After enabling syslog reporting, no events from Advanced Threat Protection (ATP) are seen on the syslog server. Running the "test_syslog" command, however, does produce a syslog entry.

ArrayIndexOutOfBoundsException is seen in the central_manager.log.

The incident_loger.conf file is found to be empty.

This issue is fixed in Advanced Threat Protection 2.3.  For information on how to obtain the latest build of Symantec's ATP, see Symantec™ Advanced Threat Protection 3.0 Upgrade Guide.