circle-info
Welcome to the new Logpoint documentation portal! Can’t find what you’re looking for?
Logpoint Documentationarrow-up-right
search

Troubleshooting

Common Issues and Solutions

chevron-rightInstallation Issues — Integration fails to installhashtag

  • Verify Logpoint version compatibility (v6.7.0 or later for Devices, v7.4.0 or later for log source template)

  • Check available disk space and system resources

  • Ensure proper administrative privileges

chevron-rightInstallation Issues — Integration not visible after installationhashtag

  • Refresh the browser and check under Settings >> System Settings >> Plugins

  • Restart Logpoint if necessary

chevron-rightConfiguration Issues — Cannot configure syslog forwarding on Proofpointhashtag

  • Verify you have administrative access to Proofpoint console

  • Ensure Logpoint IP address is reachable from Proofpoint services

  • Check firewall rules allow syslog traffic (typically UDP port 514)

  • Consult Proofpoint documentation for product-specific syslog configuration

chevron-rightConfiguration Issues — Wrong normalizer selectedhashtag

  • Use ProofpointCompiledNormalizer for general Proofpoint Email Protection logs

  • Use ProofpointTAPCompiledNormalizer specifically for Targeted Attack Protection (TAP) logs

  • Verify your Proofpoint deployment type matches the selected normalizer

chevron-rightConfiguration Issues — Processing policy configuration errorshashtag

  • Ensure normalization policy is created before processing policy

  • Verify the correct normalizer is selected in the normalization policy

  • Check that routing and enrichment policies are properly configured

chevron-rightData Ingestion Issues — No logs being ingestedhashtag

  • Verify Proofpoint service is configured to forward syslog to Logpoint

  • Check if syslog service is running on Proofpoint

  • Confirm syslog collector is active in Logpoint

  • Test network connectivity from Proofpoint to Logpoint

chevron-rightData Ingestion Issues — Incomplete log ingestionhashtag

  • Check routing criteria configuration - ensure it matches your Proofpoint log structure

  • Verify the correct normalizer (ProofpointCompiledNormalizer or ProofpointTAPCompiledNormalizer) is selected

  • Monitor collector logs for errors or warnings

chevron-rightData Ingestion Issues — Logs not normalized correctlyhashtag

  • Verify the appropriate Compiled Normalizer is selected in normalization policy

  • Ensure SyslogParser is selected as the parser

  • Check log format matches expected format (space-separated key-value pairs or JSON)

chevron-rightData Ingestion Issues — TAP-specific logs not parsing correctlyhashtag

  • Ensure ProofpointTAPCompiledNormalizer is used for TAP logs

  • Verify JSON format is correctly structured for TAP events

  • Check that both message events and click events are configured in Proofpoint TAP

chevron-rightDashboard and Analytics Issues — Dashboard widgets not displaying datahashtag

  • Verify repository selection matches where Proofpoint logs are stored

  • Check time range settings on dashboard

  • Confirm normalization is working correctly using search query: col_type = "proofpoint"

chevron-rightDashboard and Analytics Issues — TAP dashboards showing no datahashtag

  • Verify ProofpointTAPCompiledNormalizer is being used

  • Check if Proofpoint TAP is properly configured to send both message and click events

  • Ensure device timezone matches log source timezone

chevron-rightDashboard and Analytics Issues — Search template not workinghashtag

  • Verify correct repository is selected when updating parameters

  • Check that time range is set appropriately for your data

  • Ensure ProofpointTAPCompiledNormalizer is used for TAP search templates

chevron-rightDashboard and Analytics Issues — Missing threat information in dashboardshashtag

  • Verify that Proofpoint TAP is configured to send complete threat metadata

  • Check that threatsInfoMap fields are being parsed correctly

  • Ensure enrichment policies are properly applied

chevron-rightPerformance Issues — Slow query performancehashtag

  • Optimize queries by adding time range constraints

  • Use indexed fields in search queries where possible

  • Consider data retention policies to manage repository size

chevron-rightPerformance Issues — High resource usagehashtag

  • Monitor syslog collector resource consumption

  • Implement log filtering using routing criteria to reduce unnecessary data ingestion

  • Monitor and tune normalization policies

  • Consider separate repositories for TAP logs vs. general email logs

chevron-rightThreat Detection Issues — Threats not being detected in dashboardshashtag

  • Verify that threat classification fields are being parsed correctly

  • Check that threat_status field contains expected values (active, cleared, falsePositive)

  • Ensure spam_score, phish_score, and malware_score fields are populated

chevron-rightThreat Detection Issues — Click events not correlating with message eventshashtag

  • Verify both clicksPermitted and clicksBlocked events are being ingested

  • Check that messageID and threatID fields are consistent across events

  • Ensure proper time synchronization between Proofpoint and Logpoint

Last updated

Was this helpful?