To add-on to this comment, Craig is correct; retaining the Originating IP Address is something the Syslog Aggregator should (the NPM/SAM/NCM Syslog/Trap and Kiwi Syslog can do this) be able to do so that it can then forward the Syslog messages from the Aggregator to the Solarwinds Server. This is the best solution as it will appear invisible to NCM or any other software tool.
If your Aggregator does not support Forwarding the Originating IP, you can have the original Logs sent to the Solarwinds Syslog/Trap Server, then create a rule to forward to the Aggregator by utilizing the Originating IP Address. If you go this route, I would recommend to reduce the retention of the logs for no more than 7-30 days.