Advance Threat Protection (ATP) logs are coming in with the hostname of “localhost”, syslog-ng is not logging these logs to the correct location.

book

Article ID: 170121

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

ATP logs have the "localhost".  When sending logs from ATP to syslog-ng, they are not getting logged in the correct location.

Resolution

"Symantec is aware of this issue and will update this document when a solution becomes available. It is not necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates."