The gw-audit messages are seen in the log file due to the action-set not being configured correctly to send syslog.The following messages appear in the log:
Jul 18 12:05:04 imp_2 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,09199652542683944512,test
Jul 18 12:05:14 imp_2 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,16883339170579214213,test
Jul 18 12:05:14 imp_2 last message repeated 25 times
Jul 18 12:05:22 imp_1 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,16883339170579214213,test
Jul 18 12:05:22 imp_1 last message repeated 28 times
Jul 18 12:05:29 imp_2 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,16883339170579214213,test
Jul 18 12:05:29 imp_2 last message repeated 23 times
Jul 18 12:05:29 imp_1 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,16883339170579214213,test
Jul 18 12:05:33 imp_1 last message repeated 23 times
Jul 18 12:05:37 imp_2 gw-audit: 00000000000000000000,00993812025799991000,05584535067130038343,16883339170579214213,test
Jul 18 12:05:37 imp_2 last message repeated 12 times
The gw-audit log entries are logged consistently for the Imperva vap-group.
The issue occurs due to the Imperva application not sending syslog for Audit Info.
Review the action-set definitions to identify the action-set which is not configured correctly to send syslog, and enable syslog.
It is recommended to open a case with Imperva support, to discuss the issue and perform appropriate changes to resolve the issue.