Documentation forKiwi Syslog Server

OriginalAddressPacketSniffing

As of Kiwi Syslog Server 9.7, spoofing (retaining the original source address) requires NpCap instead of WinpCap. Users have the option to keep using the WinpCap application by setting this Kiwi Syslog Server registry setting value to "0".

Section (32-bit Windows OS) HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Properties
Section (64-bit Windows OS) HKEY_LOCAL_MACHINE\Software\WOW6432Node\SolarWinds\Syslogd\Properties
Value (STRING) OriginalAddressPacketSniffing
Enable NpCap usage (default) 1
Enable WinpCap usage 0
Type String

Command line value

OriginalAddressPacketSniffing

Effect

When the registry value is set to "1" (default), the option to spoof (retain the original source address) will be performed using NpCap. This will require NpCap to be pre-installed.

When the registry value is set to "0", the option to spoof (retain the original source address) will be performed using WinpCap. This will require WinpCap to be pre-installed.

Restart the service in order to apply changes.

When to use

WinpCap may be used with older operation systems that do not function properly using NpCap. NpCap is the preferred and secure solution that SolarWinds recommends.