) are the same as before.

I rebooted the LibreNMS server and now it seems to work again. The logs appear on the correct device.

murrant · 25 January 2017 00:18

Odd, must have been cache reverse DNS.