SL4NT 2.1 Showing same IP for all source systems

Welcome Guest! To enable all features please Login or Register.

2002-02-15T17:05:54Z

Date parsed: 2/15/2002 5:05:54 PM

Date: Fri, 15 Feb 2002 17:05:54 +0100

Hi Simmi,

the source ip-address is the ip-address of the sender of the syslog

datagram, which is, of course, the ip-address of the forwarding SL4NT

service.

But you can do the following on the first (forwarding) SL4NT computer:

Create a custom log format with (for example) the following format string:

[<IPAddressSource>]:<MessageText>

Then configure your forwarding action to use this new custom log format.

By doing this, the ip-address of the originating device will be included in

the message text that is forwarded to the second SL4NT computer.

Franz

[<IPAddressSource>]:<MessageText>

"simmi" <simmiv@ozemail.com.au> wrote in message

news:tmQSSahtBHA.2148@is1.netal.com...

> I'm using SL4NT on one NT server to receive syslog messages from multiple

> systems. This server in turn passes them on to another server running

SL4NT

> which logs them to one file. However, all the entries have the IP address

> of the first NT server so I can't tell from which source system each

message

> came. What can I change to enable the original IP address to appear in

the

> consolidated log?

> Rgds,

> Simmi

2002-02-16T08:42:56Z

Date parsed: 2/16/2002 8:42:56 AM

Date: Fri, 15 Feb 2002 22:42:56 +1100

I'm using SL4NT on one NT server to receive syslog messages from multiple

systems. This server in turn passes them on to another server running SL4NT

which logs them to one file. However, all the entries have the IP address

of the first NT server so I can't tell from which source system each message

came. What can I change to enable the original IP address to appear in the

consolidated log?

Rgds,

Simmi

The netal.com - Support uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More Details Close