Wec type

Settings for a connector of the wec type are described in the following tables.

Basic settings tab

Setting	Description
Name	Unique name of the resource. Maximum length of the name: 128 Unicode characters. Required setting.
Tenant	The name of the tenant that owns the resource. Required setting.
Type	Connector type. You need to select wec. Required setting.
URL	URL of the collector that you created to receive data using Windows Event Collector, for example, `kuma-collector.example.com:7221`. When a collector is created, an agent is automatically created that will get data on the remote device and forward it to the collector service. If you know which server the collector service will be installed on, the URL is known in advance. You can enter the URL of the collector in the URL field after completing the installation wizard. To do so, you first need to copy the URL of the collector in the Resources → Active services section. Required setting.
Description	Description of the resource. Maximum length of the description: 4000 Unicode characters.
Windows logs	The names of the Windows logs that you want to get. By default, the drop-down list includes only preconfigured logs, but you can add custom log to the list. To do so, enter the names of the custom logs in the Windows logs field, then press `ENTER`. KUMA service and resource configurations may require additional changes in order to process custom logs correctly. Preconfigured logs: Application ForwardedEvents Security System HardwareEvents If the name of at least one log is specified incorrectly, the agent using the connector does not receive events from any log, even if the names of other logs are correct.

Advanced settings tab

Setting	Description
Character encoding	Character encoding. The default value is `UTF-8`.
Debug	Resource logging. The toggle switch is turned off by default.
TLS mode	TLS encryption mode. Available values: Disabled means TLS encryption is not used. The default value. Enabled means TLS encryption is used, but certificates are not verified. With verification means TLS encryption is used with verification of the certificate signed with the KUMA root certificate. The root certificate and key of KUMA are created automatically during application installation and are stored on the KUMA Core server in the folder /opt/kaspersky/kuma/core/certificates/. When using TLS encryption, you cannot specify an IP address as the URL.
Compression	Using Snappy compression. Available values: Disabled. The default value. Use Snappy.

If you edit a connector of this type, the TLS mode and Compression settings are visible and available on the connector resource as well as the collector. If you are using a connector of this type on a collector, the values of TLS mode and Compression settings are sent to the destination of automatically created agents.

To start the KUMA agent on the remote device, you must use a service account with the “Log on as a service” permissions. To receive events from the operating system log, the service user account must also have Event Log Readers permissions.

You can create one user account with “Log on as a service” and “Event Log Readers” permissions, and then use a group policy to extend the rights of this account to read the logs to all servers and workstations in the domain.

We recommend that you disable interactive logon for the service account.

Page top