( subtype eq syslog ) and ( severity eq high )
( eventid eq syslog-conn-status ) and ( description contains 'Syslog connection failed to server[\'AF_INET.192.168.1.1:514.\']' )
( eventid eq syslog-conn-status ) and ( description contains 'Syslog connection established to server[\'AF_INET.192.168.1.1:5515.\']' )