I have a requirement to integrate Solaris 11 with ArcSight. Below are the list of configs. I have done so far,
1. On Solaris server, edited syslog.conf and added syslog connector IP.
2. No iptables enabled on the server.
3. UDP Port 514 is open on the firewall.
Still I am not getting any logs from the Solaris server to the ArcSight agent server.
Would appreciate if anyone can share the steps they have used to configure Solaris 11 server to send the logs to ArcSight.