Windows Server 2008 Subscriptions + SolarWinds Log Forwarder for Windows + Syslog-ng

Dear members,

I had configured a Windows Server 2008 R2 64bit Event Subscription.
http://www.sysadminlab.net/windows/forward-event-log-from-several-server-to-a-central-windows-2008-server

I use SolarWinds Log Forwarder for Windows. I add an  EventLogSubscription "ForwardedEvents", and a SyslogServer. My syslog server is Syslog-NG. My syslog-ng server timestamp and enchript the logs and forwarded it to an Syslog Analysator.

The problem:

I Recive the following log on Syslog-ng 

Feb  8 09:10:59 10.254.204.66 févr.: 08 09:07:30 HUNSVDC001 MSWinEventLog       5       Security        239     mar. févr. 08 09:06:02 2011     673     Security      S-1-5-18        N/A     Audit Success   HUNSVDC001      9       Service Ticket Request:

        User Name:              user

        User Domain:            domain

        Service Name:           HUNSLW3P11$

        Service ID:             %{S-1-5-21-1291854300-800608146-227697207-64185}

        Ticket Options:         0x40810000

        Ticket Encryption Type: 0x17

        Client Address:         10.254.204.42

        Failure Code:           -

        Logon GUID:             {2b5b358a-bfcf-6428-1f0b-6c326d370511}

        Transited Services:     -

Feb  8 09:10:59 10.254.204.66 févr.: 08 09:07:30 HUNSVDC001 MSWinEventLog       5       Security        240     mar. févr. 08 09:06:03 2011     673     Security      S-1-5-18        N/A     Audit Success   HUNSVDC001      9       Service Ticket Request:

        User Name:              user

        User Domain:            domain

        Service Name:           HUNSVDC002$

        Service ID:             %{S-1-5-21-1291854300-800608146-227697207-60176}

        Ticket Options:         0x40810000

        Ticket Encryption Type: 0x17

        Client Address:         10.254.204.42

        Failure Code:           -

        Logon GUID:             {82fc095e-e762-cd2d-ecdb-2cd1ec0804ab}

        Transited Services:     -

I recive all events as 10.254.204.66 and not as HUNSVDC001 or HUNSVDC00 or other valid source host.

How can I configure the SolarWinds Log Forwarder for Windows Software to forward the event.

My configuration:

<?xml version="1.0" encoding="utf-8"?>

<LogForwarderSettings xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1.1.13">

  <EventLogSubscriptions>

    <EventLogSubscription>

      <channels>

        <string>ForwardedEvents</string>

      </channels>

      <types>

        <int>1</int>

        <int>2</int>

        <int>4</int>

      </types>

      <sources />

      <eventIDs />

      <categories />

      <keywords />

      <users />

      <computers />

      <facility>13</facility>

      <enabled>true</enabled>

      <name>New Event Log Subscription</name>

      <description>Forwardedevents</description>

    </EventLogSubscription>

  </EventLogSubscriptions>

  <SyslogServers>

    <SyslogServer>

      <serverName>New Syslog Server</serverName>

      <IPAddress>10.254.204.47</IPAddress>

      <Port>514</Port>

      <enabled>true</enabled>

    </SyslogServer>

  </SyslogServers>

  <DebugMode>false</DebugMode>

</LogForwarderSettings>