this is a great answer, thanks a lot!
I have 3 questions
- is it possible to use a specific port for the event logging?
::*> event notification destination create -syslog server01:1234 -name test
- is a good practise to forwarding audit logs (cluster log-forwarding create) & event logs (event notification destination create) to same server?
- what is the best practise for the setting the facility level?
*> cluster log-forwarding create -destination bla -port 514 -protocol udp-unencrypted -verify-server false -facility
kern user local0 local1 local2 local3 local4 local5 local6 local7