Yes I am forwarding all logging to logging event manager in solarwinds.  That's one of the reasons why I want have it resolve either the hostname or the string that I put in so that when the email alerts are sent they don't contain just the IP but the name of the router as well.  I have tried logging origin-id hostname previously and that also didn't work.  See below.

#sh run | i logging
logging buffered 51200 debugging
logging trap debugging
logging origin-id hostname
logging facility local5
logging source-interface FastEthernet0/0.1
logging 192.168.*.*

Feb  9 13:56:46.723: %SYS-5-CONFIG_I: Configured from console by brandon.strode.adm on vty0

This was pulled just now from logging after changing the config to hostname and performing copy run start.

have you tried

logging origin-id ip

HQ(config)#logging origin
HQ(config)#logging origin-id ?
     hostname     Use origin hostname as ID
     ip                 Use origin IP address as ID
     ipv6             Use origin IPv6 address as ID
    string            Define a unique text string as ID
<cr>

HQ(config)#logging origin-id ip ?
<cr>

HQ(config)#logging origin-id ip

I have not tried that yet.  However the logging event manager is already correlating the events from the source interface IP.  I just didn't understand why the logs on my router dont contain the hostname or string that I input.  What is causing it not to add that to the logs? I believe that if the logging was correct on the router I would be receiving the proper information in LEM.

I did see a bunch of Bugs that relate to this but since you are on EOL code it is harder to check stuff. I figured maybe if you set the IP and see if that works, then remove the command and retry the hostname command may it will kick it in the butt and work.

Mike

I'll give it a shot and post the results

Also maybe it could be how Solarwinds is taking the syslog information and it is just not using the hostname. Maybe contact solarwinds and ask them, there could be a setting that you can toggle.

Mike

This is what I am getting after setting the origin-id to ip

*Feb  9 14:41:19.011: %SYS-5-CONFIG_I: Configured from console by brandon.strode.adm on vty0

It's like the origin-id command isn't working at all.

My guess is a bug or something possibly with SolarWinds and how it receives the info. Do you have other Cisco gear that is newer where you could try it on that?

Mike

So I tried on a more current router.  This is one of our new routers on the network and the same model I will be upgrading all my older ones too.  see below

sh ver

Cisco IOS XE Software, Version 03.16.05.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S5, 

cisco ISR4331/K9

#sh run | i logging

logging buffered 51200
no logging console
no logging monitor
logging enable
logging size 1000
logging trap debugging
logging origin-id hostname
logging facility local5
logging source-interface GigabitEthernet0/0/0.1
logging host 192.168.*.*

#sh logging

yslog logging: enabled (0 messages dropped, 5 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 4 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled

No active filter modules.

Trap logging: level debugging, 127 message lines logged

Logging to 192.168.*.* (udp port 514, audit disabled,
link up),
31 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging Source-Interface: VRF Name:
GigabitEthernet0/0/0.1

Log Buffer (51200 bytes):

Feb 9 18:41:06.791: %SYS-5-LOG_CONFIG_CHANGE: Buffer logging: level debugging, xml disabled, filtering disabled, size (51200)
Feb 9 18:41:06.792: %PARSER-5-CFGLOG_LOGGEDCMD: User:brandon.strode.adm logged command:logging buffered 51200
Feb 9 18:41:42.511: %SYS-5-CONFIG_I: Configured from console by brandon.strode.adm on vty0 
Feb 9 18:42:01.668: %SYS-5-CONFIG_I: Configured from console by brandon.strode.adm on vty0 

Try removing this line...

logging source-interface GigabitEthernet0/0/0.1

and then re-add it and try.

Mike