Advance Threat Protection (ATP) logs are coming in with the hostname of “localhost”, syslog-ng is not logging these logs to the correct location.
Article Id:
170121
Status:
Published
Updated On:
11-09-2017 10:03
Legacy Id:
TECH247530
Products:
Advanced Threat Protection Platform
Issue/Introduction:
ATP logs have the "localhost". When sending logs from ATP to syslog-ng, they are not getting logged in the correct location.
Resolution:
"Symantec is aware of this issue and will update this document when a solution becomes available. It is not necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates."