Jump to content
Kaspersky Support Forum

Format Log sending to SIEM

Aramanthine

By Aramanthine
in Kaspersky Security Center

 Share

Recommended Posts

Aramanthine

Aramanthine

Posted
Posted

Hi Guys,

I have question regarding what type of log that i can sent to my SIEM. Right now i have license Kaspersky Optimum, and after confirmation with support this license enable to sent Syslog, CEF, and LEEF format type. So from the picture that i attach when configure type of format log that i want to sent, do i have option to choose only 1 type of log? because based on what i read in this forum, i dont have to choose which message to send because the server will send everything...is that correct?

Format Log.PNG

Diego Moraes

Diego Moraes

Posted
Posted
14 horas atrás, Aramanthine disse:

Hi Guys,

I have question regarding what type of log that i can sent to my SIEM. Right now i have license Kaspersky Optimum, and after confirmation with support this license enable to sent Syslog, CEF, and LEEF format type. So from the picture that i attach when configure type of format log that i want to sent, do i have option to choose only 1 type of log? because based on what i read in this forum, i dont have to choose which message to send because the server will send everything...is that correct?

Format Log.PNG

Hello Aramanthine, this is the screen where you configure the connection to the SIEM.

No data will be sent if you only enable this option.

In each KSC policy, you will need to set what you want to send.

Open a policy, click on "Event Configuration" and select which items you want to send to the SIEM.

Enable the option "Export to SIEM system using Syslog", since you have already configured the communication in the KSC, when this event occurs, the log will be sent to the SIEM.

Do this for each item you want to send.

export to SIEM.jpg

  • Like 1
  • Thanks 1
Aramanthine

Aramanthine

Posted
  • Author
Posted
14 hours ago, Diego Moraes said:

Hello Aramanthine, this is the screen where you configure the connection to the SIEM.

No data will be sent if you only enable this option.

In each KSC policy, you will need to set what you want to send.

Open a policy, click on "Event Configuration" and select which items you want to send to the SIEM.

Enable the option "Export to SIEM system using Syslog", since you have already configured the communication in the KSC, when this event occurs, the log will be sent to the SIEM.

Do this for each item you want to send.

export to SIEM.jpg

Hi Sir,

Understood on the next step, so based on this step i see it says sent using syslog, so i need to use this method if i sent using syslog, But do i need to do this also if im sending CEF or LEEF Format? and if i using CEF or LEEF Format, do i need to enable any extra configuration like the syslog format?

Thank you for answering my question

Diego Moraes

Diego Moraes

Posted
Posted
2 horas atrás, Aramanthine disse:

Hi Sir,

Understood on the next step, so based on this step i see it says sent using syslog, so i need to use this method if i sent using syslog, But do i need to do this also if im sending CEF or LEEF Format? and if i using CEF or LEEF Format, do i need to enable any extra configuration like the syslog format?

Thank you for answering my question

Hi, no, when you enable the "Export to SIEM system using Syslog" function, it will send the log in the format you defined in "Event Export".

What was confusing when selecting the file is that Syslog is also one of the options.

Configure the connection to the SIEM in "Event Export", then enable an event in a policy to send the log, it works very well, I use it this way.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...