Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Network Performance Monitor (NPM) > Forward syslog message and retain original IP address

Forward syslog message and retain original IP address

Table of contents
Created by Richard Casey, last modified by MindTouch on Jun 23, 2016

Views: 2,714 Votes: 0 Revisions: 4

Overview

This article describes how to forward some or all Syslog messages in Orion to another Syslog server and keep the original IP address.

Environment

NPM 10.7 and later

Steps

  1. Open the Syslog viewer application. Go to Start > All programs > SolarWinds Orion > Syslogs and traps > Syslog viewer.
  2. Click the Rules icon.
  3. Create the rule with any filtering required as described here. Refer to https://support.solarwinds.com/Succe...g_Viewer_rules
  4. In the Alert Actions tab, select add new action.
  5. Select forward the Syslog message.
  6. Enter to target Syslog servers IP or hostname.
  7. Select Retain the original source address and Spoof Network Packet.

Notes:

  • If only the Retain the original address is selected, the original IP address will be added into the message files. If you also Spoof the address, then the source address will appear in the Hostname field.
  • It is necessary to have WinPCap installed and running on the server in order to Spoof the address.
Last modified

Tags

Classifications

Public