Forwarding to a SIEM not working.

Forwarding had worked for years and suddenly stopped.

Error: <Intrust Server> none of 0 processed events forwarded.

Troubleshooting steps so far:

  • Verified enough space on volume
  • Disabled forwarding on repository, re-enabled
  • Deleted and re-created collection
  • Tried different SIEM IP addresses
  • Upgraded application to 11.6
  • Created new repository
  • Deleted forwarding queue
  • Verified firewall was open
  • Verified events were being collected to the repository
  • Verified no forwarding with Wireshark
  • Verified no forwarding with internal Network Team
  • Verified no data coming to SIEM from SecOps
  • Created brand new repository, events still not forwarding
Parents Reply Children
No Data