With 2017.1 came the addition of Send to syslog server action in Alerting. I have set up a custom rule to include one of these actions and now would like help troubleshooting where the breakdown is between client to Logrhythm (syslog server). I can see the device received the correct ruleset and tested the action via a remote control session start/stop(custom rule I created). I see in the programdata\landesk\log folder on core that the AlertService.log is seeing the alert and also the realtime inventory and monitoring lists the alert in the Alert Log, but this is where I get stumped in the troubleshooting. What is the process from there? Is there any logs on the actual action handlers? Any port listening from the core to syslog server I should monitor? Any info or shared knowledge would be greatly appreciated.