Jump to content
Kaspersky Support Forum

About this blog

Entries in this blog

Known problem

SIEM intergration - no events: the most frequent reason for error

Problem You set up integration with SIEM but no events come up on SIEM side. In some cases there is no incoming traffic to SIEM from KSC server. Solution In vast majority of cases the root cause can be located in KSC server trace Trace example #1 25.01.2017 09:56:56.855 00001320.0000015C L1 KLSPLG: There is no key for SystemManagement. Trace examp
Egor Erastov

Egor Erastov in Known problem

0
Known problem

Issue with encoding of events transferred to SIEM by the KSC [Kaspersky Security Center]

KSC sends events to SIEM in UTF-8 encoding. If the events received from KSC in the SIEM system look unreadable, for example, like this: Тип приложениÑ: ÐеизвеÑтное приложение\r\nÐаправление: ВходÑщее\r\nПротокол: ICMPv6\r\nСтатуÑ: Разрешено\r\nУдаленныРIt is necessary to configure UTF-8 encoding in the SIEM system itself.
Stan Shpatar

Stan Shpatar in Known problem

0


×
×
  • Create New...