I had trouble with syslogs events that where not mapped to the corresponding node.

Some information to understand the case. First how it works:

Syslog sender is:

DNS resolution works fine on the ONMS host:

The syslog that was being send look like this:

As you can see the host name is included in the syslog message, so OpenNMS/ Syslogd maps the syslog correctly to the node in OpenNMS.

But this way is the only way how it works to map an event like this to the node.

—

I've tried the same with nodes defined like these examples:

But then the syslog events won't be mapped to the node.

But syslogd should do it. We have here a nodelabel and an IP address

I think a small change in the behavior of this code

could improve the situation here a lot.

To explain a bit more. You always should have a working DNS resolution in your company. This sounds trivial. But it isn’t. A lot companies are running Windows DNS servers. If you have Linux hosts in the companies, they don’t just simply appear in the Windows DNS. You need to set this up explicitly. Same issue if you have nodes in the cloud and ONMS on-premise. It is not working out of the box, that you can resolved internal DNS hostnames from AWS in your on-premise location.

With a change here, OpenNMS can be a bit more flexible and does not depend so hard on required infrastructure. Maybe it could be possible to make syslogd configurable, so a user can decide how it should match the nodes. There are multiple options in my opinion:

* match sender IP address (not the IP or name that is in the syslog message)
* match IP address or host name from the syslogs messages content
* maybe a regex match could help here. Imagine, the syslog message contains the FQDN of the node, but ONMS only has the node with the host name in the database. For example: node1.domain.com is in the syslog message. But ONMS only knows node1
* on ONMS side we could also maybe define, if ONMS should use only the ip interfaces, the foreignId or the nodeLabel