Symptom

When user adds certs to the audit log configuration page, they may not receive traffic on one of their syslog servers if they are using multiple, as audit log configuration does not support multiple ca.pem files being uploaded.

Conditions

This is guaranteed to happen if the customer is setting up multiple syslog hosts for TLS for the first time

Workaround

In the FMC cli, go to /etc/ssl/ and create a file(s) to put the contents of ca.pem of the syslog servers. Once you have done that, you need to create a symbolic link for the file or files if you are setting up multiple syslog hosts. For this example lets pretend we have create a file called syslog-ca.pem in /etc/ssl/ directory of the FMC To create a symbolic link you would need to run ln -s syslog-ca.pem "$(openssl x509 -noout -subject_hash -in syslog-ca.pem).0" once you run this command run ls -la and ensure there is a hash that the hash pointing to syslog-ca.pem When doing this workaround, note that in audit log configuration you must put all the certificates you will be using in certificate chain

Further Problem Description