Click here to expand

    Adding Forcepoint devices to EventLog Analyzer

    For EventLog Analyzer to collect logs from Forcepoint devices, log forwarding has to be enabled in the Forcepoint NGFW Security Management Center.

    1. From the Security Management Console go to
      Configuration > Network Elements > Servers > Log Server
    2. Right-click on Log Server and select Properties. The Log Server - Properties pop-up will open.
    3. Click on Add. The following fields have to be filled with the information below.
    4. Enter the hostname or IP address of the EventLog Analyzer server.
    5. Enter port numbers 513 for TCP and 514 for UDP.
    6. Select the CEF format in log format.
    7. Select the Log Forwarding tab and click on OK.

    Forwarding Forcepoint Audit Logs.

    1. From the Security Management Console go to
      Configuration > Network Elements > Servers > Log Server
    2. Right-click on Management Server and select Properties. The Log Server - Properties pop-up will open.
    3. Click on Add. The following fields have to be filled with the information below.
    4. Enter the hostname or IP address of the EventLog Analyzer server.
    5. Enter port numbers 513 for TCP and 514 for UDP.
    6. Select the CEF format in log format.
    7. Select Audit Forwarding and click on OK.

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       
    Get download link