Okay, so I've tested in my virtual environment and that link you gave me has it spot on. It was logging every time the system ran the scheduled job to poll for syslog, and created a log. The fact that the local logging levels aren't carried over to remote logging is strange to me, but, I guess it makes sense to somebody. :) I did pretty much what the filter was in the link and it seems to be working right. so now when I do "tmsh list sys syslog all-properties", I get:
modify syslog {
auth-priv-from notice
auth-priv-to emerg
cron-from warning
cron-to emerg
daemon-from notice
daemon-to emerg
description none
include "
filter f_remote_loghost {
level(warn..emerg);
};
destination d_remote_loghost {
udp(\"xx.xx.xx.xx\" port(514));
};
log {
source(s_syslog_pipe);
filter(f_remote_loghost);
destination(d_remote_loghost);
};
"
iso-date disabled
kern-from notice
kern-to emerg
mail-from notice
mail-to emerg
messages-from notice
messages-to warning
remote-servers none
user-log-from notice
user-log-to emerg
}
without all of the unnecessary things coming through. Thanks very much for the help Nitass you are the best!!