OriginalAddressPacketSniffing
This documentation is for legacy Kiwi Syslog Server versions 9.8.3 and older.
Spoofing (retaining the original source address) requires NpCap instead of WinpCap. Users have the option to keep using the WinpCap application by setting this Kiwi Syslog Server registry setting value to "0".
The Microsoft Visual C++ 2013 (x86) Redistributable component is required for spoofing.
| Section (32-bit Windows OS) | HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Properties |
| Section (64-bit Windows OS) | HKEY_LOCAL_MACHINE\Software\WOW6432Node\SolarWinds\Syslogd\Properties |
| Value (STRING) | OriginalAddressPacketSniffing |
| Enable NpCap usage (default) | 1 |
| Enable WinpCap usage | 0 |
| Type | String |
Command line value
OriginalAddressPacketSniffing
Effect
When the registry value is set to "1" (default), the option to spoof (retain the original source address) will be performed using NpCap. This will require NpCap to be pre-installed.
When the registry value is set to "0", the option to spoof (retain the original source address) will be performed using WinpCap. This will require WinpCap to be pre-installed.
Restart the service in order to apply changes.
When to use
WinpCap may be used with older operation systems that do not function properly using NpCap. NpCap is the preferred and secure solution that SolarWinds recommends.