Originating Address - Custom Start and End tags

Section: HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Properties

Value (STRING): OriginalAddressStartTag

Default value:        "Orignial Address="

Type:                Original Address Start Tag

Section: HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Properties

Value (STRING): OriginalAddressEndTag

Default value:        " " (Space)

Type:                Original Address End Tag

Normally, the syslog protocol is unable to maintain the original senders address when forwarding/relaying syslog messages. This is because the senders address is taken from the received UDP or TCP packet.

The way Kiwi Syslog gets around this problem is to place a tag in the message text that contains the original senders address.  By default, the tag looks like Original Address=192.168.1.1. That is, the "Original Address=" tag, followed by the IP address, followed by a " " (space) delimiter or tag.

These tags are only inserted if the "Retain the original source address of the message" option is checked in the "Foward to another host" action.

See - Action - Forward to another host

The two registry keys above allow for the default start and end tags to be overidden with custom start and end tag values.

For example:

The default originating address tags:

OriginalAddressStartTag = "Orginial Address="

OriginalAddressEndTag = " " (Space)

- Which yields "Original Address=nnn.nnn.nnn.nnn ", where nnn.nnn.nnn.nnn is the originating IP address.

New (custom) originating address tags:

OriginalAddressStartTag = "<ORIGIN>"

OriginalAddressEndTag = "</ORIGIN>"

-Yields "<ORIGIN>nnn.nnn.nnn.nnn</ORIGIN>", where nnn.nnn.nnn.nnn is the originating IP address.

New (custom) originating address tags:

OriginalAddressStartTag = "F="

OriginalAddressEndTag = " "

-Yields "F=nnn.nnn.nnn.nnn ", where nnn.nnn.nnn.nnn is the originating IP address.