Archiving a subset of logs

Version: 9.6 about to upgrade to 9.8.1

We have a handful of SonicWALL firewalls that send all messages (Debug to Emergency) to the Syslog server for compliance only. We use GMS/NSM for alerting.

We just completed out first audit and learned that we do not need to keep all of these messages for long-term compliance. I want to trim the logs to only Critical, Alert and Emergency messages and then archive the logfile. I looked at AutoSplit but it seems to only take one priority at a time. I need to have all three in one log.

Has anyone else conquered this?

Cheers!

Greg

Parents Reply Children
No Data