Working at the Enterprise level....
We have a Kiwi server that receives all our Windows events and then forwards all syslog events to another Syslog-NG Unix server then on to SPLUNK. The problem I have is that Kiwi time stamps and IP stamps all logs as coming from its own IP. It still identifies the orginal IP address in the message but I want Kiwi to stop stamping this on the logs. Is there a way to do that?
Thanks
Mike
