Hello , I have a problem. I am setting the option audit notification following the manual "NSP_Admin_Domain_Configuration_61_700-2368-00_en-us.pdf", the syslog server is a RSA Envision but checking the audit logs I see that at times reach the audit logs but at other times not.
For example, when I log on with admin user at times I see a audit log but when I log off I dont see the audit log in the syslog sever sometimes I can see that.
The same way when I make some modification of settings , sometimes fail to see the audit log and other I can to see the audit log in the RSA Envision.
the configuration in the Intrushield IPS M-6050
the configuration in Message Preference : Customized
$IV_AUDIT_ACTION$ $IV_AUDIT_RESULT$ $IV_AUDIT_MESSAGE$ $IV_AUDIT_USER$
Why is presenting this type of behavior to send the audit logs?
Is there a problem with the configuration of the audit notification in the M-6050?
Thanks a lot of !!
are there any errors on the ems.log?
If syslog forwarding is successful you will see entries of the type:
INFO [Syslog] iv.syslog.Syslog4JClient - Syslog sent successfully from UDP