We have an external log collector and i have configured the Barracuda to send all logs to an external syslog server in the syslog streaming settings (all for everything). I see normal log data such as firewall accept/denies on our log server but I dont see the IPS alerts. I grabbed a packet capture to the syslog server on the firewall console and generated a portscan which generated a “IPS Warning (TCPIP Port or IP Address Scan) ID = 5000002 severity=3” event on the Threat Scan tab and saw the equivalent event on the event tab showing layer 3 (boxfw) class 3 (fireall) type 4000 (FW Port Scan Detected) but we did not see this event on the log collector and the event was not in the packet capture. Any thoughts on why that didn’t go out the syslog stream?
Thanks for any help!