To use the Syslog Forwarder Tool:

1. During replication, create a rule called dlP TEST1.

   

   The rule contains the following:

   • Template

     

   • Channel

     

   • Action

     

2. Verify that DLP is enabled in the test OfficeScan (OSCE) agent.

   

3. In the Control Manager (TMCM) server web console, configure the syslog server information:
   1. Go to Administration > Event Center > General Event Settings.
   2. Under Syslog Settings, indicate the IP address of the syslog server. Set the server port to "514".

      

   3. Click Save.
4. In order to forward iDLP logs to the syslog server, use the LogForwarder tool:
   1. Navigate to the TMCM installation folder and run LogForwarder.exe.

      

   2. Set the syslog IP address port to "514".
   3. Configure your preferred frequency format under Log Forwarding Settings.

      

   4. Select "Data Loss Prevention" for "Logs to forward".
   5. Click Start.
   6. Click Yes for the Trend Micro Control Manager Log Forwarder to open a pop-up window.

      

5. Create a test iDLP file to generate the DLP violation.

   

   

6. Notice that the syslog server logged the DLP violation.

   

To know what DLP data are being sent to syslog server, please refer to the table below:

For more information, refer to: SIEM solutions integration with Control Manager (TMCM).