Skip to main content

Troubleshoot an external syslog server

Contributors

The following table describes the error messages that might be related using to an external syslog server and lists corrective actions.

For more information about sending audit information to an external syslog server, see:

Error message Description and recommended actions

Cannot resolve hostname

The FQDN you entered for the syslog server could not be resolved to an IP address.

  1. Check the hostname you entered. If you entered an IP address, make sure it is a valid IP address in W.X.Y.Z ("dotted decimal") notation.

  2. Check that the DNS servers are configured correctly.

  3. Confirm that each node can access the IP addresses for the DNS server.

Connection refused

A TCP or TLS connection to the syslog server was refused. There might be no service listening on the TCP or TLS port for the host, or a firewall might be blocking access.

  1. Check that you entered the correct FQDN or IP address, port, and protocol for the syslog server.

  2. Confirm that the host for the syslog service is running a syslog daemon that is listening on the specified port.

  3. Confirm that a firewall is not blocking access to TCP/TLS connections from the nodes to the IP and port of the syslog server.

Network unreachable

The syslog server is not on a directly attached subnet. A router returned an ICMP failure message to indicate it could not forward the test messages from the listed nodes to the syslog server.

  1. Check that you entered the correct FQDN or IP address for the syslog server.

  2. For each node listed, check the Grid Network Subnet List, the Admin Networks Subnet Lists, and the Client Network gateways. Confirm these are configured to route traffic to the syslog server over the expected network interface and gateway (Grid, Admin, or Client).

Host unreachable

The syslog server is on a directly attached subnet (subnet used by the listed nodes for their Grid, Admin, or Client IP addresses). The nodes attempted to send test messages, but did not receive responses to ARP requests for the syslog server’s MAC address.

  1. Check that you entered the correct FQDN or IP address for the syslog server.

  2. Check that the host running the syslog service is up.

Connection timed out

A TCP/TLS connection attempt was made, but no response was received from the syslog server for a long time. There might be a routing misconfiguration or a firewall might be dropping traffic without sending any response (a common configuration).

  1. Check that you entered the correct FQDN or IP address for the syslog server.

  2. For each node listed, check the Grid Network Subnet List, the Admin Networks Subnet Lists, and the Client Network gateways. Confirm these are configured to route traffic to the syslog server using the network interface and gateway (Grid, Admin, or Client) over which you expect the syslog server to be reached.

  3. Confirm that a firewall is not blocking access to TCP/TLS connections from the nodes listed to the IP and port of the syslog server.

Connection closed by partner

A TCP connection to the syslog server was successfully established but was later closed. Reasons for this might include:

  • The syslog server might have been restarted or rebooted.

  • The node and the syslog server might have different TCP/TLS settings.

  • An intermediate firewall might be closing idle TCP connections.

  • A non-syslog server listening on the syslog server port might have closed the connection.

To resolve this issue:

  1. Check that you entered the correct FQDN or IP address, port, and protocol for the syslog server.

  2. If you are using TLS, confirm the syslog server is also using TLS. If you are using TCP, confirm the syslog server is also using TCP.

  3. Check that an intermediate firewall is not configured to close idle TCP connections.

TLS certificate error

The server certificate received from the syslog server was not compatible with the CA certificate bundle and client certificate you provided.

  1. Confirm that the CA certificate bundle and client certificate (if any) are compatible with the server certificate on the syslog server.

  2. Confirm that the identities in the server certificate from the syslog server include the expected IP or FQDN values.

Forwarding suspended

Syslog records are no longer being forwarded to the syslog server and StorageGRID is unable to detect the reason.

Review the debugging logs provided with this error to attempt to determine the root cause.

TLS session terminated

The syslog server terminated the TLS session and StorageGRID is unable to detect the reason.

  1. Review the debugging logs provided with this error to attempt to determine the root cause.

  2. Check that you entered the correct FQDN or IP address, port, and protocol for the syslog server.

  3. If you are using TLS, confirm the syslog server is also using TLS. If you are using TCP, confirm the syslog server is also using TCP.

  4. Confirm that the CA certificate bundle and client certificate (if any) are compatible with the server certificate from the syslog server.

  5. Confirm that the identities in the server certificate from the syslog server include the expected IP or FQDN values.

Results query failed

The Admin Node used for syslog server configuration and testing is unable to request test results from the nodes listed. One or more nodes might be down.

  1. Follow standard troubleshooting steps to ensure that the nodes are online and all expected services are running.

  2. Restart the miscd service on the nodes listed.