Send firewall logs only to remote host

I want VyOS to send firewall logs only to a remote host and not log locally.

Currently my configuration is as follows and also tried ‘emerg’ for global facilties and deleting global lines altogether:

set firewall ipv4 input filter rule 10 log-options level 'info'
set firewall ipv4 output filter rule 10 log-options level 'info'
set system syslog global facility all level 'err'
set system syslog global facility kern level 'crit'
set system syslog host log-collector.host facility all level 'info'
set system syslog host log-collector.host format octet-counted
set system syslog host log-collector.host port '1515'
set system syslog host log-collector.host protocol 'tcp'

but when I do “show log 10”, I can still see:

Oct 01 11:08:26 kernel: [ipv4-INP-filter-10-A]...
Oct 01 11:08:26 kernel: [ipv4-OUT-filter-10-A]...

Why and is it even possible to not log these locally?

I have never encountered any device that only logs remote and never locally.

Normally the local log is mandatory (for entries that creates a log entry) and then its optional if you want to forward any of the locally created logs to one or more remote syslogservers.

What the usecase/purpose of NOT log locally but only remote?

What the usecase/purpose of NOT log locally but only remote?

We don’t want to waste CPU and IO on writing them locally, when we are logging enormous amounts of traffic while we do not access those logs locally.

Currently seeing very high use by the following processes and would like to reduce it significantly:

This is something I’ve been asked to do before as well, but it’s not currently possible in VyOS.

CPU cycles will be wasted to create the log itself that will be sent remote.

Dumping the already created data on the disk doesnt consume many CPU cycles.

You could probably alter the rsyslog or if its syslog-ng config through bash whats being used to filter out what you choose to log locally.