Forwarding had worked for years and suddenly stopped.
Error: <Intrust Server> none of 0 processed events forwarded.
Troubleshooting steps so far:
- Verified enough space on volume
- Disabled forwarding on repository, re-enabled
- Deleted and re-created collection
- Tried different SIEM IP addresses
- Upgraded application to 11.6
- Created new repository
- Deleted forwarding queue
- Verified firewall was open
- Verified events were being collected to the repository
- Verified no forwarding with Wireshark
- Verified no forwarding with internal Network Team
- Verified no data coming to SIEM from SecOps
- Created brand new repository, events still not forwarding
