Hi,
I'm trying to setup log filtering when I only select the traffic coming from ACL match logs and firewall session to be only send to a syslog server but not anything else. So I don't want these messages showing in the buffer or console or monitor. I also don't want other messages to be send to that syslog server just %SEC and %FW.
So far this is what I did:
I created as Tcl script that will block any messages from %SEC and %FW facility and applied that script as a filter for monitor, console and buffer. That works for blocking the display of these messages, but the syslog server is still getting all of the other messages, which i would like to avoid.
For the last few day's i've been looking at Tcl and ESM, feel like i'm really close.
Thanks in advance for any help.