Is it possible to set Log Exporter to only syslog admin audit logs and not traffic logs. I have seen within file:
/opt/CPrt-R80/log_exporter/targets/logrhythm/conf/log_indexer_settings.conf the setting :log_files (all)
(
:connections (
# :domain (
# :management (
# :name (127.0.0.1)
# :log_files (all)
# :is_local (true)
# :read_mode (CPMI)
# )
# :log_servers (
# : (
# :name (<management IP/Log Server IP>)
# :sic_name_client (<DN of the OPSEC Application Object>)
# :sic_name_server (<DN of the Mangement/Log Server>)
# :certificate_file (<Certificate File Name>)
# :read_mode (LEA)
# :log_files (all)
However the documentation is limited, and I can not be sure if this can be changed and to what value to send on admin audit logs.