Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > LEM does not resolve DNS for all network nodes

LEM does not resolve DNS for all network nodes

Table of contents
Created by Craig O’ Neill, last modified by Jason Dee on Feb 06, 2017

Views: 61 Votes: 2 Revisions: 9

Overview

This article explains why LEM does not resolve the node name and only shows the IP address.

Environment

All LEM versions

Detail

  • Agent nodes - LEM displays the address that the appliance sees the agent connect from as a part of the agent's information.
  • Non-agent nodes (For example, syslog, SNMP, remote devices) - LEM displays the node name as it is received in the syslog or SNMP data.
    Examples:
    • If the syslog message looks like the following:
      May 11 2012 11:06:00 192.168.168.1 Something_Cool_Happened
      LEM will display 192.168.168.1 in the node list.
    • If the syslog message looks like the following:
      May 11 2012 11:06:00 main-fw1 Something_Cool_Happened
      LEM will display main-fw1 in the node list.

 

There are no name resolutions in LEM for displaying node data outside of what the native syslog server is doing. However, name resolutions are performed in the correlation engine, such that if main-fw1 and main-fw1.domain.local and 192.168.168.1 are the same thing, these are correlated together as long as there is reliable DNS, but is not displayed anywhere.

 

Last modified
15:04, 6 Feb 2017

Tags

Classifications

Public