Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Log & Event Manager (LEM) > Syslogs Node in LEM using wrong IP

Syslogs Node in LEM using wrong IP

Table of contents
Created by James Nielsen, last modified by MindTouch on Jun 23, 2016

Views: 22 Votes: 1 Revisions: 6

Overview

The way the LEM receives syslogs may cause the expected IP address to be different than the IP address used in the LEM.

Environment

All LEM Versions

Detail

The LEM's syslog collector is set to use the UDP source address of incoming syslogs rather than the IP address or hostname in the syslog message. This normally does not pose a problem except when relaying syslog messages or using a node with multiple ip addresses. If possible, IP Spoofing will need to be used to correct the Node IP.

 

Last modified
20:22, 22 Jun 2016

Tags

Classifications

Public