collector sniffing the packet signature not received. How to prove it is or not received not due to configuration
device A send both header & data to syslog server then SSIM. Using wireshark, i can still sniff the data contains source ip.
Can collector sniff the data packet signature under syslog director>director setting>its ip address?
I did a TCPdump -i interface ip host, i can't grab the source IP, i believe due to FW, its header has change. Is there other way to verify that this packet has been received by SSIM. I can't prove SSIM received the packet, since collector not able to grab any data concerning this ip.