Where the graylog pickup names for nodes?

Hi All,

I have setup a 3-nodes graylog cluster. in the dns server, i put those A RR for those 3 servers:

$ORIGIN	mylogs.com.
	glc	IN	A
		IN	A
		IN	A
	gl1	IN	A
	gl2	IN	A
	gl3	IN	A

and PTR RR for those ip addresses:

$ORIGIN	1.168.192.in-addr.arpa.
	31	IN	PTR	glc.mylogs.com.
		IN	PTR	gl1.mylogs.com.
	32	IN	PTR	glc.mylogs.com.
		IN	PTR	gl2.mylogs.com.
	33	IN	PTR	glc.mylogs.com.
		IN	PTR	gl3.mylogs.com.

in the server.conf, i am using gl1.mylogs.com, gl2.mylogs.com, gl3.mylogs.com for the rest & web endpoints without touch to name of glc.mylogs.com. for example for first graylog node:

rest_listen_uri = https://gl1.mylogs.com:9000/api/
rest_transport_uri = https://gl1.mylogs.com:9000/api/
web_listen_uri = https://gl1.mylogs.com:9000/
web_endpoint_uri = https://gl1.mylogs.com:9000/api/

but i got two graylog node using glc.mylogs.com and one using gl3.mylogs.com as nodes’ names from the GUI System/Nodes:

this make me confused, so i want to know where the graylog cluster pickup the nodes’ names ?

You’ve created PTR RR records so that,, and all resolve to glc.mylogs.com and that’s what Graylog is showing.

do you mean the node put resolved ip address of hostname where the REST/Web binding to to the mongodb, and then system get reverse resolved names from dns with those ip addresses as nodes’ names?

Yes, Graylog is resolving the hostnames for the IP addresses of each Graylog node and stores them.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.