Page 1 of 2
nxlog issue to cluster name
Posted: Thu Jun 04, 2015 12:46 pm
by BanditBBS
Ok, all my cluster issues seem to be resolved but this one last issue. Just as fyi, we stopped the load balancer from re-writing the source IP and we also stopped the routers from performing a NAT when the destination is the naglog cluster.
Here is the setup and issue:
Code: Select all
ClusterDNSName
ClusterIPAddy
/ \
/ \
Node1DNSName Node2DNSName
Node1IPAddy Node2IPAddy
I can browse to any of the IPs and any of the DNS names from my laptop.
nxlog from my laptop can send to any of the IP addresses
nxlog can send from my laptop to either of the Node's DNS names
nxlog CAN NOT send to the Cluster DNS Name. It does resolve properly since I can browse to it and I even tried to set it in my hosts file with no luck
Anyone have any idea what could be happening?
Re: nxlog issue to cluster name
Posted: Thu Jun 04, 2015 12:49 pm
by tmcdonald
How are you testing whether it can send? Are you looking for end results or looking at traffic?
Re: nxlog issue to cluster name
Posted: Thu Jun 04, 2015 12:52 pm
by BanditBBS
End result. I try restarting the service a few times and also locking my workstation and logging back into it. With all but the cluster name those tests generate tons of log entries.
Re: nxlog issue to cluster name
Posted: Thu Jun 04, 2015 1:43 pm
by tmcdonald
Can you tcpdump the traffic coming into the cluster IP? Not 100% sure how you have it clustered, so this might need to be done on a router or something in-between. That or watch the outbound traffic from your laptop and compare. nxlog really should not care about the cluster name, so I have a feeling this is downstream.
Re: nxlog issue to cluster name
Posted: Thu Jun 04, 2015 2:23 pm
by WillemDH
The fact that
nxlog from my laptop can send to any of the IP addresses
but not
nxlog CAN NOT send to the Cluster DNS Name
seems like DNS config issue?
Re: nxlog issue to cluster name
Posted: Thu Jun 04, 2015 2:25 pm
by eloyd
Check that cluster DNS name is translatable on the end nodes. Are you sure that they don't have duplicate /etc/host entries?
Your bottom line is going to be packet sniffing. Start on the sending nodes to make sure that they're sending to where you think you are (I like ngrep for this, as opposed to tcpdump) and then check on receiving node to make sure that it's getting data.
Re: nxlog issue to cluster name
Posted: Thu Jun 04, 2015 2:31 pm
by BanditBBS
Willem, but I can browse to the cluster DNS on port 80 no problem.
Eric - Yeah, I'm gonna have to sniff, configurations on the F5 and everything else look perfect. Afterall, it should just resolve the DNS name and send to the cluster IP(which works fine).
Re: nxlog issue to cluster name
Posted: Thu Jun 04, 2015 4:14 pm
by WillemDH
Do you sent F5 syslog also to the f5 ip? (I made some filters for dcc, tmm and tmm1. If you are interested,let me know.)
Re: nxlog issue to cluster name
Posted: Thu Jun 04, 2015 4:17 pm
by BanditBBS
WillemDH wrote:Do you sent F5 syslog also to the f5 ip? (I made some filters for dcc, tmm and tmm1. If you are interested,let me know.)
Yes(actually to the F5 DNS name(I think))....and as for your question, I have no clue what tmm and tmm1 are
I'm not an F5 person at all...never even logged into one.
Re: nxlog issue to cluster name
Posted: Fri Jun 05, 2015 9:19 am
by jolson
Let us know what you find out with your packet captures Bandit. Once we have this issue worked through, I would definitely take a look at the configurations that WillemDH has to offer. His graphs look quite nice.
