Configuring Proofpoint Enterprise Protection and Enterprise Privacy DSM to communicate with IBM QRadar

To collect all audit logs and system events from your Proofpoint Enterprise Protection and Enterprise Privacy DSM, you must add a destination that specifies IBM QRadar as the Syslog server.


  1. Log in to the Proofpoint Enterprise interface.
  2. Click Logs and Reports.
  3. Click Log Settings.
  4. From the Remote Log Settings pane, configure the following options to enable Syslog communication:
    1. Select Syslog as the communication protocol.
  5. Type the IP address of the QRadar Console or Event Collector.
  6. In the Port field, type 514 as the port number for Syslog communication.
  7. From the Syslog Filter Enable list, select On.
  8. From the Facility list, select local1.
  9. From the Level list, select Information.
  10. From the Syslog MTA Enable list, select On.
  11. Click Save