Enabling automatic export of general events

Automatic event export using the LEEF and CEF protocols can be enabled in Kaspersky Security Center.

Only general events can be exported from managed applications over the CEF and LEEF protocols. Events that are specific for an application cannot be exported over the CEF and LEEF protocols. If you need to export events of managed applications or a custom set of events that has been configured using the policies of managed applications, export the events over the Syslog protocol.

To enable automatic export of events using the CEF, or LEEF protocol:

  1. In the Kaspersky Security Center console tree, select the Administration Server whose events you want to export.
  2. In the workspace of the selected Administration Server, click the Events tab.
  3. Click the drop-down arrow next to the Configure notifications and event export link and select Configure export to SIEM system in the drop-down list.

    Event properties window

    Administration Server workspace events tab

    The events properties window opens, displaying the Exporting events section.

  4. In the Exporting events section, specify the following export settings:

    Events export section

    Events export section of the event properties window

    • Automatically export events to SIEM system database
    • SIEM system
    • SIEM system server address
    • SIEM system server port
    • Protocol
  5. If you want to export to the SIEM system database the events that occurred after a specified date in the past, click the Export archive button and specify the start date for event export. By default, the event export starts immediately after you enable it.
  6. Click OK.

Automatic export of events will be enabled. The general events will automatically be exported to the external SIEM system.

Page top