The audit event log records events about general changes of the Kaspersky NGFW configuration. To log events, you need to configure a connection to a SIEM system and enable logging for the selected events.
SIEM system connection
To connect to a SIEM system:
In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
Select the Plugin settings → Audit events tab.
The Connection to SIEM tab is selected.
Set the Status toggle switch to On.
Enter the IPv4 address of the SIEM system collector and the port for connecting to the server in the corresponding fields. Port 5150 is specified by default.
Events can be transmitted only over UDP.
Click Save to save the connection settings.
Configuring logging
To configure logging to the audit event log:
In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
Select the Plugin settings → Audit events tab.
Select the Log settings tab.
Set the toggle switch to the On next to the events for which you want to enable logging and export to the SIEM system.