Skip to content

Syslog Originators

A syslog originator is an entity that initially generates (not redirects) syslog messages. It can be a network device, server, software, or another syslog-enabled hardware.

Info

The term "syslog originator" is equivalent to "syslog source" used in Syslog Watcher 5 and earlier.

Each originator has:

  • immutable originator ID to distinguish it from other originators;

  • originator name for easier identification by users.

In simple use cases, originator ID equals message sender's IP address and the originator name is its hostname/DNS-name.

For cases with dynamic IP, syslog proxies, or syslog forwarders/relays, Syslog Watcher supports complex rules to determine originator IDs.

Originators Tab

The Originators tab shows all registered originators and provides tools to manage them.

Originators Tab Example

Originators Toolbar

  • Refresh — refreshes the list of originators;
  • Originators▼ — drop-down menu (equal to context menu) to manage the originators;
  • Manage Groups... — manages groups of originators;
  • Manage Parsers... — manages syslog parsers;
  • Hide Disabled — shows/hides disabled (inactive) originators;
  • Filter by group — filters originators based on group membership
  • Filter by ID/Name — filters originators by name or ID

Context Menu

The context menu (also duplicated as the drop-down Originators▼ menu) contains actions to add, edit, and delete originators.

Originators List - Context Menu

Add Originators (Automatic)

By default, Syslog Watcher adds (registers) an originator upon receiving the first message.

You can modify the server configuration to reject messages from unknown originators:

Option to Deal with Unknown Originators

Add Originators (Manual)

Info

You do not need to add originators manually if the automatic adding is enabled.

Select the Add Originator... command via the Originators toolbar or the context menu to add an originator.

Originator Properties

The properties are straightforward, and Syslog Watcher's user interface has built-in descriptions.

Add Originator - Properties Window

Edit Originators

Select the Edit Originator... command via the Originators toolbar or the context menu to change an originator's properties.

Info

You can edit all originator properties except the ID specified when adding (originator registration).

Delete Originators

Select the Delete Originator... command via the Originators toolbar or the context menu to delete an originator.

Warning

Deleting an originator is an irreversible action.

You will no longer see messages collected from the deleted originator.

Tip

We recommend making originators inactive (disabled) instead of deleting them.

Disable Originators

To make an originator inactive (disabled), edit its properties and set Enabled to No.

Inactive originators do not count towards the license limit.