Proofpoint sendmail/ syslog

Hey there,

I am currently ingesting Proofpoint mail/ filter/ security, etc logs into our Rapid7 SIEM. I found though that I am unable to do a simple log search for say messages from & to a user as proofpoint/ sendmail breaks the whole process into individual lines. I was planning on using logstash to ingest these, grok them and then export as json. I wanted to check that this is possible with logstash. Is there a grok template availble for proofpoint logs so that I can ingest and group the messages together by SMTP ID and what is the best method to output these as JSON so that I can then ingest them into R7?
I will set up a test config and try ths out but any insight you guy can provide would be really helpful.

Cheers,
Jamesy

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.