Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

User guide

KUMA resources

Connectors

Connector settings

Wec type

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Wec type

April 8, 2024

ID 220752

Get as PDF

When creating this type of connector, you need to define values for the following settings:

  • Basic settings tab:
    • Name (required)—a unique name for this type of resource. Must contain 1 to 128 Unicode characters.
    • Tenant (required)—name of the tenant that owns the resource.
    • Type (required)—connector type, wec.
    • URL (required)—URL of the collector being created, for example: kuma-collector.example.com:7221.

      The creation of a collector for receiving data using Windows Event Collector results in the automatic creation of an agent that receives the necessary data on the remote device and forwards that data to the collector service. In the URL, you must specify the address of this collector. The URL is known in advance if you already know on which server you plan to install the service. However, this field can also be filled after the Installation Wizard is finished by copying the URL data from the ResourcesActive services section.

    • Description—resource description: up to 4,000 Unicode characters.
    • Windows logs (required)—Select the names of the Windows logs you want to retrieve from this drop-down list. By default, only preconfigured logs are displayed in the list, but you can add custom logs to the list by typing their name in the Windows logs field and then pressing ENTER. KUMA service and resource configurations may require additional changes in order to process custom logs correctly.

      Preconfigured logs:

      • Application
      • ForwardedEvents
      • Security
      • System
      • HardwareEvents

      If the name of at least one log is specified incorrectly, the agent using the connector does not receive events from any log, even if the names of other logs are correct.

  • Advanced settings tab:
    • Character encoding setting specifies character encoding. The default value is UTF-8.
    • Debug—a toggle switch that lets you specify whether resource logging must be enabled. By default, this toggle switch is in the Disabled position.

To start the KUMA agent on the remote device, you must use a service account with the “Log on as a service” permissions. To receive events from the operating system log, the service user account must also have Event Log Readers permissions.

You can create one user account with “Log on as a service” and “Event Log Readers” permissions, and then use a group policy to extend the rights of this account to read the logs to all servers and workstations in the domain.

We recommend that you disable interactive logon for the service account.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.