Greetings,
I am interested in utilizing Log Server to monitor windows event logs from Windows 10 and RHEL7 clients that are configured to use DHCP.
What I'm seeing now- in the Unique Hosts report, the same client is listed multiple times under different IP addresses. Ideally, I would expect LS to track unique hosts by identifiable criteria other than IP, which is subject to change. I would expect a specific host to be listed only once and show its most recent IP address. The DHCP range IPs on this report are missing DNS names which I believe is a separate issue related to our VPN and Windows/Linux DNS servers.
Can Nagios LS be configured to effectively handle tracking hosts with dynamic IPs?
Thanks
Log Sources that use Dynamic IPs / DHCP
Re: Log Sources that use Dynamic IPs / DHCP
Welcome to the forums, @sagansapien!
The report page uses the host field of an event to create the tables you see. The DNS filter can be used to resolve the IP to a hostname and replace the value of the host field:
https://support.nagios.com/forum/viewto ... 37&t=40596
I would also point out that event logs will usually have the hostname in a different field - usually called Hostname.
I've attached a dashboard that reports on the Hostname field. It can be imported under Dashboards > Load > Advanced and here is a document to assist with creating dashboards:
https://assets.nagios.com/downloads/nag ... Server.pdf
There are also a few user submitted dashboards on our exchange:
https://exchange.nagios.org/directory/A ... Dashboards
The report page uses the host field of an event to create the tables you see. The DNS filter can be used to resolve the IP to a hostname and replace the value of the host field:
https://support.nagios.com/forum/viewto ... 37&t=40596
I would also point out that event logs will usually have the hostname in a different field - usually called Hostname.
I've attached a dashboard that reports on the Hostname field. It can be imported under Dashboards > Load > Advanced and here is a document to assist with creating dashboards:
https://assets.nagios.com/downloads/nag ... Server.pdf
There are also a few user submitted dashboards on our exchange:
https://exchange.nagios.org/directory/A ... Dashboards
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
sagansapien
- Posts: 4
- Joined: Mon Dec 21, 2020 2:01 pm
Re: Log Sources that use Dynamic IPs / DHCP
Hi cdienger,
Thank you for your reply.
Unfortunately my environment is plagued with DNS issues as well. RHEL users connected via the VPN don't dynamically register their DNS names. The Windows clients do but our Log Server isn't picking up the DNS names for those either. Problem is on our side for sure.
Hoping we can disregard the default Unique Hosts report and build our own to work around the DHCP issue. Still learning my way around LS.
Thank you
Thank you for your reply.
Unfortunately my environment is plagued with DNS issues as well. RHEL users connected via the VPN don't dynamically register their DNS names. The Windows clients do but our Log Server isn't picking up the DNS names for those either. Problem is on our side for sure.
Hoping we can disregard the default Unique Hosts report and build our own to work around the DHCP issue. Still learning my way around LS.
Thank you
Re: Log Sources that use Dynamic IPs / DHCP
Like the event logs have an additional field to contain the host name, a lot of Linux systems will have a logsource field. You can check for it in the default dashboard's 'All Events' table by expanding one the events from a Linux machine.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.