Loopback address in events instead of IP/hostname
search cancel

Loopback address in events instead of IP/hostname


Article ID: 152138


Updated On:


Security Information Manager


You have the loopback address ( in the "Collection Device IP" and "IP Source Address" fields instead of the real IP

The onboard Microsoft Windows Event Collector v4.3.30  is giving back the loopback address instead of the real IP, when the values are missing in the sensor configuration.


There is some changes for the mechanism how event collector define IP address from the windows machine. Name resolution has been taken in part of the definition and it will depend on how local sensor is configured within the event collector. For example, if event collector is installed on machine A with sensors configured to collect events from machine A, B and C. To avoid source/destination ip address to show as, Monitored Host Name for local sensor (machine A) must not be "localhost" or "" but the actual hostname of the machine A. You will also need to input "Account Name" and "Password" (cannot leave blank)


This was addressed with a LiveUpdate for Microsoft Windows Event Collector v4.3.30, released March, 2010