Syslog Originators
A syslog originator is an entity that originally generated a syslog message. It can be a network device, a server, a software product, or another generator of syslog messages.
The term "syslog originator" is equal to the term "syslog source" used in Syslog Watcher 5 and earlier.
The two main attributes of an originator are:
-
Unchangeable originator ID identifies each originator uniquely from the server's point of view;
-
User-defined originator Name makes the identification easier for the users.
In most simple cases, the originator ID equals the IP address and the originator name corresponds to the domain name of the message sender. This approach does not work if dynamic IP addresses are used or IP addresses may change for other reasons. Also, it is impossible to uniquely identify the originator by the sender's IP address if syslog proxies or syslog forwarders/relays are used. To resolve these complex cases, add additional rules for determining originator IDs.