Why can't I use a hostname for the syslog server instead of an IP address?

CraigCummings
Getting noticed

Why can't I use a hostname for the syslog server instead of an IP address?

Why can't I use a hostname for the syslog server instead of an IP address?  Much cheaper, consumer-grade routers allow this.  Why doesn't my very expensive, fancy Meraki allow this very basic basic feature. 

 

The syslog service I use uses hostnames that may resolve to one of many IP addresses that may change over time.  Due to this limitation in Meraki, my MX may suddenly stop exporting logs if the server IP address changes.  Why can't I input a hostname for the syslog server?  

 

This seems like such a basic no-brainer.  It's hard to imagine how it has been overlooked and remained unaddressed for so long. 

7 REPLIES 7
PhilipDAth
Kind of a big deal
Kind of a big deal

That's like saying "why doesn't my syslog service support using a static IP - it is such a basic no-brainer - it's hard to imagine how they overlooked it".

 

If you use a FQDN for a syslog server specification, and there is a failure of the DNS service, you wont get any log entries when the DNS cache is next refreshed.

 

Pretty good reason huh?

So...if I use a FQDN and there is a DNS service failure (rare event), I won't get any log entries.  But since I'm forced to use a single IP address, if my log management service decides to change the IP address of a server for some reason, guess what?  I won't get any log entries.  So, no, I don't think that's a good reason.  At the very least, allow me to make that decision and put a little warning in the help bubble. 

You'll need to use a different log management service that can provide a static IP address for you to use that wont change.

I'd love to hear someone from Meraki explain the rational behind this limitation, if any. 

 

FYI, there are plenty of legitimate reasons for a log management service provider to use FQDN vs. IP (load balancing, fail-over, etc.)

 

"The important thing about DNS is that it provides more than just A records (hostname = IP). DNS provides different types of records such as MX, CNAME, TXT, etc... that may be required by some software, sometimes. It allows multiple address records, IPv4 + IPv6 records, dynamic addresses, load balancing, geo location based resolution, fail-over/redundancy, etc... DNS tells you what things are (www.google.com is google's web service, 172.217.4.110? What's that?) It allows you to change these settings/records and have them picked up by clients without making changes on all the clients. DNS can do complex things.

There's often a clear advantage to using DNS over a direct IP address.

FQDNs can be a requirement

Some things like web servers that use name based virtual hosting or load balancers, etc... absolutely require that you address them via an FQDN or hostname. They determine how to respond to your request based on the FQDN that you are connecting to. Connecting via an IP may not work at all.

SSL certificates are issued based on domain names, so you may not be able to use some SSL enabled services (properly) without DNS."

 

https://serverfault.com/questions/788862/why-should-i-use-an-fqdn-instead-of-the-servers-ip-address

 

 

Same question here for Cisco:

https://community.cisco.com/t5/network-management/fqdn-hostname-for-syslog/td-p/3345599

 

There it's actually worse imo, you can enter a FQDN but it gets saved as IP.

 

You only have to configure it once per network, not per device. So from that point of view I guess if it changes it's less of a problem than for traditional network equipment. If you have lot's of networks you can script it: https://dashboard.meraki.com/api_docs#update-the-syslog-servers-for-a-network

 

Like @PhilipDAth said, I'm not sure that I'd want the "complex things" that DNS can do increase the risk of losing all my logs due to an issue with them. But you should indeed be given a choice.

Yeah, I found that thread too.  At least they're consistent...kind of.  

 

In my experience, DNS lookup failures are a pretty rare event (and short-lived).  But, even if that happened, the MX still records logs locally.  I wouldn't necessarily lose any logs at all if the problem was quickly corrected, which it likely would be do to the obvious impact on the rest of the network.

 

Personally,  I'd prefer to afford myself of all the features I get by using a FQDN (load balancing, fail-over, etc.) vs. being forced to use an IP address just in case, maybe one day, DNS lookups fail for a short time and my logs are only recorded locally on the MX instead of being exported. 

 

 

TEFengineer
Here to help

I want to use PaperTrail syslog service, a cheap cloud service that let me search in my recently logs from Internet and let export it to Amazon S3 (really cheap storage to old logs I rarely check but I need to save for a long period).

 

FQDN option instead IP address for external syslog server is mandatory to my use case.

 

I'm using PaperTrail actually for other no Meraki devices.

 

So... "Me too" for the @CraigCummings  request.

Get notified when there are additional replies to this discussion.