This will forward the received message to another Syslog host using the UDP or TCP syslog protocol.
Destination IP address or hostname
This is where you specify the remote host IP address or hostname to forward the messages to.
You can send messages to multiple hosts by separating each hostname or IP address with a comma.
For example: Myhost.com, SecondHost.net, 188.8.131.52
Syslog messages can be sent using UDP (default), TCP, or KRDP.
The Kiwi Reliable Delivery Protocol (KRDP) works between two Kiwi Syslog Daemons to reliably deliver syslog messages over a TCP transport.
This specifies the port number to send the message to. Recommended values are:
UDP: Port 514
TCP: Port 1468 or port 601
KRDP: Port 1468
New Facility/New Level
This allows you to force all outgoing messages to use a new Facility or Level. In most cases this option should be set to "- No change -". This will forward messages with the same Facility and Level that they arrived with.
KRDP connection identifier
This specifies the unique name assigned to the KRDP connection. Each connection between the source and destination syslog daemon needs to be identified. When the connection is broken and re-established, the sequence numbers can be exchanged and any lost messages can be resent. A separate set of message sequence numbers are kept against each connection identifier.
Examples are: Source:RemoteOffice1 or SyslogDaemon1
The string of text used will uniquely identify the source of the connection to the destination syslog daemon.
If you have more than one "Forward to another host" action configured, you can use the same connection identifier on all actions. This will mean that only a single KRDP connection is made between the source and destination syslog daemons. If you specify a different connection identifier, multiple KRDP sessions will be created.
To ensure that the identifier is unique, we recommend the use of the %MACAddress variable. This variable will be replaced by the first MAC address of the machine.
Examples are: Source:RemoteOffice1-%MACAddress
When running, the ID would look like: Source:RemoteOffice1-AA-BB-CC-DD-EE-FF-00
The MAC Address is globally unique to each network card.
Send with RFC3164 header information
This will add the standard RFC3164 header information to the outgoing message. The format is:
<Priority>Date Hostname PID Message text
The Priority is a value between 0 and 191
The Date is in the format of Mmm DD HH:NN:SS (July 4 12:44:39). Note there is no year specified.
The PID is a program identifier up to 32 characters in length
Retain the original source address of the message
Normally, the syslog protocol is unable to maintain the original senders address when forwarding/relaying syslog messages. This is because the senders address is taken from the received UDP or TCP packet.
The way Kiwi Syslog gets around this problem is to place a tag in the message text that contains the original senders address. The tag looks like Original Address=192.168.1.1. That is, the "Original Address=" tag, followed by the IP address, followed by a space delimiter.
This tag is only inserted if the "Retain the original source address of the message" option is checked.
Use a fixed source IP address
This option will use a fixed IP address in the Original Address= tag. This can be useful when you want to identify all outgoing messages as from a particular host. For example, if you have many remote syslog daemons sending messages to one central location. If each of the remote syslogs use the 10.0.0.x address range, all the received messages will appear from the same host. Specifying a different source IP address for each remote syslog could help in identifying the incoming messages better.
Use the Test button to send a test Syslog message to the host(s) specified.