How to configure sending information about events from Kaspersky Secure Mail Gateway to SIEM

 

Kaspersky Secure Mail Gateway

 
 
 

How to configure sending information about events from Kaspersky Secure Mail Gateway to SIEM

Back to "Settings"
Latest update: September 18, 2019 ID: 15249
 
 
 
 
The article concerns Kaspersky Secure Mail Gateway 1.1 Service Pack 1 Maintenance Release 2 (version 1.1.2.12).
 
 
 
 
  1. Set the format for sending the events. For instructions, see Online Help. Use Local1 as a Facility.
  2. Open the console of the Kaspersky Secure Mail Gateway virtual machine or connect to it via SSH.
  3. Go to Technical Support Mode.
  4. Specify the address and port for SIEM. At the end of the /etc/rsyslog.conf file, add the following lines:

$WorkDirectory /var/lib/rsyslog
$ActionQueueFileName ForwardToSIEM
$ActionQueueMaxDiskSpace 1g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1

local1.* @@IP:PORT

Where IP stands for a SIEM IP address, and PORT stands for the port that SIEM uses for receiving messages from syslog via TCP.

  1. Run the command:

service rsyslog restart

The events will be sent to SIEM from now on.

We recommend that you make a snapshot of the file system of the virtual machine with Kaspersky Secure Mail Gateway before editing /etc/rsyslog.conf. Errors in the file may lead to machine's malfunction.  

 
 
 
 
Was this information helpful?
Yes No
Thank you
 
 
 

Back to "Settings"
 
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK