技术支持

企业产品

Kaspersky Security Center 15 Linux

监控、报告和审计

导出事件到 SIEM 系统

标记要以 Syslog 格式导出到 SIEM 系统的事件

标记要以 Syslog 格式导出的 Kaspersky 应用程序事件
Kaspersky Security Center
Нет результатов
Нет результатов
在线帮助
常见问题解答 下载 购买 续订 论坛 联系支持 恢复工具 产品视频

Marking events of a Kaspersky application for export in the Syslog format

2024年5月6日

ID 218295

另存为 PDF

If you want to export events that occurred in a specific managed application installed on the managed devices, mark the events for export in the application policy. In this case, the marked events are exported from all of the devices included in the policy scope.

To mark events for export for a specific managed application:

  1. In the main menu, go to 资产(设备)策略和配置文件.
  2. Click the policy of the application for which you want to mark events.

    The policy settings window opens.

  3. Go to the 事件配置 section.
  4. Select the check boxes next to the events that you want to export to a SIEM system.
  5. Click the 使用 Syslog 标记以导出到 SIEM 系统 button.

    You can also mark an event for export to a SIEM system in the 事件注册 section, which opens by clicking the link of the event.

  6. A check mark () appears in the Syslog column of the event or events that you marked for export to the SIEM system.
  7. Click the 保存 button.

The marked events from the managed application are ready to be exported to a SIEM system.

You can mark which events to export to a SIEM system for a specific managed device. If previously exported events were marked in an application policy, you will not be able to redefine the marked events for a managed device.

To mark events for export for a managed device:

  1. In the main menu, go to 资产(设备)受管理设备.

    The list of managed devices is displayed.

  2. Click the link with the name of the required device in the list of managed devices.

    The properties window of the selected device is displayed.

  3. Go to the 应用程序 section.
  4. Click the link with the name of the required application in the list of applications.
  5. Go to the 事件配置 section.
  6. Select the check boxes next to the events that you want to export to SIEM.
  7. Click the 使用 Syslog 标记以导出到 SIEM 系统 button.

    Also, you can mark an event for export to a SIEM system in the 事件注册 section, that opens by clicking the link of the event.

  8. A check mark () appears in the Syslog column of the event or events that you marked for export to the SIEM system.

From now on, Administration Server sends the marked events to the SIEM system if export to the SIEM system is configured.

See also:

About events in Kaspersky Security Center Linux

Kaspersky Endpoint Security for Linux: High protection without performance compromising
Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.