I am having this same issue. I added a display action and do see the message in the display, but it still is not being sent to SW. I can send test messages though. I have a capture running and can see the test message sent, but there is no attempt to send the actual syslog that is matched by the filter.
↧