Marking general events for export in Syslog format

If you want to export events that occurred in all applications managed by a specific policy, mark the events to export in the policy. In this case, you cannot mark events for an individual managed application.

To mark general events for export to a SIEM system:

1. In the Kaspersky Security Center console tree, select the Policies node.
2. Right-click to open the context menu of the relevant policy and select Properties.
3. In the policy properties window that opens, select the Event configuration section.
4. In the list of events that appears, select one or several events that need to be exported to the SIEM system, and click the Properties button.

   If you need to select all events, click the Select all button.

5. In the event properties window that appears, select the Export to SIEM system using Syslog check box to mark the selected events for export in Syslog format. Unselect the Export to SIEM system using Syslog check box to unmark the selected events for export in Syslog format.

   

   Administration Server event properties window

6. Click OK to save the changes.
7. In the policy properties window, click OK.

The marked events will be sent to the SIEM system over the Syslog format. The events for which you unselected the Export to SIEM system using Syslog check box, will not be exported to a SIEM system. The export will start immediately after you enable automatic export and select the events to export. Configure the SIEM system to ensure that it can receive events from Kaspersky Security Center.

See also Scenario: configuring event export to SIEM systems

Page top