Support

Support for business applications

Kaspersky Secure Mail Gateway

Publishing application events to a SIEM system

Kaspersky Secure Mail Gateway
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

Publishing application events to a SIEM system

July 3, 2024

ID 151504

KSMG can use the Syslog protocol to publish its events to a SIEM system that your organization is already using.

Information about each application event is relayed as a separate syslog message in the CEF format (hereinafter also referred to as a "CEF message").

A CEF message containing event information is relayed immediately after the event occurs. Exceptions to this rule are classes of ScanLogic group events; CEF messages of these classes are relayed after email messages are processed by the ScanLogic module.

By default, export of CEF messages from the application is disabled. You can configure the publication of events to a SIEM system and enable event export.

In this Help section

Configuring publication of application events to a SIEM system

Configuring export of events in CEF format

Content and properties of syslog messages in CEF format

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.