Has anyone had joy with getting the VTM auditlog to output to a remote syslog server? I have set the global option auditlog!via_syslog=yes and also set the alerting actions to output to syslog. The "update and test" syslog works fine and an info message is logged to syslog whenever a configuration change is made, but it does not log the whole auditlog to syslog (usernames, timestamps, actions etc).
Solved! Go to Solution.
Could you please raise a support ticket?
It looks like a bug and I can reproduce it (tcpdump don't show any syslog packets leaving the vtm).
FYI, I raised a support request and it turns out not to be a bug but by design (although the wording is very misleading!). The "auditlog!via_syslog" global option only logs to a local syslog server. To log to a remote syslog server you need to select the "auditlog!via_eventd" global option. You can then configure your remote syslog server as a new alerting action and set the "Audit Events" event to point to that action.