Kaspersky Security Center (on-prem) - Syslog Forwarder

Juan Romero

26-Oct-2025

Kaspersky Security Center (on-prem) - Syslog Forwarder

Kaspersky Security Center “takes the complexity out of security administration and IT systems management. Fully scalable, the console supports growing businesses with changing security needs, and facilitates comprehensive systems and security management, with easy separation of administrator responsibilities — all from one unified management console also available as a web-based console”.

Prerequisites

To replicate this article, it’s imperative to ensure that you have met the following:

• Advanced or Management license installed.
• Kaspersky Security Center: A version 14.2 installed and operational.
• Kaspersky Endpoint Security: A version 12.5.0 Installed on a Windows (any version supported).

Kaspersky Security Center Setup

To enable your SIEM to log and alert on events being generated by Kaspersky Security Center and Kaspersky Endpoint Security, we need to configure some important settings:

4. Navigate to Event export.
5. Check Automatically export events to SIEM system database.
6. Under SIEM system: Set syslog RFC 5424. Server address, Port, and Protocol will be provided by the SOCFortress team.
7. Hit Apply to finish.

Press enter or click to view image in full size

8. Right-click under Administration Server and open Properties.

9. Navigate to Event configuration.
10. These are all events and their level of severity supported by Kaspersky Security Center. For the sake of the article, we will select severity Info.
11. Select Audit: Object has been modified.
12. Open Properties.

Press enter or click to view image in full size

13. Check Store in the Administration Server database for (days) and Export to SIEM system using Syslog.
14. Hit OK and Apply to finish.