After enabling syslog reporting, no events from Advanced Threat Protection (ATP) are seen on the syslog server. Running the "test_syslog" command, however, does produce a syslog entry.
ArrayIndexOutOfBoundsException is seen in the central_manager.log.
The incident_loger.conf file is found to be empty.
This issue is fixed in Advanced Threat Protection 2.3. For information on how to obtain the latest build of Symantec's ATP, see Symantec™ Advanced Threat Protection 3.0 Upgrade Guide.