Date parsed: 2/15/2002 5:05:54 PM
Date: Fri, 15 Feb 2002 17:05:54 +0100

Hi Simmi,

the source ip-address is the ip-address of the sender of the syslog
datagram, which is, of course, the ip-address of the forwarding SL4NT
service.

But you can do the following on the first (forwarding) SL4NT computer:

Create a custom log format with (for example) the following format string:

[<IPAddressSource>]:<MessageText>

Then configure your forwarding action to use this new custom log format.

By doing this, the ip-address of the originating device will be included in
the message text that is forwarded to the second SL4NT computer.

Franz


[<IPAddressSource>]:<MessageText>
"simmi" <simmiv@ozemail.com.au> wrote in message
news:tmQSSahtBHA.2148@is1.netal.com...
> I'm using SL4NT on one NT server to receive syslog messages from multiple
> systems. This server in turn passes them on to another server running
SL4NT
> which logs them to one file. However, all the entries have the IP address
> of the first NT server so I can't tell from which source system each
message
> came. What can I change to enable the original IP address to appear in
the
> consolidated log?
> Rgds,
> Simmi
>
>

Date parsed: 2/16/2002 8:42:56 AM
Date: Fri, 15 Feb 2002 22:42:56 +1100

I'm using SL4NT on one NT server to receive syslog messages from multiple
systems. This server in turn passes them on to another server running SL4NT
which logs them to one file. However, all the entries have the IP address
of the first NT server so I can't tell from which source system each message
came. What can I change to enable the original IP address to appear in the
consolidated log?
Rgds,
Simmi