Forum Discussion
walid hegazy
Jan 23, 2019Copper Contributor
integration of ATA with Arcsight SIEM
We have configured all the settings to forward events through Syslog through port 514 and network access is also verified. But the events are not forwarding to arcsight SIEM.
EliOfek
Jan 23, 2019Microsoft
Are there any errors in the center logs that seems related?
I am guessing you are using UDP. if your SIEM supports it I would suggest for troubleshooting switching to TCP. in UDP, if there is a network blocker, We can't tell. for TCP we will generate errors in the logs.
Gerson Levitz
Jan 28, 2019Iron Contributor
Have you tested the connection with Arcsight? If yes, did Arcsight receive the test message?
There is a test button on the page you configure the settings to send the notifications to your SIEM.