Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AndreasD
Participant

Cluster uses VIP to communicate with syslog server

Hello,

We have 9 gateways (3 clusters of 3 members each) and we have configured all of them to send syslog to 3rd party log server.

6 devices (2 of the clusters) are sending their syslog properly, one machine at a time.

The last 3 gateways are using the cluster VIP to send syslog data and this is not desired.

There is no NAT employed in this scenario, all this traffic is internal.

Any ideas or tips why this is happening or how we could work around it?

Thank you,

Andreas.

 

0 Kudos
2 Replies
Chris_Atkinson
Employee
Employee

Are the clusters all the same version?

Review sk31832 / sk34180 and compare the settings for each cluster.

AndreasD
Participant

One working cluster is R80.40 not latest JHF. The other working cluster is R81 latest JHF.

The non-working cluster is also R81 latest JHF.

All the clusters are managed by the same management server (R81 latest JHF).

Went through sk31832, checked the table.def on the management server (cat $FWDIR/lib/table.def | grep no_hide_services_ports).

no_hide_services_ports = { <4500,17>, <500, 17>, <259, 17>, <1701, 17>, <5500, 17>};

I would modify table.def on management to reflect the below for syslog traffic:

no_hide_services_ports = { <4500,17>, <500, 17>, <259, 17>, <1701, 17>, <5500, 17>, <514,17>};

but I would rather not to since the other two clusters are working.

I will investigate more tomorrow and if I have any update I will post here.

Thank you.

 

0 Kudos