You can configure local system event logs to be sent from a Kaspersky NGFW device to an external syslog server. You can use the Kaspersky Unified Monitoring and Analysis Platform solution as a syslog server. You can use TCP, UDP, or TCP with TLS encryption to connect to the syslog server. TLS 1.2 and 1.3 are supported.
By default, local system event logs are not sent to a syslog server.
To configure local system event logs to be sent to an external syslog server using the syslog protocol:
In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
This opens the Policy tab.
In the System section, select System events.
Select the Connection to syslog server tab.
Set the Status toggle switch to On.
In the IPv4 address field, enter the IPv4 address of the syslog server.
In the Protocol field, select the protocol for connecting to the syslog server (TCP, UDP, or TCP with TLS encryption).
In the Port field, enter the port to be used to connect to the syslog server. The default port is 514.
If in the Protocol field, you selected TCP with TLS encryption, in the Server certificate field, click the Upload button to open a file selection window and select a certificate file. If the certificate cannot be uploaded, an error message is displayed with the reason why.
The certificate must satisfy the following requirements:
The file must be in text format (PEM).
The file must have the .pem extension.
The certificate must be valid. You cannot download an expired certificate or a certificate that has not yet become valid.
The Common name must be specified.
After the certificate is successfully uploaded, detailed information about this certificate is displayed.
Apply the OSMP policy changes by clicking the Commit and push button.
The connection to the syslog server is configured.