Some customers prefer to send Data Loss Prevention (DLP) logs to a syslog server. Learn how to utilize the syslog forwarder tool to send Integrated Data Loss Prevention (iDLP) logs to syslog server.
To use the Syslog Forwarder Tool:
- During replication, create a rule called dlP TEST1.
The rule contains the following:
- Verify that DLP is enabled in the test OfficeScan (OSCE) agent.
- In the Control Manager (TMCM) server web console, configure the syslog server information:
- In order to forward iDLP logs to the syslog server, use the LogForwarder tool:
- Navigate to the TMCM installation folder and run LogForwarder.exe.
- Set the syslog IP address port to "514".
- Configure your preferred frequency format under Log Forwarding Settings.
- Select "Data Loss Prevention" for "Logs to forward".
- Click Start.
- Click Yes for the Trend Micro Control Manager Log Forwarder to open a pop-up window.
- Create a test iDLP file to generate the DLP violation.
- Notice that the syslog server logged the DLP violation.
To know what DLP data are being sent to syslog server, please refer to the table below:
For more information, refer to: SIEM solutions integration with Control Manager (TMCM).