$WorkDirectory /var/lib/rsyslog$ActionQueueFileName ForwardToSIEM$ActionQueueMaxDiskSpace 1g$ActionQueueSaveOnShutdown on$ActionQueueType LinkedList$ActionResumeRetryCount -1 local1.* @@IP:PORT
Where IP stands for a SIEM IP address, and PORT stands for the port that SIEM uses for receiving messages from syslog via TCP.
service rsyslog restart
The events will be sent to SIEM from now on.
We recommend that you make a snapshot of the file system of the virtual machine with Kaspersky Secure Mail Gateway before editing /etc/rsyslog.conf. Errors in the file may lead to machine's malfunction.
Release of antivirus database updates (required to protect your computer/server/mobile device)
Providing technical support over phone / web
Release of patches for the application (addressing detected bugs)
Please let us know how we can make this website more comfortable for you
Thank you for submitting your feedback. We will review your feedback shortly.
Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.
Your suggestions will help improve this article.