After enabling syslog reporting, no events from Advanced Threat Protection (ATP) are seen on the syslog server. Running the "test_syslog" command, however, does produce a syslog entry.

ArrayIndexOutOfBoundsException is seen in the central_manager.log.

The incident_loger.conf file is found to be empty.

Symantec Advanced Threat Protection 2.0.3

This issue is fixed in Advanced Threat Protection 2.3.  For information on how to obtain the latest build of Symantec's ATP, see Symantec™ Advanced Threat Protection 3.0 Upgrade Guide.