1 Reply Latest reply on Dec 23, 2015 9:15 PM by andy777

    SIEM Problem with datasource

    layer0

      Hello

       

      We have a McAfee web gateway integrated to SIEM, but the we had to change the ip adress. After the change i don't see any data in the SIEM.

      Besided this, I see packets coming to the Receiver and i see the following.

       

      thirdparty.PNG

      Also when i run this command iptables –n –v –L|grep x.x.x.x, i don't see any firewall rules for this source.

       

      What can i do? do i have to create an iptables rules? i don't want to delete and create a new datasource because i will lose any historical data.

       

      Thanks