Summary
When Deep Security Manager (DSM) cannot resolve its hostname via DNS, the DSM is unable to send system events via syslog. Upon checking the serverX.log file, the following error message shows:
Feb 18, 2016 1:29:55 PM com.thirdbrigade.manager.core.util.Syslogger log SEVERE: ThID:42|TID:0|TNAME:Primary|UID:-1|UNAME:|Syslogger - Error sending message: CEF:0|Trend Micro|Deep Security Manager|9.6.11662|150|System Settings Saved|3|src=192.168.1.1 suser=admin msg=Description Omitted TrendMicroDsTenant=Primary TrendMicroDsTenantId=0 java.net.UnknownHostException: XXXXXX: XXXXXX: unknown error at java.net.InetAddress.getLocalHost(InetAddress.java:1484) at com.thirdbrigade.manager.core.util.Syslogger.log(Syslogger.java:261) at com.thirdbrigade.manager.core.notifications.SystemEventNotificationSender.processList(SystemEventNotificationSender.java:203) at com.thirdbrigade.manager.core.tagging.PostProcessorThread$2.processList(PostProcessorThread.java:490) at com.thirdbrigade.manager.core.tagging.SelectionUtilities.doBatchSelect(SelectionUtilities.java:369) at com.thirdbrigade.manager.core.tagging.PostProcessorThread.doRunPrivate(PostProcessorThread.java:439) at com.thirdbrigade.manager.core.tagging.PostProcessorThread.doRun(PostProcessorThread.java:321) at com.thirdbrigade.manager.core.threads.TenantIteratingThread$1.run(TenantIteratingThread.java:105) at com.thirdbrigade.manager.core.db.Locks.withLockInternal(Locks.java:362) at com.thirdbrigade.manager.core.db.Locks.withLockIfNotLockedNoExceptions(Locks.java:442) at com.thirdbrigade.manager.core.threads.TenantIteratingThread.run(TenantIteratingThread.java:99) Caused by: java.net.UnknownHostException: ip-172-32-35-197: unknown error at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method) at java.net.InetAddress$2.lookupAllHostAddr(InetAddress.java:907) at java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1302) at java.net.InetAddress.getLocalHost(InetAddress.java:1479) ... 10 more
When DSM tries to compose the syslog message, it uses DNS to resolve its hostname and get the IP address. If there is no DNS record for the DSM hostname, the issue will occur.
To solve the issue, do any of the following:
- Add the IP and hostname record in /etc/hosts file.
- Add the DSM hostname record in the DNS server.