Are you saying you can see alerts but not audit events?  Or you cant see both?  If the later, what port are you using for the TCP connection?  If possible try using port 443, and configure your syslog server to receive on that port also.

I can’t see both. Neither Audit nor alerts. In our environment, there might not be any alerts but audit logs can be seen in the ‘Reports > Audit Trails’ report.

For BG, I have configured a rsyslog server (to listen on 2 different ports over UDP and TCP) which is routed through a public IP and is reachable from the Metallic's infrastructure.

I tried using 443 as well but there are no logs seen in the /var/log/syslog file on the rsyslog server.

Hello,

I got the same problem here. Were you able to find a solution so far?

Regards,

Yanick

My $0.02 -- your commands my vary, but examples from my environment.

Verify the syslog server is listening:

# netstat -an | grep :514
udp        0      0 0.0.0.0:514             0.0.0.0:*                          
udp6       0      0 :::514                  :::*       

Verify the port is open in the firewall:

# firewall-cmd --info-service=syslog | grep 514
  ports: 514/udp

# firewall-cmd --query-service=syslog
yes

You will see data in /var/log/messages:

# tail /var/log/messages | grep commserve
Jun 25 16:32:26 commserve Events: Eventid = {874213}  Occurrencetime = {25 Jun 2024 16:29:43}  Eventseverity = {Information}  Commcellname = {commserve}  Computer = {commserve}  Eventcode = {35:4952}  Program = {WebServer}  Description = {Syslog - Audit is enabled for Commcell}  Utctimestamp = {1719350983}  

Thanks,
Scott