Already configure export to SIEM using CEF format, but kaspersky did not send any logs

[gun-prd]

Hello,

 

i'm already following guide from the knowlege base and post in this forum to configure event with CEF format to our syslog server, already try with UDP and TCP port 514 but still no logs received when we check using wireshark.

Hope anyone can help incase there is some configuration missing from my end.

 

Regards,

 

 

[ElvinE5]

to use this function (namely formats for CEF and LEEF) there are several subtleties :)))

1. To use these formats, you need a Management license; it is included in the Advanced and higher license package.

Спойлер

2. To activate Management functions in KSC, you need to add the appropriate key (or activation code) in the KSC server properties

Спойлер

You configure the connection to SIEM in accordance with how you have configured reception in SIEM

 

in the absence of a license...you can still send data from the SIEM, but only via the syslog protocol, and you must also (manually) specify which events should be sent from the properties of EACH policy for the products whose events you want to send

Спойлер

 

If you have a Management license and use CEF or LEEF formats, you do not need to configure anything additionally (except for the connection settings to SIEM), ALL events that appear on the server should be sent to SIEM automatically.