We have a McAfee web gateway integrated to SIEM, but the we had to change the ip adress. After the change i don't see any data in the SIEM.
Besided this, I see packets coming to the Receiver and i see the following.
Also when i run this command iptables –n –v –L|grep x.x.x.x, i don't see any firewall rules for this source.
What can i do? do i have to create an iptables rules? i don't want to delete and create a new datasource because i will lose any historical data.
I recommend that you change the IP address of the data source back and then set it to disabled (uncheck parsing/logging). Then create a new datasource with the new IP address. That should allow a clean break without data loss. Thanks.