Hi everyone,
I am trying to deploy a complex system because we have different locations which are connected through VPN site to site. I thought was better to install a local syslog to each of the sites and forward the logs to Solarwinds SEM.
I am using Kiwi Syslog server on each site and configured the forwarding rules. What i do not like about this implementation is that the logs in Solarwinds SEM are showing as they are coming from Kiwi and not from actual device. I can not understand what is that log linked too. I am sending logs to Kiwi from Sonicwall, different switches, but when those are forwarded to Solarwind SEM are showing as single IP ( Kiwi IP).
Does anyone has any experience how to configure the local Syslog and forward the logs to Solarwinds SEM but keep the original source IP? I want to follow this model here : https://documentation.solarwinds.com/en/success_center/sem/content/admin_guide/1.0-understanding_sem/sem-deployment-complex-with-syslog.htm
Thank you
Brian
