20 Replies Latest reply on Feb 7, 2011 11:31 PM by byrona

    Give us your feedback: Retain original source IP of syslog msg when forwarding

    chris.lapoint

      Problem:  Orion Syslog forwards messages with the IP address of the Orion server and not the original host.  This makes it difficult to integrate with other external systems or NMS.

      Solution:  We've got a couple of options that we're exploring for implementation:

      1. Add tag to Syslog message that contains original source IP address (e.g. Original Source IP Address = ).   It would be up to the receiving system to parse the source IP address from the tag in the message.

      2. Spoof the UDP packet so that Orion Syslog can act as a transparent proxy.   Source IP address of the message will look like it's coming from the original source.

      We've heard from some of you that option #2 is less desirable due to the firewall issues with spoofed packets, so we're leaning towards option #1 unless you tell us different. 

      Please speak up if you'd like to vote for #2.

      Thanks in advanced for your help!