Click here to expand

    Adding Forcepoint devices to EventLog Analyzer

    For EventLog Analyzer to collect logs from Forcepoint devices, log forwarding has to be enabled in the Forcepoint NGFW Security Management Center.

    1. From the Security Management Console go to
      Configuration > Network Elements > Servers > Log Server
    2. Right-click on Log Server and select Properties. The Log Server - Properties pop-up will open.
    3. Click on Add. The following fields have to be filled with the information below.
    4. Enter the hostname or IP address of the EventLog Analyzer server.
    5. Enter port numbers 513 for TCP and 514 for UDP.
    6. Select the CEF format in log format.
    7. Select the Log Forwarding tab and click on OK.

    Forwarding Forcepoint Audit Logs.

    1. From the Security Management Console go to
      Configuration > Network Elements > Servers > Log Server
    2. Right-click on Management Server and select Properties. The Log Server - Properties pop-up will open.
    3. Click on Add. The following fields have to be filled with the information below.
    4. Enter the hostname or IP address of the EventLog Analyzer server.
    5. Enter port numbers 513 for TCP and 514 for UDP.
    6. Select the CEF format in log format.
    7. Select Audit Forwarding and click on OK.
    Get download link