Is it possible to configure syslog on a firewall with different messages going to different syslog receivers?
I would like to set up multiple firewall syslog receivers, each receiving a different level or class of messages. One syslog receiver is a workstation running network monitoring and alerting software. I want to send it only critical messages. A second syslog receiver is used to archive problems. I send it only warning messages and higher. I am considering MARS as a third syslog receiver. MARS wants all syslog messages at level debug and higher.
It would be helpful if the "logging host" command could differentiate message levels or message lists. The only alternative I can see is to send syslog messages at the lowest required level and then to filter out the messages at the receiver. Filtering out all the extra messages from a busy firewall will be strain on my existing syslog receivers.