I have a distributed environment. We send proofpoint logs via syslog. We have contacted proofpoint support and they say that the logs are being sent to the syslog server. I am using TCP 6514 to send these logs. Why do I not see the logs being populated in Splunk? It seems to be missing different modules. A key module missing is the AV module. We have a paid license for these logs from Proofpoint. Has anyone experienced this issue?
↧