About exporting events using Syslog format

December 9, 2024

ID 151333

You can use the Syslog format to export to SIEM systems the events that occur in Administration Server and other Kaspersky applications installed on managed devices.

Syslog is a standard for message logging protocol. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type that generates the message, and is assigned a severity level.

The Syslog format is defined by Request for Comments (RFC) documents published by the Internet Engineering Task Force (internet standards). The RFC 5424 standard is used to export the events from Kaspersky Security Center Cloud Console to external systems.

In Kaspersky Security Center Cloud Console, you can configure export of the events to the external systems using the Syslog format.

The export process consists of two steps:

  1. Enabling automatic event export. At this step, Kaspersky Security Center Cloud Console is configured so that it sends events to the SIEM system. Kaspersky Security Center Cloud Console starts sending events immediately after you enable automatic export.
  2. Selecting the events to be exported to the external system. At this step, you select which event to export to the SIEM system.

See also:

Scenario: Configuring event export to SIEM systems

');
Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
');
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).