Hi All, Currently we are facing a problem in getting the Symantec ATP logs from heavy forwarder to the indexer instances, we have configured Symantec ATP logs to be collected via http event collector using “our Company ATP” setting configured in test01 heavy forwarder instances.
**Exact Problem**: Unable to get the Symantec ATP logs from Heavy forwarder to the indexer instances, but getting the data from ATP host to the Heavy forwarder instances.
From ATP host 10.x.x.x the data is reaching the Heavy Forwarder instance, we had confirmed by executing the below command in the HF instance, we are getting the data.
tcpdump -nvvA host 10.x.x.x
When the same tcpdump –nvvA host 10.x.x.x was executed from Indexer instance we are not getting the data.
Kindly guide me from where to start the investigating this issue, in order to fix the issue.
Thanks in advance
↧