To collect all audit logs and system events from your Proofpoint Enterprise
Protection and Enterprise Privacy DSM, you must add a destination that specifies IBM®
QRadar® as the Syslog
server.
Procedure
- Log in to the Proofpoint Enterprise interface.
- Click Logs and Reports.
- Click Log Settings.
-
From the Remote Log Settings pane, configure the following options to
enable Syslog communication:
-
Select Syslog as the communication protocol.
-
Type the IP address of the QRadar
Console or Event Collector.
-
In the Port field, type 514 as the port number
for Syslog communication.
- From the Syslog Filter Enable list,
select On.
- From the Facility list, select local1.
- From the Level list, select Information.
- From the Syslog MTA Enable list,
select On.
- Click Save