4 Replies Latest reply on Apr 13, 2010 1:25 PM by bshopp

    Syslog Forwarding Issue

      I'm trying to figure out how to Forward an incoming Syslog message from my devices from the Solarwinds Syslog Sever, to a second Syslog server. I'm able to forward the traps along with no problem, but to the secondary system, the message looks like it came from the Solarwinds Syslog server. I need for the Hostname/IP of the originating system to be preserved in the message that gets forwarded along.

      I noticed in the Release notes for Orion 9.1 this note:

      • The source field of forwarded Syslog messages is now correctly populated with the IP address of the Syslog message source, instead of the IP address of the forwarding Orion NPM server.

      I do have Orion 9.1 with SP1 installed, and yet I still see the Solarwinds Syslog Server being the sender, and not having it show the originating Hostname/IP.

       

      Can someone shed some light on this?
      Thank you,
      Stephen

        • Re: Syslog Forwarding Issue
          Craig Norborg

          Hmm...   I use syslog-ng on a unix box set up to forward syslog traffic to my Orion server and another one (Ciscoworks).   With syslog-ng I filter out alot of the garbage before I forward it, keeps the Orion server running well.   I also have it saving raw logs in case I need to go back for some reason.   Just a simple VM so there were no hardware costs.

           

          To do this I had to set up the daemon spoof the IP...   Not too hard to do from what I remember.  Not a solution to your problem, but a potential option I would think...