This content has been marked as final. Show 2 replies
I wondered if anyone could offer any assistance with an issue we are currently having. We placed an IP address from the same subnet on interface 2 of one of our SIEM receivers. It is configured to receive logs from a data source on the same subnet. The subnet is behind a firewall. We did not configure the receiver interface with a default gateway IP, because traffic does not need to be routed. The arp-cache in the receiver is populating with the mac from the data source, but traffic cannot get back to the datasource. the collector agent shows "receiver not connected" As you can imagine, all settings have been checked and rechecked. Can logs be sent via switchport, or layer 2?