Exporting events using Syslog not visible on Syslog Server

  • 13 January 2020
  • 1 reply

Userlevel 2

Hello Everybody,


The scenario is explained below-

Kaspersky Security Center

Kaspersky Endpoint Advance

Syslog Server is a TheckOS Storage where Syslog Server option is there.


Now problem is that The Syslog server can only showing Informative Logs of KSC. Not the warning, Critical etc. logs of KSC. 

Even from Wireshark , it’s clear that KSC is not sending other type of logs (only Informative logs of KSC are being sent)


Below url was being followed - 

Exporting events using Syslog

On KSC Enabling automatic export is done (Screenshot Attached below)



Then Syslog Server IP added with UDP port 514 -


Selecting export events
Selecting events in a policy has done


From the properties of Event configuration section, all the events are selected and then from events properties, Export to SIEM system via Syslog check box is enabled for all selected events



Upto this point done.

But now We can see only KSC information event on Syslog server, no other critical or warning events there showing on Syslog Server, even Wireshark we only see informative events are forwarding from KSC to Syslog Server, no other events are going.


Should i do the “Selecting events for an application”??


Thanks in Advance 




Best answer by Deadlock4400 14 January 2020, 13:28

need to perform action on all 3 policies 

View original

1 reply

Userlevel 2

need to perform action on all 3 policies 

Reply / Ответить