I have my ELK Stack remote syslog running and it receives messages just fine. Even from the EdgeRouter except I cannot get the firewall logs to send. I can see the logs in /var/log/messages just fine. Normally I would configure /etc/rsyslog.d/vyatta-log.conf as *.* @remotesysloghost and all work just fine. However using the CLI it does not appear to allow us to define facility all level all. So just curious if others have been able to get this working or not.
Below is the configuration for my remote syslog host.
host elk.etsbv.internal {
facility all {
level info
}
facility kern {
level debug
}
facility protocols {
level debug
}
}
I am currently running the following:
Version: v1.9.0
Build ID: 4901118
Build on: 08/04/16 11:31
Copyright: 2012-2016 Ubiquiti Networks, Inc.
HW model: EdgeRouter PoE 5-Port