Now that we have figured out how to receive syslogs remotely (tunneling through NAT with l2tp).. I am noticing that only a small portion of log data is being reported.
I have been using BSD so that I can prefix logs into SUBDIR/name.info (etc) otherwise all the logs from 30 devices dump into the same spot.
I cannot use the sorting features of rsyslog because the IP's from the routers are natted and change all day long.
What I do not understand is whether the Facility 3 (daemon) is the issue with not getting all of the log data or if it has to do with the logging rules that we have setup.
I get nothing about reboots, watchdog, or lte1 going down/up, or any of the other log data that shows up in memory under the same categories.
I have tried setting the facility lower/higher (kern, user, etc) and setting the severity lower/higher to no avail.
Any help would be greatly appreciated.