Originator ID

To configure how Syslog Watcher server determines the originator ID of incoming syslog message, click Configure (Main Toolbar) to open the Server Configuration window; then select the Originator IDs group.

Default Rule

The default rule makes the server use the sender's IP address as the originator ID.

info

A message sender is an entity from which the server received the message and, in case of passing through relays/proxies, is not the same as the message originator.

Adding Rules

Additional rules are required to correctly determine IDs of syslog messages passed through syslog proxies/relays and syslog messages from originators with dynamic IP addresses.

To add an additional rule:

1. Click Add Address Range Rule

2. Set the range of IP addresses. It is usually:

   • A single IP address for messages after a proxy/relay
   • A range that covers all possible dynamic IP addresses

3. Set the method to extract an originator ID from a message body. It can be:

   • a built-in algorithm
   • a regular expression: enclose ID text in parentheses for extraction.

4. Specify the behavior for various possible cases

Example of Address Range Rule

Here is an example that allows Syslog Watcher to handle syslog originators with dynamic IP addresses. We assume that an originator identifies itself in the message body as id="...".

Deleting Rules

To delete an additional rule:

1. Select the rule by clicking its title area;

2. Click Delete.