Hi All!
I was reading the following article:
Decoder: Configure Syslog Forwarding to Destination
and I've tested it, but I saw the decoder doesn't send the original IP of de original device into the syslog message, causing the reciever syslog server to see all the events comming from the same IP (the decoders IP).
May be I'm missing something or the decoder isn't able to send the device IP on the syslog message?
Regards,
Max
Hi Max,
you can specify it using the "retainsource" attribute when you define the destination:
name=(udp|tcp|tls):host:port[:(retainsource|rfc3164)]
More details on the link https://community.rsa.com/docs/DOC-80183
Cheers,
Alessio