When Forwarding Packets, If you want to retain the original source address you can use the “Spoof Network Packet” option.
Kiwi Syslog Server
This feature is only available in the licensed version, requires WinPcap 4.1+ installation.
This option only applies to syslog messages forwarded via UDP protocol with IPv4 address only.
This option only applies to syslog messages forwarded via UDP protocol.
The network packet will be spoofed to appear as though the fowarded message has come directly from the originating devices' IP address, and not the address of the Syslog Server. Kiwi Syslog Server will use the Selected Network Adapter to send the spoofed UDP/IP packet.
This option also requires that WinPcap version 4.1 and above is installed. WinPcap (Windows Packet Capture library) is available for download from: WinPcap, The Packet Capture and Network Monitoring Library for Windows
Use the Test button to send a test Syslog message to the host(s) specified.
Note: If the "Spoof Network Packet" option is used, then the "Original Address=" tag will not be used. The Syslog packet will be fowarded to the destination address as though it has been sent from the originating IP address.
In the Error log you will see the following:
“Forward Syslog Message [Spoof UDP packet] Failed : WinPCap version 3.0 and above is required for packet spoofing”
Reinstall WinPCap version 3.0 so that it is detected by Kiwi.