You can verify your current Syslog settings using:
cluster log-forwarding show
You can have up to 10 Syslog destinations and port, using a similar command:
cluster log-forwarding create -destination <ip-address> -port <port> -facility <facility>
cluster log-forwarding create -destination 100.64.1.1 -port 514 -facility user
cluster log-forwarding create -destination 100.64.1.1 -port 6666 -facility user
cluster log-forwarding create -destination 100.64.1.1 -port 7777 -protocol tcp-unencrypted -facility user
cluster log-forwarding create -destination 100.64.1.1 -port 8888 -protocol tcp-encrypted -facility user
or use cluster log-forwarding modify command (to change an existing setting)
Which end up looking like:
100.64.1.1 514 UDP-UNENCRYPTED
100.64.1.1 6666 UDP-UNENCRYPTED
100.64.1.1 7777 UDP-UNENCRYPTED
100.64.1.1 8888 TCP-ENCRYPTED
If you have not set-up you Syslog server and it is not currently accepting connections on the random port, you can use the -force flag to skip server connectivity verification.
Your welcome and you are correct,
Messages would be the event notification and event notification destination show/create/ modify.
In the past, it was not possible to use a non-standard port other than UDP 514 for event messages without a hack, which may not be supported. Re: KB FA1163
Will look into if this has changed or if you can add the port using ":8888" for example. Thanks.