We're running Splunk in our environment. We can only access the Splunk instance via the IP address, but not the DNS address we have mapped to it.
For instance, we can go to this URL using the IP:
http://10.40.50.17:8000/en-US/app/launcher/home
Splunk is working fine. However if I go to:
http://splunk.mycompany.com:8000/en-US/app/launcher/home
I get a gateway timeout error:
Gateway Timeout
Server error - server 10.40.50.17 is unreachable at this moment.
Please retry the request or contact your adminstrator.
I'm wondering where the issue may lie. Is this a problem with Splunk? Do I need to make Splunk aware of the DNS address that I'm giving it?
I would check two places:
Your Windows DNS server, maybe there may be an issue there. Can you access other servers via DNS that are listed there? It could be an issue with the client you are on. Have you tried from another desktop or laptop?
In Splunk you can check your server.conf file
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf
When you are able to access the splunk with IP address and port, means that splunk is working fine.
When you are not able to access the splunk with hostname and port, the hostname is not assigned to that particular ip in the local system. Try with other system to access with hostname.
Sol: Check the host file in local system.
Related
I have setup GitHub enterprise in a server for on-premise usage. There it is having a private IP and has to be configured a hostname. It is showing
"Ensure this domain is routable on your network."
If I map the hostname with IP address and add to my windows hosts file, then it's fine.
But I want a solution so that any people connecting to the office network has it resolved automatically without a manual entry in their host file.
If you have enough users of your GitHub Enterprise Server that maintaining the hosts files is a pain, I'd suggest this happens when you have more than 10 users, then you will need to look at a DNS server for your Office Network. If you do not already have one then there are many options open to you depending on what your network looks like.
I already setup centralized logging system on my environment but i keep getting hostname from the client rather than ip address
is there a way to receive or send ip instead of hostname?
thanks
You would need to define a template on both your remote and central server which uses fromhost-ip instead of fromhost or hostname. This way you will transmit the message with the IP in the message and you will save that information on your central server.
I don't know of any standard templates that use IP address over hostname, as normally a hostname is of more use than an IP address
More info on properties can be found here and templates here
Up until two weeks ago I'd been happily connecting to a virtual machine hosted in the Azure cloud over SSH. All of a sudden, the connection could not be established anymore, the SSH always times out. The tricky part is that it only happens from a computer that is in a certain firm's lan (one public IP). Every other internet access connection works fine and I'm able to connect to the virtual machine successfully. My IT support tells me that they can see the packets leaving our network and the firewall is not blocking the connection - I can't see any failed login attempts in the SSH log on the server. The IT suggests the Azure may be blocking our IP for the SSH connection (other ports work fine btw). My question is - is such a thing even real? Can Azure block the IP without the user knowing about it? Is there some kind of IP blacklist I could edit?
Thanks!
The only place where Your IP could be cutted-off is ACL on SSH endpoint. Go to management portal and check if You have any ACLs on SSH endpoint. Maybe You misconfigured some?
I'm working in a company,
When I log on to my pc under Domain X, when I open a browser and put a URL www.someUrl.com it get resolved.
In a cloud machine Y I'm developing on, it does not get resolved, and I was wondering if there is some way of knowing how the mapping is done.
What I've tried:
Taking the IP address I'm getting from pinging successfully in machine X and ping it in machine Y.
Googling --> Didn't find nothing, guess I'm not searching for the problem correctly.
Contact my IT department --> The are busy.
Any help would be appreciated.
I'm missing a few bits of information to fully determine the cause of this issue, but I can offer a few ideas/solutions:
When a host is under a domain, upon attempting to access a certain address by name, the host automatically attempts to resolve it both as entered and by adding the domain suffix to it (so someUrl.com will also be resolved as someUrl.com.domainName), so if, by any channce, this suffixed address is the real address, this could be the answer.
Another likely cause is the DNS server responsible for resolving your host's queries. If someUrl.com is not properly registered in global DNS servers and is only defined locally on your company's DNS, the cloud machine's DNS server will not be able to resolve the address.
One more option is that the domain is, in fact, resolved, but is not accessible from the cloud machine (either because of firewall configuration restricting the source of requests made to it, or because it is located behind the company's NAT, which your local machine does not have to go through to reach someUrl.com)
If none of these appear to be the cause of the problem, here's what you should do:
ipconfig /all on both machines, to see what DNS server they are configured with
nslookup someUrl.com from both machines, to see which DNS server answers the query
if only the local host gets a proper nslookup response, try nslookup from the cloud using the host's DNS server (nslookup someUrl.com <host DNS>)
ping the IP address of someUrl.com from both the host and the cloud (you said you performed this test, but you did not share the results :))
What it turned out to be eventually, was that the machine I was trying to resolve was in the organization's intranet, that's why it could not be accessed from machine Y in the cloud which is public.
I have a mail server running on a linux server.
Internally, I can access it via https://192.168.0.253/webaccess and externally I can access it via https://webmail.mydomain.com/webaccess
I'd like to be able to access webmail.mydomain.com internally, the problem is that a DNS lookup to this address goes to the public IP of our network and from within, that won't work.
I have bind9 installed on our linux server (internal) and can use that for DNS lookups - that server is my primary DNS address. Could anyone please describe how I can configure bind to resolve webmail.mydomain.com to 192.168.0.253?
Configure Bind to use a different view for the internal users; see http://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/
in /etc/hosts (or equivalent for the OS) on the client you can set webmail.mydomain.com to 192.168.0.253, as the hosts file is checked before any DNS servers.