OriginalAddressStartTag and OriginalAddressEndTag
This documentation is for legacy Kiwi Syslog Server versions 9.8.3 and older.
Use the Kiwi Syslog Server registry setting OriginalAddressStartTag to override the default start tag for the sender's original address.
| Section (32-bit Windows OS) | HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Properties |
| Section (64-bit Windows OS) | HKEY_LOCAL_MACHINE\Software\WOW6432Node\SolarWinds\Syslogd\Properties |
| Value (STRING) | OriginalAddressStartTag |
| Default value | Orignial Address= |
| Type | Original Address Start Tag |
Use the OriginalAddressEndTag setting to override the default end tag for the sender's original address.
| Section (32-bit Windows OS) | HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Properties |
| Section (64-bit Windows OS) | HKEY_LOCAL_MACHINE\Software\WOW6432Node\SolarWinds\Syslogd\Properties |
| Value (STRING) | OriginalAddressEndTag |
| Default value | (Space) |
| Type | Original Address End Tag |
Normally, the syslog protocol is unable to maintain the original sender's address when forwarding/relaying syslog messages. This is because the sender's address is taken from the received UDP or TCP packet.
Kiwi Syslog solves this problem by placing a tag in the message text that contains the original sender's address. By default, the tag looks like Original Address=192.168.1.1. That is, the "Original Address=" tag, followed by the IP address, followed by a " " (space) delimiter or tag.
These tags are only inserted if the "Retain the original source address of the message" option is checked in the "Forward to another host" action.
The two registry keys above allow you to override the default start and end tags with custom start and end tag values.
For example, when nnn.nnn.nnn.nnn is the originating IP address, the default originating address tags yield the following:
Original Address=nnn.nnn.nnn.nnn
If you change the start tag to <ORIGIN> and the end tag to </ORIGIN>, the result is:
<ORIGIN>nnn.nnn.nnn.nnn</ORIGIN>