Section: HKEY_LOCAL_MACHINE\SOFTWARE\Kiwi Enterprises\Syslogd\Properties
Value (STRING): OriginalAddressStartTag
Default value: "Orignial Address="
Type: Original Address Start Tag
Section: HKEY_LOCAL_MACHINE\SOFTWARE\Kiwi Enterprises\Syslogd\Properties
Value (STRING): OriginalAddressEndTag
Default value: " " (Space)
Type: Original Address End Tag
Normally, the syslog protocol is unable to maintain the original senders address when forwarding/relaying syslog messages. This is because the senders address is taken from the received UDP or TCP packet.
The way Kiwi Syslog gets around this problem is to place a tag in the message text that contains the original senders address. By default, the tag looks like Original Address=192.168.1.1. That is, the "Original Address=" tag, followed by the IP address, followed by a " " (space) delimiter or tag.
These tags are only inserted if the "Retain the original source address of the message" option is checked in the "Foward to another host" action.
See - Action - Forward to another host
The two registry keys above allow for the default start and end tags to be overidden with custom start and end tag values.
For example:
The default originating address tags:
OriginalAddressStartTag = "Orginial Address="
OriginalAddressEndTag = " " (Space)
- Which yields "Original Address=nnn.nnn.nnn.nnn ", where nnn.nnn.nnn.nnn is the originating IP address.
New (custom) originating address tags:
OriginalAddressStartTag = "<ORIGIN>"
OriginalAddressEndTag = "</ORIGIN>"
-Yields "<ORIGIN>nnn.nnn.nnn.nnn</ORIGIN>", where nnn.nnn.nnn.nnn is the originating IP address.
New (custom) originating address tags:
OriginalAddressStartTag = "F="
OriginalAddressEndTag = " "
-Yields "F=nnn.nnn.nnn.nnn ", where nnn.nnn.nnn.nnn is the originating IP address.