Table of Contents:
This topic describes the steps to configure Syslog for the Proofpoint Threat Response.
Prerequisites
- Administrator login credentials.
Configuring Syslog on Proofpoint Threat Response
1. Sign in to the Threat Response Appliance Management Console using https://trap-server-name.yourdomain:8080
2. Navigate to the Monitoring tab > select Logging.
3. Configure the following fields:
- Minimum Severity log level: Choose the appropriate severity level from the drop-down menu.
- Server name or IP address: Forwarder IP Address
- Port: 21669
- Protocol: TCP or UDP
Add the below collector in the configuration file of a forwarder to get logs from Proofpoint Threat Response.
--------------------
- syslog:
common:
enabled: true
data_type: PROOFPOINT_TRAP
data_hint:
batch_n_seconds: 10
batch_n_bytes: 1048576
tcp_address: 0.0.0.0:21669
udp_address: 0.0.0.0:21669
Comments
0 comments
Please sign in to leave a comment.