Remote syslog just sends the contents of syslog itself to the remote server; in this case, you're sending any events written to syslog about the sending of alerts.

You'll want to set up alert forwarding through ETM Dashboard if you want alerts to go to recipients other than the admin account(s) and to be delivered by methods aside of email: Creating an alert rule from an event

That makes a lot of sense, thanks for clearing that up.

Does the ETM Dashboard Alert Forwarding allow remote syslog? We're trying to capture all of the alert data into our SOC platform which utilizes syslog. We can create the rules inside of the appliance itself and have done so before, but the limitations with no Importing/Exporting said Syslog Rules makes this a tedious process across our 100+ active devices.

Unfortunately not; they're two different things. The alerts that get forwarded through ETM Dashboard are the same as the alerts the NG Firewall itself can send, plus a few more conditions relative to ETM Dashboard itself (subscription changes, remote access connections, &c.).

A backup/restore would include rsyslog rules, if you were setting up a new appliance that'd never been used before. That could certainly save time for future deployments, but doesn't help you with existing ones.

There's a suggestion to add this capability in our Feedback site here: https://untanglengfirewall.featureup...-import-export
It's worth upvoting/supporting, as that site is monitored by our Product Management folks and is the closest thing to a direct line to them.

Thanks for the response, we put in a request for this.

This is our request