The Log sink has been set to push audit logs to a syslog server. The hostname of the syslog server has been used in the configuration.
The following procedure was used.
Use Case/Problem: The ip address of the syslog server changed and the dns was updated. The gateway still sends the syslog to the old ip address.
Checking the name resolution before sending the log message is a huge task. This would mean, that before sending every log message, there should be a check on the name resolution. This would put a heavy load on the network as there may be several logs sent every second. By default even syslog is set as UDP.
Gateway is working as designed. The gateway does not check for ip address change every time there it sends out a syslog. The gateway service has to be restarted for the dns to be checked.