Syslog shows no events from Advanced Threat Protection

book

Article ID: 169813

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

After enabling syslog reporting, no events from Advanced Threat Protection (ATP) are seen on the syslog server. Running the "test_syslog" command, however, does produce a syslog entry.

ArrayIndexOutOfBoundsException is seen in the central_manager.log.

Cause

The incident_loger.conf file is found to be empty.

Environment

Symantec Advanced Threat Protection 2.0.3

 

Resolution

This issue is fixed in Advanced Threat Protection 2.3.  For information on how to obtain the latest build of Symantec's ATP, see Symantec™ Advanced Threat Protection 3.0 Upgrade Guide.