Can I send only the "Most Recent User Activities" to a remote syslog? I don't want to collect all the radius_client, radius_server, cluster... information. Syslog server is solarwinds. I am running two ZD3000 Active/Stanby configuration.
I need the user information as part of my security logging.
You can send all messages to a syslog server and then filter for the ones you need. However looking at my last 10,000 (default) entries there are no "most recent user activities" entries.
Would expect they appear under "info" or "warning" headings but those seem to have few entries. It seems almost everything comes under the "error" and "debug" heading.
Then need to find the exact wording ruckus use for messages that relate to "most recent user activities" and text filter on that.
I'm using syslog watcher personal. In general the log entries tend to be pretty cryptic so don't expect plain english!
In very pragmatic terms if you log everything then you at least have the data to fulfill your security requirement even though you are collecting more than needed. Hmm.