Why can't I use a hostname for the syslog server instead of an IP address?
Why can't I use a hostname for the syslog server instead of an IP address? Much cheaper, consumer-grade routers allow this. Why doesn't my very expensive, fancy Meraki allow this very basic basic feature.
The syslog service I use uses hostnames that may resolve to one of many IP addresses that may change over time. Due to this limitation in Meraki, my MX may suddenly stop exporting logs if the server IP address changes. Why can't I input a hostname for the syslog server?
This seems like such a basic no-brainer. It's hard to imagine how it has been overlooked and remained unaddressed for so long.
So...if I use a FQDN and there is a DNS service failure (rare event), I won't get any log entries. But since I'm forced to use a single IP address, if my log management service decides to change the IP address of a server for some reason, guess what? I won't get any log entries. So, no, I don't think that's a good reason. At the very least, allow me to make that decision and put a little warning in the help bubble.
I'd love to hear someone from Meraki explain the rational behind this limitation, if any.
FYI, there are plenty of legitimate reasons for a log management service provider to use FQDN vs. IP (load balancing, fail-over, etc.)
"The important thing about DNS is that it provides more than just A records (hostname = IP). DNS provides different types of records such as MX, CNAME, TXT, etc... that may be required by some software, sometimes. It allows multiple address records, IPv4 + IPv6 records, dynamic addresses, load balancing, geo location based resolution, fail-over/redundancy, etc... DNS tells you what things are (www.google.com is google's web service, 220.127.116.11? What's that?) It allows you to change these settings/records and have them picked up by clients without making changes on all the clients. DNS can do complex things.
There's often a clear advantage to using DNS over a direct IP address.
FQDNs can be a requirement
Some things like web servers that use name based virtual hosting or load balancers, etc... absolutely require that you address them via an FQDN or hostname. They determine how to respond to your request based on the FQDN that you are connecting to. Connecting via an IP may not work at all.
SSL certificates are issued based on domain names, so you may not be able to use some SSL enabled services (properly) without DNS."
Yeah, I found that thread too. At least they're consistent...kind of.
In my experience, DNS lookup failures are a pretty rare event (and short-lived). But, even if that happened, the MX still records logs locally. I wouldn't necessarily lose any logs at all if the problem was quickly corrected, which it likely would be do to the obvious impact on the rest of the network.
Personally, I'd prefer to afford myself of all the features I get by using a FQDN (load balancing, fail-over, etc.) vs. being forced to use an IP address just in case, maybe one day, DNS lookups fail for a short time and my logs are only recorded locally on the MX instead of being exported.
I want to use PaperTrail syslog service, a cheap cloud service that let me search in my recently logs from Internet and let export it to Amazon S3 (really cheap storage to old logs I rarely check but I need to save for a long period).
FQDN option instead IP address for external syslog server is mandatory to my use case.
I'm using PaperTrail actually for other no Meraki devices.