This seems to be a Buisness application, opposed to the Consumer Product. Could you kindly apprise us as to the actual application you are running, So as we can Appropiately (Move) to an area that will best serve you?
McAfee Volunteer Moderator
( Consumer Products)
Application is Enterprise Security Manager 9.4.2
Moved to Enterprise Security Manager for (Siem) if not the appropriate area, Please apprise.
First off, you want all your syslogs to point at the shared IP versus the management IP which is used for the ESM communication. I have not checked into 9.4.2 menus for auto learn functions but you should not have to select or define a receiver IP address. If you are, post the screenshots that got you to that point.
I wouldn't also advise to not auto-learn.
Not for any technical reason, but rather to focus on the results of what you are looking for as opposed to trying get as much data as possible into the SIEM and then seeing what you can find.
Hope this helps