Hi, I am trying to send syslog formatted DoS events to a remote server. I proceeded as follows:
I created syslog pool, which contains one member listening on x.x.x.x:6514. The pool is completely accessible, UDP monitoring is green
I created HSL log destination with pool from step 1.; protocol - UDP; Distribution - adaptive. Then I created another log destination with syslog format and with forwarding to the created HSL log destination
Next, I created a log publisher, which contains only "syslog log destination"
At the last, in Security Event logs I created a new logging profile where I enabled "DoS protection" and set remote publisher to publisher created in the 3. step
When I generate some test DoS attack (via hping), I see this attack at the DoS real-time dashboard, but none event is sent to the remote syslog server (verified by tcpdump). What confuses me is that I don't see any DoS events in DoS event logs neither. Am I missing something?