When configuring syslog to forward events to a remote syslog server, you have the option of specifying the target value as either an IP address or a Fully Qualified Domain Name (FQDN). If you are using FQDN, the process is dependent on Domain Name Service (DNS). The design decision about which method to use will require the architect to balance the requirement for flexibility in the data center against the potential risk of a DNS outage.

If DNS is experiencing problems or is otherwise unavailable, you might not be able to resolve the FQDN of the target syslog server, and events cannot be forwarded. Similarly, if the DNS servers are virtual machines residing on the hosts being configured, the ability to forward syslog messages also relies on the availability of the DNS virtual machines. This design decision will require the architect to balance the requirement for flexibility in the data center against the potential risk of a DNS outage.

Syslog agents, such as vmsyslogd, often include some level of DNS caching, making it possible for the syslog component to maintain a certain amount of name resolution even during a service disruption. However, if a dependency on key resources exist, such as the one described above for DNS, highlight it as a design risk. Also, if the source device for DNS is rebooted, or has its management agents restarted, any previously cached name resolution is lost and the syslog client will not be able to resolve the FQDN of the target server.

Despite these risks, the primary advantage of using the host name and DNS over an IP address is the flexibility it provides to change the syslog server application or the IP address associated with it, without the need to update all the syslog source configuration values on all devices that target that syslog server instance.

This flexibility can also be useful in a business continuity and disaster recovery (BCDR) design. The configuration of the remote syslog server location using the FQDN makes it possible to easily adjust DNS records to globally modify the syslog target. However, keep in mind that the vmsyslogd caching mechanism means that ESXi hosts will not update their local DNS cache automatically.