Syslogd is sending new suspect events with null IP Address

Description

A customer builds their entire OpenNMS inventory using auto-discover via new-suspect-on-trap with Trapd or new-suspect-on-message with Syslogd.

I found that even when Syslogd receives a message, and it cannot retrieve the IP address of the sender from it, it still sends a new suspect event with a null address. Provisiond, of course, rejects this event, but on a system handling hundreds if not thousands of messages per second, this behavior can unnecessarily overwhelm the system.

This is why this should be prevented.

Maybe unrelated, but another scenario is that when a known sender is sending hundreds or thousands of messages, Syslogd will continuously sending new suspect events until the IP exists on the database, which could unnecessarily overwhelm the system even more than the first scenario. That's because, in this case, active transactions are happening until the IP exists on the database. There should be some kind of time-based cache to avoid this situation.

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Chandra Gorantla August 7, 2020 at 8:17 PM
Edited

Created https://issues.opennms.org/browse/NMS-12846 for handling unresolvable hostnames

Chandra Gorantla August 6, 2020 at 6:29 PM

This is most likely causing because DNS resolution failed to resolve the hostname and resulted in a null interface.

PR : https://github.com/OpenNMS/opennms/pull/3101

Fixed

Details

Assignee

Chandra Gorantla

Reporter

Alejandro Galue

Labels

bugfixslasupport

HB Backlog Status

Backlog CM

Components

Sprint

None

Fix versions

Meridian-2019.1.11

26.2.0

Affects versions

Meridian-2019.1.9

26.1.2

Priority

Critical

PagerDuty

Created July 27, 2020 at 8:01 PM

Updated August 10, 2020 at 5:49 PM

Resolved August 10, 2020 at 5:49 PM

Configure