To configure syslog-ng on SynetoOS to send the audit logs to an external collector, perform the following actions:

1. Login to SynetoOS as "admin" over SSH or VMware display console using current password and type to Activate unsupported shell and get SuperUser privileges:

un sh
sudo su -

2. Edit /usr/share/syslog-ng/include/scl/syneto/plugin.conf 

Create a new destination entry for the remote host, you can give the destination any name - change the “remote” name. You can use either udp (default) or tcp.

destination remote { network("ip_address_of_host" transport("udp") port(port_number)); };

eg: destination remote { network("" transport("udp") port(514)); };

3. Find the row log { source(s_local); filter(f_audit); destination(d_audit); flags(final); };

4. Add this new entry

log { source(s_local); filter(f_audit); destination(remote);};

before the row 

{ source(s_local); filter(f_audit); destination(d_audit); flags(final); };

5. Save the file and restart the service as "root" using:

svcadm restart svc:/system/syslog-ng:default