Subscribe

Syslog Traffic not sending through 1 node of cluster

[ Edited ]

I have a 6 node cluster running 8.3.1P2 that has 1 node that is not able to send syslog traffic using udp 514 traffic through the firewall.  The other 5 nodes can send through with no problem.  I have configured the event destination show with the syslog destination server and also configured the event route add-destinations -messagename * -destinations allevents.

 

Ran a pktt trace with the following:

 

1) Start the packet trace:

sxvdicl01::> node run -node SXVDINO01 pktt start all -d /etc/crash

2) Run the following cluster commands:

::> date

::> network ping -node SXDINO01 -destination <syslog-destination-IP>

::> network traceroute -node SXVDINO01 -destination <syslog-destination-IP> -port 514

::> set d; event generate -messagename asup.general.create -values “Packet Trace Test”, 2

::> network ping -node SXVDINO01 -destination <syslog-destination-IP>

::> date

3) End the packet trace:

sxvdicl01::> node run -node SXVDINO01 pktt stop all

 

From the firewall side, they can see my icmp traffic going through the firewall and ping is successful.  They can also see the traceroute information failing since that is blocked on the firewall side.  They are just not able to see any UDP 514 traffic passing through or coming out of the node.  I logged onto the node directly and entered the username and password several times to generate the syslog traffic while the pktt trace was running and still no syslog traffic was being received on the firewall side.

 

Any other ideas on what I can troubleshot as to why only one node is not getting through the firewall?  I have also verified that the IP of the node mgmt is part of the firewall rule.

 

I can't upload the pktt trace since it contains IP addresses.