How to forward the messages with the original IP in the header instead of sender's IP address?

Created 2004-06-14 by Tamsila-Q-Siddique

We are forwarding some of Syslog messages using WinSyslog / MonitorWare Agent, but when the message shows up at the other location, it appears with the forwarding servers IP address instead of the originating devices IP address in the header. Is there a way to forward the messages with the original IP in the header instead?

What you experience is actually a shortcoming in the "Syslog Protocol" itself. The address is taken from the sender, so when a message is relayed, the sender's address changes. However, there are a number of cures, each depending on your needs, configuration and eventually the edition to use.

  1. If your devices are RFC 3164 compliant (many are unfortunately not), you can take the hostname from the Syslog header. There is an option in MonitorWare Agent / WinSyslog "RFC 314 parsing" which you can enable to get hold of this.

    Please note that it is disabled by default because non-compliant devices can really create very strange values in the header fields.

  2. You can use Adiscon's proprietary SETP protocol, which solves this issue (this may require an edition upgrade). Click here to know the difference between SETP and Syslog!

  3. You can forward the message in "XML Format". That will make it look strange, but you will receive all information. If you do machine parsing, the strangeness may not be an issue (if you work around it in your parser).

  4. You can also enable the "Include Original Host" option in the Syslog forwarder, which will simply add a tag "FromHost: <ip>" at the beginning of the header.

    Please note that this in itself is not RFC 3164 compliant.

Click on MonitorWare Agent and WinSyslog to see different editions of each product.

 The Products
MonitorWare Products
Product Comparison
Which one to Purchase?
Order and Pricing
Upgrade Insurance Info
News Releases
Version History
MonitorWare Tools
 Event Repository
 Reference library
General Information
Step-by-step guides
 - All
 - Installation and Configuration
 - Services related
 - Actions related
 - Central Monitoring
Common Uses
Syslog configuration
Syslog Log Samples
Security Reference
 - All
 - General questions
 - Configurations related
 - Monitorware Agent
 - Monitorware Console
Seminars Online
 - All
 - General
 - MonitorWare Console
 - MonitorWare Agent
 - WinSyslog related
 - EventReporter
 Order & pricing
Order now
Product Comparison
Pricing Information
Upgrade Insurance Info
Local Reseller
 Contact Us
 Data privacy policy

Printer Version Send this page to a friend

Copyright © 1988-2005 Adiscon GmbH All rights reserved.
Contact us via Secure Web Response | Privacy Policy
Topic Links: syslog | Free Weblinks Directory