Skip to main content
Version: User Guide 6.2

Originator ID

To configure how Syslog Watcher server determines the originator ID of incoming syslog message, click Main toolbar - Configure button Configure (Main Toolbar) to open the Server Configuration window; then select the Originator IDs group.

Server Configuration - Originators IDs

Default Rule

The default rule makes the server use the sender's IP address as the originator ID.


A message sender is an entity from which the server received the message and, in case of passing through relays/proxies, is not the same as the message originator.

Adding Rules

Additional rules are required to correctly determine IDs of syslog messages passed through syslog proxies/relays and syslog messages from originators with dynamic IP addresses.

To add an additional rule:

  1. Click Add Address Range Rule

  2. Set the range of IP addresses. It is usually:

    • A single IP address for messages after a proxy/relay
    • A range that covers all possible dynamic IP addresses
  3. Set the method to extract an originator ID from a message body. It can be:

    • a built-in algorithm
    • a regular expression: enclose ID text in parentheses for extraction.
  4. Specify the behavior for various possible cases

Example of Address Range Rule

Here is an example that allows Syslog Watcher to handle syslog originators with dynamic IP addresses. We assume that an originator identifies itself in the message body as id="...".

Server Configuration - Additional Address Range Rule

Deleting Rules

To delete an additional rule:

  1. Select the rule by clicking its title area;

  2. Click Delete.