Content and properties of syslog messages in CEF format

Support

Support for business applications

Kaspersky Secure Mail Gateway

Publishing application events to a SIEM system

Content and properties of syslog messages in CEF format

July 10, 2024

ID 151684

Information about each detected event is relayed as a separate syslog message in CEF format with UTF-8 encoding.

A message in CEF format consists of a message body and header. Each Syslog message contains the following fields defined by the Syslog protocol settings in the operating system:

Date and time of the event
Name of the host where the event occurred
Name of the application (always KSMG)

Syslog event message fields defined by the application settings have the <key>="<value>" format. If a key has multiple values, these values are separated with a comma. Keys are separated by a colon.

The keys and their values contained in a message depend on the specific class of the event.

Example:

July 16 10:34:23 host.domain.com

The maximum size of a syslog message about a detected event depends on the values of syslog settings on the server on which KSMG is installed.

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company

Web and device controls. Data encryption. Centralized and convenient management from a single console.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.