Exporting events using Syslog not visible on Syslog Server

[Deadlock4400]

Hello Everybody,

 

The scenario is explained below-

Kaspersky Security Center  11.0.0.1131b

Kaspersky Endpoint Advance  11.2.0.2254

Syslog Server is a TheckOS Storage where Syslog Server option is there.

 

Now problem is that The Syslog server can only showing Informative Logs of KSC. Not the warning, Critical etc. logs of KSC. 

Even from Wireshark , it’s clear that KSC is not sending other type of logs (only Informative logs of KSC are being sent)

 

Below url was being followed - 

Exporting events using Syslog

On KSC Enabling automatic export is done (Screenshot Attached below)

 

 

Then Syslog Server IP added with UDP port 514 -

 

Selecting export events
Selecting events in a policy has done

 

From the properties of Event configuration section, all the events are selected and then from events properties, Export to SIEM system via Syslog check box is enabled for all selected events

 

 

Upto this point done.

But now We can see only KSC information event on Syslog server, no other critical or warning events there showing on Syslog Server, even Wireshark we only see informative events are forwarding from KSC to Syslog Server, no other events are going.

 

Should i do the “Selecting events for an application”??

 

Thanks in Advance 

 

@Deadlock4400 

[Deadlock4400]

need to perform action on all 3 policies 

[Pedro]

Hello Deadlock, 

I m having the same problem right now. I only see that kaspersky is sending informative eventshow could you solve it?Thanks

[shahpasandi]

Storing events to administrator server and then forward them to the syslog server/SIEM has better details and results.