Kaspersky
Solved

Exporting events using Syslog not visible on Syslog Server

  • 13 January 2020
  • 1 reply
  • 331 views

Userlevel 2
Badge

Hello Everybody,

 

The scenario is explained below-

Kaspersky Security Center  11.0.0.1131b

Kaspersky Endpoint Advance  11.2.0.2254

Syslog Server is a TheckOS Storage where Syslog Server option is there.

 

Now problem is that The Syslog server can only showing Informative Logs of KSC. Not the warning, Critical etc. logs of KSC. 

Even from Wireshark , it’s clear that KSC is not sending other type of logs (only Informative logs of KSC are being sent)

 

Below url was being followed - 

Exporting events using Syslog

On KSC Enabling automatic export is done (Screenshot Attached below)

 

 

Then Syslog Server IP added with UDP port 514 -

 

Selecting export events
Selecting events in a policy has done

 

From the properties of Event configuration section, all the events are selected and then from events properties, Export to SIEM system via Syslog check box is enabled for all selected events

 

 

Upto this point done.

But now We can see only KSC information event on Syslog server, no other critical or warning events there showing on Syslog Server, even Wireshark we only see informative events are forwarding from KSC to Syslog Server, no other events are going.

 

Should i do the “Selecting events for an application”??

 

Thanks in Advance 

 

@Deadlock4400 

icon

Best answer by Deadlock4400 14 January 2020, 13:28

need to perform action on all 3 policies 

View original

1 reply

Userlevel 2
Badge

need to perform action on all 3 policies 

Reply / Ответить