Dear members,
I had configured a Windows Server 2008 R2 64bit Event Subscription.
http://www.sysadminlab.net/windows/forward-event-log-from-several-server-to-a-central-windows-2008-server
 
I use SolarWinds Log Forwarder for Windows. I add an  EventLogSubscription "ForwardedEvents", and a SyslogServer. My syslog server is Syslog-NG. My syslog-ng server timestamp and enchript the logs and forwarded it to an Syslog Analysator.
 
The problem:
I Recive the following log on Syslog-ng 
 
Feb  8 09:10:59 10.254.204.66 févr.: 08 09:07:30 HUNSVDC001 MSWinEventLog       5       Security        239     mar. févr. 08 09:06:02 2011     673     Security      S-1-5-18        N/A     Audit Success   HUNSVDC001      9       Service Ticket Request:
        User Name:              user
        User Domain:            domain
        Service Name:           HUNSLW3P11$
        Service ID:             %{S-1-5-21-1291854300-800608146-227697207-64185}
        Ticket Options:         0x40810000
        Ticket Encryption Type: 0x17
        Client Address:         10.254.204.42
        Failure Code:           -
        Logon GUID:             {2b5b358a-bfcf-6428-1f0b-6c326d370511}
        Transited Services:     -
Feb  8 09:10:59 10.254.204.66 févr.: 08 09:07:30 HUNSVDC001 MSWinEventLog       5       Security        240     mar. févr. 08 09:06:03 2011     673     Security      S-1-5-18        N/A     Audit Success   HUNSVDC001      9       Service Ticket Request:
        User Name:              user
        User Domain:            domain
        Service Name:           HUNSVDC002$
        Service ID:             %{S-1-5-21-1291854300-800608146-227697207-60176}
        Ticket Options:         0x40810000
        Ticket Encryption Type: 0x17
        Client Address:         10.254.204.42
        Failure Code:           -
        Logon GUID:             {82fc095e-e762-cd2d-ecdb-2cd1ec0804ab}
        Transited Services:     -
I recive all events as 10.254.204.66 and not as HUNSVDC001 or HUNSVDC00 or other valid source host.
How can I configure the SolarWinds Log Forwarder for Windows Software to forward the event.
 
 
My configuration:
<?xml version="1.0" encoding="utf-8"?>
<LogForwarderSettings xmlns:xsi="">www.w3.org/.../XMLSchema-instance" xmlns:xsd="">www.w3.org/.../XMLSchema" version="1.1.13">
  <EventLogSubscriptions>
    <EventLogSubscription>
      <channels>
        <string>ForwardedEvents</string>
      </channels>
      <types>
        <int>1</int>
        <int>2</int>
        <int>4</int>
      </types>
      <sources />
      <eventIDs />
      <categories />
      <keywords />
      <users />
      <computers />
      <facility>13</facility>
      <enabled>true</enabled>
      <name>New Event Log Subscription</name>
      <description>Forwardedevents</description>
    </EventLogSubscription>
  </EventLogSubscriptions>
  <SyslogServers>
    <SyslogServer>
      <serverName>New Syslog Server</serverName>
      <IPAddress>10.254.204.47</IPAddress>
      <Port>514</Port>
      <enabled>true</enabled>
    </SyslogServer>
  </SyslogServers>
  <DebugMode>false</DebugMode>
</LogForwarderSettings>