syslog parsing: associating messages with the source node not the syslog forwarder

RichardLetts

We have thousands of network devices all logging to a set of central syslog servers.

I can get the messages forwarded from the syslog servers, but they all appear to be associated with the server, rather than with the device having the problem, e.g.:

7/30/2012 1:27:54 PM	compass	Notice	fpc2/68.179.203.72 MIC(2/3) link 4 SFP receive power low  alarm set
7/30/2012 1:27:52 PM	compass	Error	68.179.204.0/68.179.204.0 rpd[1418]: bgp_connect_start: connect 2607:fa78::c (Internal AS 10430): No route to host

Is there a way to configure the syslog service to parse out the IP address and associate these with the correct device (rather than the syslog server), or am I going to have to update the configurations of the network devices to log to NPM directly.

Thanks

/RjL

RichardLetts

we went ahead and deployed the change to switch and router configurations to send the syslog and trap information directly to the Solarwinds servers at the same time as we weer updating other standard parts of the configurations.