Kaspersky Secure Mail Gateway

How to configure sending information about events from Kaspersky Secure Mail Gateway to SIEM

Latest update: 2019 Sep 16 ID: 15249

The article concerns Kaspersky Secure Mail Gateway 1.1 Service Pack 1 Maintenance Release 2 (version 1.1.2.12).

Set the format for sending the events. For instructions, see Online Help. Use Local1 as a Facility.
Open the console of the Kaspersky Secure Mail Gateway virtual machine or connect to it via SSH.
Go to Technical Support Mode.
Specify the address and port for SIEM. At the end of the /etc/rsyslog.conf file, add the following lines:

$WorkDirectory /var/lib/rsyslog
$ActionQueueFileName ForwardToSIEM
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1

local1.* @@IP:PORT

Where IP stands for a SIEM IP address, and PORT stands for the port that SIEM uses for receiving messages from syslog via TCP.

Run the command:

service rsyslog restart

The events will be sent to SIEM from now on.

We recommend that you make a snapshot of the file system of the virtual machine with Kaspersky Secure Mail Gateway before editing /etc/rsyslog.conf. Errors in the file may lead to machine's malfunction.

Was this information helpful?

Yes No

Back to "Settings"

Kaspersky Secure Mail Gateway

Status: Full Support

Database Update	Yes
Support	Yes
Error fix	Yes

Latest Version:

1.1.2.12

Commercial Release date:

27 October 2015

Latest version release date:

22 May 2018

What is this status?

Database Update
Release of antivirus database updates (required to protect your computer/server/mobile device)
Support
Providing technical support over phone / web
Error fix
Release of patches for the application (addressing detected bugs)

Documentation

Administrator Guide [.pdf, 3.4 MB]

License agreement

Download

ISO: ksmg-1.1.2-12.x86_64.iso [895.7 MB] Copy MD5 to clipboard

Ova for VMware ESX: ksmg-1.1.2-12.x86_64.ova [873.9 MB] Copy MD5 to clipboard

Additional Downloads

Patch А for version 1.1.2.12: ksmg-1.1.2.12-patch-os-security-june-2019.ktgz [109.7 МБ]
Updates for version 1.1.1.24 to version 1.1.2.12: upgrade_1.1.1.24_1.1.2-12.ktgz [248.1 МБ]

Packages for remote management

Application Control Plugin: klcfginst.msi [3.8 MB]

Kaspersky Secure Mail Gateway

Hardware and software requirements

The virtual machine image can be deployed on the following hypervisors:

VMware ESXi 5.5 Update 2
VMware ESXi 6.0
Microsoft Hyper-V Server 2012 R2

To support deployment of the Kaspersky Secure Mail Gateway image, the resources allocated for the virtual machine must meet the following requirements:

E1000 network adapter
Free disk space – 100 GB or more
At least 4 GB of RAM
One quad-core processor

To run the web interface, one of the following browsers must be installed on the computer:

Mozilla Firefox version 59 and later
Internet Explorer version 11 and later
Google Chrome version 65 and later

Virtual machine scaling

Specified system requirements guarantee 10 messages per second with the message average size of 50 KB. To increase Kaspersky Secure Mail Gateway performance it is recommended to increase virtual machine parameters or deploy several virtual machine images, distributing the load between them.

Kaspersky Secure Mail Gateway

How to configure sending information about events from Kaspersky Secure Mail Gateway to SIEM

Kaspersky Secure Mail Gateway