Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Log & Event Manager (LEM) > LEM does not resolve DNS for all network nodes

LEM does not resolve DNS for all network nodes

Table of contents
Created by Craig O’ Neill, last modified by Jason Dee on Feb 06, 2017

Views: 106 Votes: 2 Revisions: 9

Overview

This article explains why LEM does not resolve the node name and only shows the IP address.

Environment

All LEM versions

Detail

  • Agent nodes - LEM displays the address that the appliance sees the agent connect from as a part of the agent's information.
  • Non-agent nodes (For example, syslog, SNMP, remote devices) - LEM displays the node name as it is received in the syslog or SNMP data.
    Examples:
    • If the syslog message looks like the following:
      May 11 2012 11:06:00 192.168.168.1 Something_Cool_Happened
      LEM will display 192.168.168.1 in the node list.
    • If the syslog message looks like the following:
      May 11 2012 11:06:00 main-fw1 Something_Cool_Happened
      LEM will display main-fw1 in the node list.

 

There are no name resolutions in LEM for displaying node data outside of what the native syslog server is doing. However, name resolutions are performed in the correlation engine, such that if main-fw1 and main-fw1.domain.local and 192.168.168.1 are the same thing, these are correlated together as long as there is reliable DNS, but is not displayed anywhere.

 

Last modified
15:04, 6 Feb 2017

Tags

Classifications

Public