Internet Performance Delivered right to your inbox

Inside DynECT Managed DNS: Making Syslog Your Bro-log

For those of you using advanced services in DynECT Managed DNS, you have undoubtedly seen the monitoring options and the section that allows you to send remote syslog notifications. We get asked from time to time about this and setting it (or the server) up to receive them.

It occurred to me that this would be a good topic to touch on (and by occurred to me, implementation rock star Matt Torrisi suggested it.)

Basically, using syslog notifications directs the DynECT service to send a notification via a tcp syslog call out to your syslog server every time there is a status change with the specified ip address (up or down).

DynECT setup

  • Enable notifications.
  • Enter the hostname or IP address of your syslog server/
  • Enter the port to send on for your syslog server
  • Select what string you want for the identity string (to easily identify the sender in the log)
  • Select which log type to apply the message too (for filtering into specific log files on your system).

That’s it!

Server side setup

  • Make sure your your syslog server is running, both the machine and the actual responding service such as syslog-ng.
  • Verify that the port you chose to send to is open for tcp traffic. By default, syslog messages go over port 514 but you can change that on both sides to use a different port.
  • Make sure your syslog server allows remote logs into it via tcp. For syslog-ng, this is as simple as adding tcp() as a source with your max_connections and IP and port. Then, restart the service.

If you are willing to do a little coding, the syslog functionality of DynECT Managed DNS can really give you some flexibility. As it just comes in on a tcp connection to a specified port, there is no reason you cannot set up your own tcp listener to run custom actions when notifications from Dyn are received.

Here’s an example

Say you have an Active Failover service running on one node and have a few other nodes which have the same primary IP address which you would like to failover to as well. Instead of setting up a service at each node, set up a syslog handler which will use the DynECT API to replace your primary IP address at the A record level with the failover address.

This will essentially allow you to failover several nodes with the same primary IP address based off the monitoring of a single Active Failover service.

Here is an example of code to do this written in Python. It is intended as an example and NOT ready to go production code. In production, you will want to do more error checking and logging. Also, when running this in a production environment, make sure that your firewall only allows notifications to the port you chose for DynECT IP addresses.

The example will switch a set of nodes from a single IP address monitored via an Active Failover node to any secondary IP specified in a dynamically read rules file. Once the IP address is available again, the primary IP will automatically be recovered.

Of course, there are many other things you could do with this type of setup, such as notify a list of people over email, send a text to someone, take an automated system action on the ip address (maybe issue a reboot to try and correct the down time) or any number of other actions.

The point is that syslog notifications can be as useful as you want them to be and through DynECT they are very simple to setup and start acting on!

Share Now

Whois: Kevin Gray

Kevin Gray is a employee at Oracle Dyn Global Business Unit, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.