The scenario is like below-
Kaspersky Security Center 11 need to be send logs to Syslog Server then from Syslog server logs need to be sent to AlienVault SIEM.
is the above scenario is a good practice? If the scenario is set like the above then -
what will be the method from KSC11 to Syslog Server and then Syslog Server to SIEM….is that push or something else?
Thanks in Advance
Best answer by Kavuser10
After KSC 11 and Syslog server connection done then will the client machine push the logs through KSC 11 automatically or there should make some work like making tasks on KSC11?
You have to enable syslog in the policy that you have pushed on clients. Open the policy in editor and under Events open the specific events that you want to send and make sure syslog is enabled. See here: