000029664 - ProofPoint 7.5 logs are not being parsed correctly in RSA Security Analytics

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029664
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Decoder, Security Analytics UI
RSA Version/Condition: 10.3.x, 10.4.x
Platform: CentOS
O/S Version: EL6
IssueLogs from Proofpoint version 7.5 and above that are consumed by a Security Analytics log decoder are not being parsed correctly by the proofpoint log parser.
The device.type meta for the logs is labeled as "unknown" in the Security Analytics UI.
CauseAt this time the proofpoint log parser does not support logs from Proofpoint 7.5 and above.
ResolutionAn updated log parser is scheduled to be released as part of ESU #78 during the first week of March, 2015.