I noticed the security logs that the Actiontec router is configured to email one of my servers are incomplete--I see more records using the web interface than are emailed. I have all INFO and all checkboxes checked. The router sends a security email approximately every ten minutes, but only the most recent 20-30 records are included. Adjusting the buffer size affects the records retained and visible via the web interface, but does not affect the records emailed. Has anybody else seen this behavior? Can it be remediated? I am concerned I am not getting crucial messages.
Well, I decided to look into local TELNET access via the secondary port since the SSL port 992 server doesn't like self-signed certs and there is no obvious way to add a trusted cert to the router (I open local ports only for as long as I am using them). The log subsystem's "print persistent syslog.info" produces a suitable stream so I may be able to setup a daemon to grab the records every minute or so and filter out any duplicates. Again, any help with this from knowledgable folks would be much appreciated, especially pointers to CLI documentation.