Nagios Support Forum

Ok, all my cluster issues seem to be resolved but this one last issue. Just as fyi, we stopped the load balancer from re-writing the source IP and we also stopped the routers from performing a NAT when the destination is the naglog cluster.

Here is the setup and issue: I can browse to any of the IPs and any of the DNS names from my laptop.
nxlog from my laptop can send to any of the IP addresses
nxlog can send from my laptop to either of the Node's DNS names
nxlog CAN NOT send to the Cluster DNS Name. It does resolve properly since I can browse to it and I even tried to set it in my hosts file with no luck

Anyone have any idea what could be happening?

How are you testing whether it can send? Are you looking for end results or looking at traffic?

End result. I try restarting the service a few times and also locking my workstation and logging back into it. With all but the cluster name those tests generate tons of log entries.

Can you tcpdump the traffic coming into the cluster IP? Not 100% sure how you have it clustered, so this might need to be done on a router or something in-between. That or watch the outbound traffic from your laptop and compare. nxlog really should not care about the cluster name, so I have a feeling this is downstream.

The fact that

nxlog from my laptop can send to any of the IP addresses

but not

nxlog CAN NOT send to the Cluster DNS Name

seems like DNS config issue?

Check that cluster DNS name is translatable on the end nodes. Are you sure that they don't have duplicate /etc/host entries?

Your bottom line is going to be packet sniffing. Start on the sending nodes to make sure that they're sending to where you think you are (I like ngrep for this, as opposed to tcpdump) and then check on receiving node to make sure that it's getting data.

Willem, but I can browse to the cluster DNS on port 80 no problem.

Eric - Yeah, I'm gonna have to sniff, configurations on the F5 and everything else look perfect. Afterall, it should just resolve the DNS name and send to the cluster IP(which works fine).

Do you sent F5 syslog also to the f5 ip? (I made some filters for dcc, tmm and tmm1. If you are interested,let me know.)

WillemDH wrote:Do you sent F5 syslog also to the f5 ip? (I made some filters for dcc, tmm and tmm1. If you are interested,let me know.)

Yes(actually to the F5 DNS name(I think))....and as for your question, I have no clue what tmm and tmm1 are I'm not an F5 person at all...never even logged into one.

Let us know what you find out with your packet captures Bandit. Once we have this issue worked through, I would definitely take a look at the configurations that WillemDH has to offer. His graphs look quite nice.