I am looking for a way to log connections to a specific Vserver and send those logs to a syslog server. Steps I have taken:
1) Setup a new syslog server under syslog auditing -> Servers.
2) Create an Auding Message Action, log level set to Informational with the following expression - "Server: "+HTTP.REQ.HOSTNAME+" Client: "+CLIENT.IP.SRC+" VSERVER: "+ HTTP.REQ.LB_VSERVER.NAME + " RESPONSE_TIME "+HTTP.REQ.LB_VSERVER.RESPTIME
3) Created a responder policy, with Action as NOOP, Log action from step 2 and Expression as true.
4) Bound the at Responder Policy to the Vserver that I need connection information from.
I would think this would work, but the syslog server is not getting any logs. I ran nstcpdump.sh udp dst port 514 looking for anything going to my syslog server, and nothing was going to the syslog server. It only saw 127.0.0.1.514 traffic.
What am I missing?
TIA,
Keith