If I setup Kiwi Syslog to forward to another system such a Voyence. Will Kiwi keep the source IP of the deivce that sent the syslog?
From Syslog AG:
3.3.5 Action - Forward to another host
Retain the original source address of the message
Normally, the syslog protocol is unable to maintain the original senders address when forwarding/relaying syslog messages. This is because the senders address is taken from the received UDP or TCP packet.
The way Kiwi Syslog gets around this problem is to place tags in the message text that contains the original senders address. By default, the tags looks like Original Address=192.168.1.1. That is, the "Original Address=" tag, followed by the IP address, followed by a space delimiter.
These tags are only inserted if the "Retain the original source address of the message" option is checked.
These tags can also be overidden by way of two registry settings, named OriginalAddressStartTag and OriginalAddressEndTag.
For more information on overiding the default originating address start and end tags, please see - Originating Address - Custom Start and End tags
Note: If the "Spoof Network Packet" option is used, then the "Original Address=" tag will not be used. The Syslog packet will be fowarded to the destination address as though it has been sent from the originating IP address.
So with Kiwi Syslog version 9.3.3 all I have to do is check "Retain the original source address of the message"? I just checked it and when I did that under the Use a fixed source IP address: I can type something. Do I want or should I just leave it blank so it will send the source of the device's address?
I would leave the fixed source IP field blank.
The Test in the "Forward to another host" works great in Test , but i am not getting any syslog thats is sent to the kiwi syslog
