The scenario is explained below-
Kaspersky Security Center 22.214.171.1241b
Kaspersky Endpoint Advance 126.96.36.1994
Syslog Server is a TheckOS Storage where Syslog Server option is there.
Now problem is that The Syslog server can only showing Informative Logs of KSC. Not the warning, Critical etc. logs of KSC.
Even from Wireshark , it’s clear that KSC is not sending other type of logs (only Informative logs of KSC are being sent)
Below url was being followed -
On KSC Enabling automatic export is done (Screenshot Attached below)
Then Syslog Server IP added with UDP port 514 -
Selecting export events
Selecting events in a policy has done
From the properties of Event configuration section, all the events are selected and then from events properties, Export to SIEM system via Syslog check box is enabled for all selected events
Upto this point done.
But now We can see only KSC information event on Syslog server, no other critical or warning events there showing on Syslog Server, even Wireshark we only see informative events are forwarding from KSC to Syslog Server, no other events are going.
Should i do the “Selecting events for an application”??
Thanks in Advance
Best answer by Deadlock4400
need to perform action on all 3 policies