I set up a Splunk server to index syslog messages from a SmartZone 100. I enabled syslogs in the Smartzone Web GUI and immediately started getting about 5000 messages per minute. This continues even if I set the minimum severity level to critical.
Example message:
...sshd[26692]: debug1: connect_next: host localhost ([127.0.0.1]:514) in progress, fd=8
It seems like it's sending debug messages and ignoring the log severity setting in the GUI. I have also tried setting this in the CLI but there was no difference in behavior.
Has anyone had a similar experience? At the current rate, I will exhaust my Splunk license. I need to be able to filter out these debug messages.