Support

Support for business applications

Kaspersky Security 8.0 for Linux Mail Server

Publishing program events to a SIEM system

Enabling export of events in CEF format

Kaspersky Security 8.0 for Linux Mail Server
Knowledge Base Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools Product videos

Enabling export of events in CEF format

July 4, 2024

ID 151533

Before enabling export of events in CEF format, it is recommended to specify a category (facility) for syslog that is not used by other programs on the server.

To enable export of events in CEF format:

  1. Open the XML file containing the extracted settings of the klms-control utility.
  2. If you want to select the syslog category (facility) to which the events will be exported, in the opened file in the <siemSettings> section, specify one of the following values of the <facility> parameter:
    • Auth
    • Authpriv
    • Cron
    • Daemon
    • Ftp
    • Lpr
    • Mail
    • News
    • Syslog
    • User
    • Uucp
    • Local0
    • Local1
    • Local2
    • Local3
    • Local4
    • Local5
    • Local6
    • Local7

    By default, the value is set to Mail.

    Example:

    <siemSettings>

    <enabled>0</enabled>

    <facility>Local1</facility>
  3. In the opened file, in the <siemSettings> section, set the value of the <enabled> parameter to 1.

    Example:

    <siemSettings>

    <enabled>1</enabled>

');
Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
');
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).