Admiral Admiral

Logger "Device" field not resolving

We have 2 syslog connectors installed - each on it's own WIndows 2012 host, each in forwarding mode, forwarding events from various remote hosts.  Working reasonably well so far.

I notice on the Logger when looking at the event flow, one of these Windows hosts is showing up in the Logger "Device" field as a FQDN.  The other Windows host is the IP address (not resolved).

Both hosts are properly configured in DNS (caveat - one was not, but was fixed early today.  Flushing the DNS cache from the O/S on the various hosts and then tunning nslookup works everywhere - the IP address can be resolved on the source devices, syslog connector hosts, Logger, etc.

I have to assume that the Logger "Device" field data is being cached?  Do I need to restart Logger network services, or Logger itself to clear this?  Making me a bit crazy today.

As always, any sanity checks are appreciated....

Labels (2)
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.