Configuring receipt of VK WorkSpace Mail events

KUMA allows monitoring VK WorkSpace Mail 1.23 events received in syslog format.

Configuring event receiving consists of the following steps:

1. Configuring the export of VK WorkSpace Mail events
2. Creating a KUMA collector for VK WorkSpace Mail events.

   To receive VK WorkSpace Mail audit events using the Collector Installation Wizard, select the [OOTB] VK WorkSpace Mail syslog normalizer at the Event parsing step. Also, on the Transport tab, you need to specify the port and protocol in accordance with steps 2.2, 2.3 of the Configuring the export of VK WorkSpace Mail events instructions.

3. Installing a collector in the KUMA network infrastructure.
4. Verifying receipt of VK WorkSpace Mail events in the KUMA collector.

   You can verify that the VK WorkSpace Mail event source server is correctly configured in the Searching for related events section of the KUMA web interface.

Configuring the export of VK WorkSpace Mail events

To configure the export of events to KUMA:

1. Go to the Settings for duplicating user actions to external storage menu.
2. Select the Duplicate user actions to syslog check box.
   1. In the Syslog server address field, enter the IP address or FQDN of the KUMA collector.
   2. In the Syslog server port field, specify the port that the KUMA collector is listening on.
   3. In Syslog protocol, TCP or UDP field, select the communication protocol.
   4. In the Syslog data ID field, specify bein.

The export of VK WorkSpace Mail events is configured.