Marking events of a Kaspersky application for export in Syslog format
Nov 27, 2023
If you want to export events that occurred in an individual managed application installed on a managed device, mark the events for export for the application. If previously exported events were marked in the policy, you will not be able to redefine the marked events for an individual application managed by this policy.
To mark the events for export for an individual managed application:
- In the Kaspersky Security Center console tree, select the Managed devices node and go to the Devices tab.
- Right-click to open the context menu of the relevant device and select Properties.
- In the device properties window that opens, select the Applications section.
- In the list of applications that appears, select the application whose events you need to export and click the Properties button.
- In the application properties window, select the Event configuration section.
- In the list of events that appears, select one or several events that need to be exported to the SIEM system, and click the Properties button.
- In the event properties window that appears, select the Export to SIEM system using Syslog check box to mark the selected events for export in Syslog format. Clear the Export to SIEM system using Syslog check box to unmark the selected events for export in Syslog format.
If event properties are defined in a policy, the fields of this window cannot be edited.
Event properties window
- Click OK to save the changes.
- Click OK in the application properties window and in the device properties window.
The marked events will be sent to the SIEM system over the Syslog format. The events for which you unselected the Export to SIEM system using Syslog check box, will not be exported to a SIEM system. The export will start immediately after you enable automatic export and select the events to export. Configure the SIEM system to ensure that it can receive events from Kaspersky Security Center.