We recently deployed several 6280 c-mode nodes. I would like to capture authentication activity from the console and other areas to a syslog server. I've configured the destination properly and can see very vanilla info (wafl snapshots for example) being sent to my syslog server. However, I cannot seem to find the right couple "routes" that will capture security related events. For example, I tried "kern.syslog.msg", hoping for items related to admins connecting to console.
Does anyone have an insight on this topic? I'd assume someone has needed to do this before.