To configure how Syslog Watcher server determines the originator ID of incoming syslog message, click Configure (Main Toolbar) to open the Server Configuration window; then select the Originator IDs group.
The default rule makes the server use the sender's IP address as the originator ID.
A message sender is an entity from which the server received the message and, in case of passing through relays/proxies, is not the same as the message originator.
Additional rules are required to correctly determine IDs of syslog messages passed through syslog proxies/relays and syslog messages from originators with dynamic IP addresses.
To add an additional rule:
Click Add Address Range Rule
Set the range of IP addresses. It is usually:
- A single IP address for messages after a proxy/relay
- A range that covers all possible dynamic IP addresses
Set the method to extract an originator ID from a message body. It can be:
- a built-in algorithm
- a regular expression: enclose ID text in parentheses for extraction.
Specify the behavior for various possible cases
Example of Address Range Rule
Here is an example that allows Syslog Watcher to handle syslog originators with dynamic IP addresses. We assume that an originator identifies itself in the message body as
To delete an additional rule:
Select the rule by clicking its title area;