We have a server on an inside interface and need to log anything related to its TCP connections (build, teardown, etc.) to a syslog server.
I see how to do it by class, by message id, even by customer message list. However, I don't see where we can do this given a specific local ip address.
You can set up a rule in the syslog server to log anything with the IP adderss and TCP as keywords in the message ID and log it to a file (or whatever rule you want to assign it). Not sure which syslog server you're using, but I know you could do it with Kiwi.