Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Network Performance Monitor (NPM) > Forward syslog message and retain original IP address

Forward syslog message and retain original IP address

Table of contents
Created by Richard Casey, last modified by MindTouch on Jun 23, 2016

Views: 288 Votes: 0 Revisions: 4

Overview

This article describes how to forward some or all Syslog messages in Orion to another Syslog server and keep the original IP address.

Environment

NPM 10.7 and later

Steps

  1. Open the Syslog viewer application. Go to Start > All programs > SolarWinds Orion > Syslogs and traps > Syslog viewer.
  2. Click the Rules icon.
  3. Create the rule with any filtering required as described here. Refer to https://support.solarwinds.com/Succe...g_Viewer_rules
  4. In the Alert Actions tab, select add new action.
  5. Select forward the Syslog message.
  6. Enter to target Syslog servers IP or hostname.
  7. Select Retain the original source address and Spoof Network Packet.

Notes:

  • If only the Retain the original address is selected, the original IP address will be added into the message files. If you also Spoof the address, then the source address will appear in the Hostname field.
  • It is necessary to have WinPCap installed and running on the server in order to Spoof the address.
Last modified
22:23, 22 Jun 2016

Tags

Classifications

Public