I want VyOS to send firewall logs only to a remote host and not log locally.
Currently my configuration is as follows and also tried ‘emerg’ for global facilties and deleting global lines altogether:
set firewall ipv4 input filter rule 10 log-options level 'info'
set firewall ipv4 output filter rule 10 log-options level 'info'
set system syslog global facility all level 'err'
set system syslog global facility kern level 'crit'
set system syslog host log-collector.host facility all level 'info'
set system syslog host log-collector.host format octet-counted
set system syslog host log-collector.host port '1515'
set system syslog host log-collector.host protocol 'tcp'
but when I do “show log 10”, I can still see:
Oct 01 11:08:26 kernel: [ipv4-INP-filter-10-A]...
Oct 01 11:08:26 kernel: [ipv4-OUT-filter-10-A]...
Why and is it even possible to not log these locally?
I have never encountered any device that only logs remote and never locally.
Normally the local log is mandatory (for entries that creates a log entry) and then its optional if you want to forward any of the locally created logs to one or more remote syslogservers.
What the usecase/purpose of NOT log locally but only remote?
