We have a pair of firewalls set to log to a syslog server. The primary is the only one that actually is logging to the syslog server. I know that by enabling "logging standby" it will cause the standby firewall to log, but it also causes double syslogs as the secondary ends up sending the same stuff as the primary. this is not an alternative. All we want is to capture any login attempts to the primary. someone could be hacking at it and we'd never know because the syslogs don't send any info on it. Anyone have a way around this?
I have this problem too.