Hey Guys, Hope you can help me.
My syslog config looks like this.
show system syslog
archive size 100k files 3;
user * {
any emergency;
}
host 192.168.1.72 {
any any;
authorization any;
daemon any;
security any;
user any;
firewall any;
change-log any;
match "RT_IDP|IDP_ATTACK_LOG_EVENT";
allow-duplicates;
port 5544;
source-address 192.168.10.1;
}
file messages {
authorization info;
}
file interactive-commands {
interactive-commands error;
match UI_CMDLINE_READ_LINE;
}
file IDP_Log {
any any;
archive size 10m files 3;
structured-data;
}
file idp-attack-event.log {
user info;
match IDP_ATTACK_LOG_EVENT;
archive size 1000k world-readable;
structured-data;
}
file ids {
any any;
match RT_IDS;
archive world-readable;
structured-data;
}
console {
any any;
}
source-address 192.168.10.1;All I want to do send syslogs that pertain to IDP attack events, Authentication, Chassis Information and config changes to my remote syslog server.
I can't figure out what's wrong. Thanks in advance.