Allow more actions when creating rules without been obligated to create an alert. Not all syslog and traps require an alert. In my specific case, as a government entity I'm required to forward all syslog events to my cyber-security team.
Yes, "Forward the entry" is missing in global rules. It's because this action is supported only for syslogs and traps but is not supported for windows events, vmware events and log messages. Global rules are processing all message types.
Solution for your request is to create syslog specific rule for forwarding.
Could you please clarify a little bit more what exactly is missing?
Because, when you are in Log viewer and you want to create Log Processing Rule for Syslog messages, there is an "Forward the entry" action on Actions tab. So you can configure processing rule that will forward all syslog messages to another system without triggering orion alert.
Or are you missing some specific action from alerting that is missing in rule creation?