About forwarding events, application messages and audit entries to recipient systems

You can configure forwarding of events, application messages, or audit entries (hereinafter also referred to as "registered notifications") to a recipient system by using connectors. For the system types of connectors named Syslog, SIEM and Email, the capability to forward registered notifications is enabled by default. When using custom types of connectors, this capability is available depending on the settings defined for the specific type of connector.

The settings for forwarding registered notifications are configured for each connector individually. When configuring event types, you can select the relevant event types to forward via connectors. When creating a connector or changing its settings, you can enable or disable forwarding of all application messages and all audit entries through this connector.

Some types of connectors provide the capability to limit the volume of transmitted data. This limit is applied for a 24-hour period starting at 0:00 hours in the time zone of the Server. You can set a limit on the volume of transmitted data for the following system types of connectors:

• Email. For this type of connector, you can define the maximum number of email messages regarding new registered notifications and the maximum number of registered notifications in each message. If the maximum number of email messages has been sent, message recipients receive one more message notifying them that the maximum number has been exceeded. After this, new messages will not be sent until the end of the current day.
• Kaspersky Security Center Connector. For this type of connector, you can define the maximum number of registered notifications that can be forwarded. If the number of registered notifications exceeds this maximum number, the excess notifications registered before the end of the current day are not sent to Kaspersky Security Center.

Events containing information about multiple network interactions are specially forwarded as follows. Each of these events is considered as one item when forwarded through the connector. However, when it is being forwarded, the event is converted into multiple registered notifications, with each notification representing one network interaction. For this reason, the list of registered notifications for a connector may contain more notifications than defined by the setting that determines the maximum number of notifications.

The contents and order of information about registered notifications forwarded through Syslog and SIEM connectors may differ from the contents and order of information displayed on pages of the Kaspersky Industrial CyberSecurity for Networks web interface.

Email messages forwarded through an Email connector are generated separately for each type of registered notification. In other words, separate email messages are generated to forward events, application messages, and audit entries.

Page top