You can use the Syslog protocol to export to SIEM systems the events that occur in Administration Server and other Kaspersky Lab applications installed on managed devices.
Syslog is a standard for message logging protocol. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type that generates the message, and is assigned a severity level.
The Syslog protocol is defined by Request for Comments (RFC) documents published by the Internet Engineering Task Force (Internet standards). The RFC 5424 standard is used to export the events from Kaspersky Security Center to external systems.
In Kaspersky Security Center, you can configure export of the events to the external systems using the Syslog protocol.
The export process consists of two steps: