Syslog Configuration on Kaspersky

You are here:
< Back

Syslog configuration on Kaspersky

This article explain how to configure Kaspersky to send log to SGBox using CEF protocol.

Requirements

Log in to your Kaspersky Security Center console, from Administration Server select Events.

Select Configure notification and event export and select the Siem configuration type

On Export Events selecti the CEF format (ArcSight CEF format), and put the SGBox IP, protocol and port.

Choose the type of endpoint events that will be sent to the Siem from: Administration Server > Managed devices > Policies.
Select the policy then Properties > Event configuration

You can also choose the Server events that will be forwarded to the Siem from: Administration Server > Server Properties > Event configuration