Publishing program events to a SIEM system

Support

Support for business applications

Kaspersky Security 8.0 for Linux Mail Server

August 21, 2023

ID 151504

Kaspersky Security 8 for Linux Mail Server can publish program events to a SIEM system that is already in use in your organization over the Syslog protocol.

A SIEM system (Security Information and Event Management) is a solution for managing information and events within an organization's security system.

Information about each program event is relayed as a separate syslog message in CEF format (hereinafter also referred to as a CEF message).

A CEF message containing event information is relayed immediately after the event occurs. Exceptions to this rule are classes of ScanLogic group events; CEF messages of these classes are relayed after email messages are processed by the ScanLogic module.

By default, export of CEF messages in the program is disabled.

In this Help section

Extracting the settings from Kaspersky Security 8 for Linux Mail Server to an XML file

Enabling export of events in CEF format

Content and properties of syslog messages in CEF format

Values of fields in the body of CEF messages for classes of Settings group events

Values of fields in the body of CEF messages for classes of Tasks group events

Values of fields in the body of CEF messages for classes of Import / Export Settings group events

Values of fields in the body of CEF messages for classes of Backup group events

Values of fields in the body of CEF messages for classes of Report group events

Values of fields in the body of CEF messages for classes of License group events

Values of fields in the body of CEF messages for classes of Rules group events