I wondered if anyone could offer any assistance with an issue we are currently having. We placed an IP address from the same subnet on interface 2 of one of our SIEM receivers. It is configured to receive logs from a data source on the same subnet. The subnet is behind a firewall. We did not configure the receiver interface with a default gateway IP, because traffic does not need to be routed. The arp-cache in the receiver is populating with the mac from the data source, but traffic cannot get back to the datasource. the collector agent shows "receiver not connected" As you can imagine, all settings have been checked and rechecked. Can logs be sent via switchport, or layer 2?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.