Following the upgrade to Messaging Gateway 10.9.2, remote syslog (Administration > Logs)  system and audit log traffic to a remote logging server or SIEM falls off signifcantly. Log data which should be relayed to the SIEM via syslog does not appear to be sent following the upgrade.

This appears to be due to changes in the rsyslogd server which is rate limiting remote syslog communication.

This issue is currently under investigation by Messaging Gateway product engineering.

Potential workaround

Reduce the log data sent to the remote syslog server in Administration > Logs > Remote as much as reasonably possible to ensure that the important information is sent before rate limits are applied. Individual organizations will need to decide which remote log traffic is critical.

If logging SMG audit log data remotely to a SIEM, Broadcom support recommends reducing all other remote logging to warning or error level to improve delivery of the more critical audit log data.