Search the VMware Knowledge Base (KB)
View by Article ID

Understanding the Source and Hostname fields in VMware vRealize Log Insight (2053382)

  • 0 Ratings

Purpose

Log messages received by VMware vRealize Log Insight commonly have both a source and a hostname field. This article explains the difference between these two fields and their respective meanings.

Resolution

Every message received by VMware vRealize Log Insight via syslog can have metadata fields and values associated with it. Two of these fields, source and hostname, provide insight into the origin of the message. Both fields can be used when searching or filtering log messages.

Source Field

The source field contains the hostname or IP address that Log Insight received the message from. If DNS servers are configured, Log Insight will attempt to perform a Reverse DNS lookup on each IP address a message is received from. If no DNS servers are configured, or no reverse DNS mapping is found, the source field for a message will contain the IP address which the message was received from.

If a reverse DNS mapping returns a hostname, the source field for the message will contain that name. Depending on the external DNS server configuration, a bare hostname or FQDN may be returned and stored in the source field.

If a syslog message passes through a relay before being received by Log Insight, the source field will typically contain the address or name of the syslog relay.

Hostname Field

The hostname field contains an identifier extracted from the syslog message body. The value of the hostname field is defined by the machine that originally sent the message. The hostname field usually contains the hostname or FQDN of the message originator, but not all syslog message sources are able to provide a hostname. It may also contain an IP address or any other string which the message originator sends, such as localhost. Log Insight does not perform reverse DNS lookups on the hostname field.

If a syslog message passes through a relay before being received by Log Insight, the hostname field can be rewritten by the relay to replace content. Configuration of third-party syslog relays is outside the scope of this article.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: