Marking events of a Kaspersky application for export in the Syslog format

If you want to export events that occurred in a specific managed application installed on the managed devices, mark the events for export in the application policy. In this case, the marked events are exported from all of the devices included in the policy scope.

To mark events for export for a specific managed application:

  1. In the main menu, go to Assets (Devices)Policies & profiles.
  2. Click the policy of the application for which you want to mark events.

    The policy settings window opens.

  3. Go to the Event configuration section.
  4. Select the check boxes next to the events that you want to export to a SIEM system.
  5. Click the Mark for export to SIEM system by using Syslog button.

    You can also mark an event for export to a SIEM system in the Event registration section, which opens by clicking the link of the event.

  6. A check mark () appears in the Syslog column of the event or events that you marked for export to the SIEM system.
  7. Click the Save button.

The marked events from the managed application are ready to be exported to a SIEM system.

You can mark which events to export to a SIEM system for a specific managed device. If previously exported events were marked in an application policy, you will not be able to redefine the marked events for a managed device.

To mark events for export for a managed device:

  1. In the main menu, go to Assets (Devices)Managed devices.

    The list of managed devices is displayed.

  2. Click the link with the name of the required device in the list of managed devices.

    The properties window of the selected device is displayed.

  3. Go to the Applications section.
  4. Click the link with the name of the required application in the list of applications.
  5. Go to the Event configuration section.
  6. Select the check boxes next to the events that you want to export to SIEM.
  7. Click the Mark for export to SIEM system by using Syslog button.

    Also, you can mark an event for export to a SIEM system in the Event registration section, that opens by clicking the link of the event.

  8. A check mark () appears in the Syslog column of the event or events that you marked for export to the SIEM system.

From now on, Administration Server sends the marked events to the SIEM system if export to the SIEM system is configured.

See also:

About events in Kaspersky Security Center

Page top