Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AndreasD
Contributor

Cluster uses VIP to communicate with syslog server

Hello,

We have 9 gateways (3 clusters of 3 members each) and we have configured all of them to send syslog to 3rd party log server.

6 devices (2 of the clusters) are sending their syslog properly, one machine at a time.

The last 3 gateways are using the cluster VIP to send syslog data and this is not desired.

There is no NAT employed in this scenario, all this traffic is internal.

Any ideas or tips why this is happening or how we could work around it?

Thank you,

Andreas.

 

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee

Are the clusters all the same version?

Review sk31832 / sk34180 and compare the settings for each cluster.

CCSM R77/R80/ELITE
AndreasD
Contributor

One working cluster is R80.40 not latest JHF. The other working cluster is R81 latest JHF.

The non-working cluster is also R81 latest JHF.

All the clusters are managed by the same management server (R81 latest JHF).

Went through sk31832, checked the table.def on the management server (cat $FWDIR/lib/table.def | grep no_hide_services_ports).

no_hide_services_ports = { <4500,17>, <500, 17>, <259, 17>, <1701, 17>, <5500, 17>};

I would modify table.def on management to reflect the below for syslog traffic:

no_hide_services_ports = { <4500,17>, <500, 17>, <259, 17>, <1701, 17>, <5500, 17>, <514,17>};

but I would rather not to since the other two clusters are working.

I will investigate more tomorrow and if I have any update I will post here.

Thank you.

 

0 Kudos
Gzayas
Employee
Employee

Were you able to resolve this issue with these SK's?

0 Kudos
AndreasD
Contributor

I haven't looked into the issue again but have upgraded the specific cluster to R81.10 latest JHF a few weeks ago.

From what I observed today, this behavior has been eliminated and the issue is not occurring.

0 Kudos
Ruan_Kotze
Advisor

I've done NAT rules in the past to work around similar issues in the past - no idea if it's the best or recommended way but it does work.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events