Now I' m really confused, we have 2 screen shots 10.0.17 and 10.0.14 .94 which is it?
Now to diagnose this, we need you double check port and ip_address. And provide the following;
show log syslogd filter
show log syslogd setting
show log memory
Next, set up a sniffer to list on the port that you have syslog running on < 15000 > ????
And then execute a logging event like a failed admin login or even easier execute a
diag test log
You should see a syslog packet generated and sent to the syslog.
i.e
FG200B1G02811942 # diag log test
generating a system event message with level - warning
generating an infected virus message with level - warning
generating a blocked virus message with level - warning
generating a URL block message with level - warning
generating a DLP message with level - warning
generating an attack detection message with level - warning
generating an application control IM message with level - information
generating an application control VOIP message with level - information
generating an antispam message with level - notification
generating an allowed traffic message with level - notice
generating a wanopt traffic log message with level - notification
generating a HA event message with level - warning