Support

Support for business applications

Kaspersky Secure Mail Gateway

Publishing application events to a SIEM system

Content and properties of syslog messages in CEF format

Authentication group event classes

Kaspersky Secure Mail Gateway
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ Download Buy Renew Forum Contact support Recovery tools

Authentication group event classes

16 April 2024

ID 268835

In the body of CEF messages for classes of Authentication group events, you can use keys in accordance with their semantics (see the table below).

Possible field values of classes of Authentication group events

Key

Value

outcome

Authentication result.

cs1

Authentication type.

cs1Label

The value is always AuthType.

src

IP address from which the logon attempt was made, in IPv4 format.

c6a2

IP address from which the logon attempt was made, in IPv6 format.

c6a2Label

The value is always SourceIPv6 Address.

suser

User name that was used in the logon attempt.

Not recorded in case of failed Kerberos or NTLM logon attempts.

cs2

Error type.

cs2Label

The value is always ErrorId.

reason

Error text.

Each class of Tasks group events can contain only keys that are relevant to it (see the table below).

Relevant keys for classes of Authentication group events

Event class

Relevant keys

LMS_EV_AUTH_SUCCESS

outcome, cs1, cs1Label, suser, src, c6a2

LMS_EV_AUTH_ERROR

outcome, cs1, cs1Label, src, c6a2, c6a2Label, suser, cs2, cs2Label, reason

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.