Syslog configuration on Kaspersky

This article explain how to configure Kaspersky to send log to SGBox using CEF protocol.Requirements

• SGBox 5.2.2
• Valid Kaspersky license for export CEF/LEEF logs https://support.kaspersky.com/KSC/13/en-US/151345.htm.

Log in to your Kaspersky Security Center console, from Administration Server select Events. Select Configure notification and event export and select the Siem configuration type On Export Events selecti the CEF format (ArcSight CEF format), and put the SGBox IP, protocol and port. Choose the type of endpoint events that will be sent to the Siem from: Administration Server > Managed devices > Policies. Select the policy then Properties > Event configuration You can also choose the Server events that will be forwarded to the Siem from: Administration Server > Server Properties > Event configuration