Kaspersky Security Center Linux allows configuring event export to SIEM systems by one of the following methods: export to any SIEM system that uses Syslog format or export of events to SIEM systems directly from the Kaspersky Security Center database. When you complete this scenario, Administration Server sends events to a SIEM system automatically.
Prerequisites
Before you start configuration export of events in the Kaspersky Security Center Linux:
You can perform the steps of this scenario in any order.
The process of export of events to a SIEM system consists of the following steps:
How-to instructions: Configuring event export in a SIEM system
Mark which events you want to export to the SIEM system. First, mark the general events that occur in all managed Kaspersky applications. Then, you can mark the events for specific managed Kaspersky applications.
You can export events by using one of the following methods:
Results
After configuring export of events to a SIEM system you can view export results if you selected events which you want to export.