Yes, you can syslog. The only exeption is some of the error and audit logs cannot be syslogged because they are not managed by the rule sets. But anything that can be generated by the Log Handler can be syslogged, such as access_denied, or foundVirus, or some other custom criteria.
The Error handler rules have many examples of using the Syslog event.
Basiclly, the steps are:
Create the logLine string that you want to send.
Use the Syslog() event to send it.
Edit the rsyslog.conf file to specify what server to send it to.
Is there a way to choose a different facility for "access logs" ? For example "local2"
I guess that using daemon.info cannot guarantee that there will be only access logs. Some other programs may use this facility also. Unless the appliance has no other programs logging to daemon facility??
Web Gateway = Daemon.
So if you ensure that no other item is logged with a severity of Info, you can ensure that it is just the access log data.
Let me know if this helps.