Administer > Monitor your network > Monitor Syslog messages > Forward Syslog messages

Forward syslog messages

The Syslog message forwarding action allows you to forward received syslog messages. Additionally, if you have WinPCap version 3.0 or later installed on your Orion server, you can forward syslog messages as spoofed network packets.

The following procedure assumes you are editing a Forward the Syslog Message alert action. For more information, see Trigger alerts when receiving specific Syslog messages.

  1. Provide the hostname or IP address of the destination to which you want to forward the received syslog message.
  2. Provide the UDP Port you are using for Syslog messaging.

    The default is UDP port 514.

  3. Specify what IP address should be used for the source device in the syslog message. By default, the device IP is replaced by the Orion server IP address.
    1. To designate a specific IP address or hostname as the Syslog source, select Retain the Original Source Address of the Message, select Use a Fixed Source IP Address, and provide the IP address or hostname.
    2. To keep the original IP address of the syslog source device, select Retain the Original Source Address of the Message, select Spoof Network Packet, and select the Network Adapter.
  4. Click OK to complete the configuration.

You have defined the destination, port for sending the syslog message, and the source IP of the device in the syslog message used in the alert action.