Anybody been able to forward from Kiwi to ArcSight? The security dept complain that the syslog message they are receiving cannot be read by Arcsight. Is there specific option to look for in the configuration? Special setup to do in Arcsight?
We use the Arcsight WMI pull feature not the log forwarder. It's all syslog I don't know why one would not be readable.
