NXLog Documentation

Host Setup Common Issues

This section describes some common issues that may prevent NXLog Manager from working correctly. These are not related to the installation or configuration of the Manager itself.

Hostname Resolution Issues

For NXLog Manager to work correctly, the hostname of the host must resolve to the correct IP address. The following error will be present in /opt/nxlog-manager/log/nxlog-manager.err, if that is not the case.

nxlog-manager.err
2016-11-21 16:14:31,015 ERROR manager-host unknown nxlog-manager [net.sf.ehcache.Cache] - Unable to set manager-host. This prevents creation of a GUID. Cause was:
 java.net.UnknownHostException: nxlogmgr.domain.local

To set the hostname to myname, the line containing the host IP address along with the FQDN and the name aliases should be added to the /etc/hosts file.

/etc/hosts
172.16.183.1    myname.example.com myname

Any of the locally bound IP address may be used as the Manager hostname.

Configuring the /etc/hosts file works for both Debian and RHEL versions of Linux.

By default, a Docker container inherits DNS settings from the Docker daemon, including the contents of the /etc/resolv.conf and /etc/hosts files.

These settings can be overridden on a per-container basis with the following flags to docker commands:

Table 1. Flags for Container Hostname and DNS Settings
Flag Description

--dns

The IP address of a DNS server. Multiple --dns flags specify multiple DNS servers. If the container cannot reach any of the specified IP addresses, Google’s public DNS server 8.8.8.8 is added automatically, so that the container can resolve internet domains.

--dns-opt

A key-value pair representing a DNS option and its value. See the operating system’s documentation for the resolv.conf file for valid options.

--hostname

The hostname a container uses for itself. Defaults to the container’s ID if not specified.

DNS Lookup Issues

Make sure that your DNS is setup correctly and it is functioning properly. DNS timeouts and errors can cause various issues, mainly because TLS certificate verification is using DNS lookups.

It is important to understand, that there is no single method of getting a DNS lookup configuration done on Linux.

The most common way is to edit the /etc/resolv.conf file. Usually up to three nameservers can be set up using the nameserver keyword, followed by the IP address of the nameserver.

To test whether your configuration functions correctly, use the host or dig programs to perform both a DNS lookup and a reverse DNS lookup (by querying with an IP address). Make sure that participating hosts on your NXLog collection system are resolved correctly.

For more information, visit the Manually configuring the /etc/resolv.conf file in the RedHat documentation for RHEL related distributions or visit the Defining the (DNS) Nameservers section in the Debian Wiki for Debian based distrubutions.

There is also a comprehensive article on the Anatomy of a Linux DNS Lookup on the zwischenzugs website that discusses the different methods and tools that can be used.