Syslog configuration on Kaspersky
This article explain how to configure Kaspersky to send log to SGBox using CEF protocol.
- SGBox 5.2.2
- Valid Kaspersky license for export CEF/LEEF logs https://support.kaspersky.com/KSC/12/en-US/151330.htm.
Log in to your Kaspersky Security Center console, from Administration Server select Events.
Select Configure notification and event export and select the Siem configuration type
On Export Events selecti the CEF format (ArcSight CEF format), and put the SGBox IP, protocol and port.
Choose the type of endpoint events that will be sent to the Siem from: Administration Server > Managed devices > Policies.
Select the policy then Properties > Event configuration
You can also choose the Server events that will be forwarded to the Siem from: Administration Server > Server Properties > Event configuration