Using the SecurID Access Solution Architecture Workbook you are given the guidance to enter the Syslog server for each cluster (SSO Agent HA with HA Standby). However, in the admin console you are only given the option for a global setting over all clusters under Platform->Audit Logging.
It would seem that you can only forward syslog events to one server no matter where those IDR servers may live. Is this true? Why can you not specify the syslog server per cluster or IDR server? Can this be overridden?
My example is we have a cluster in location X and a cluster in Location Y. However, it looks like I am forced to send all syslogs to the syslog server in location y rather then have location X send to the syslog server in location X.