Publishing application events to a SIEM system

May 23, 2024

ID 151504

Kaspersky Secure Mail Gateway can publish application events to a SIEM system, which is already in use in your organization, over the syslog protocol.

Information about each application event is relayed as a separate syslog message in the CEF format (hereinafter also referred to as a "CEF message").

A CEF message containing event information is relayed immediately after the event occurs. Exceptions to this rule are classes of ScanLogic group events; CEF messages of these classes are relayed after email messages are processed by the ScanLogic module.

By default, export of CEF messages from the application is disabled. You can enable export of events and configure the publication of events to a SIEM system.

In this Help section

Configuring export of events in CEF format

Configuring publication of application events to a SIEM system

Content and properties of syslog messages in CEF format

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.