Contents
About trace files
A trace file helps track down step-by-step execution of application commands and detect the phase of application operation when an error occurs.
You can view data saved in trace files. Please contact Kaspersky Technical Support for advice on how to view data.
All trace files contain the following common data:
- Event time
- Number of the thread of execution
- Application component that caused the event
- Degree of event importance (informational event, warning, critical event, error)
- Description of the event involving execution of a command received from an application component, and the result of execution of this command
Trace files are not automatically sent to Kaspersky. You can use these files when contacting Technical Support. The information recorded in trace files may be needed for analysis and identification of the causes of errors in the operation of application components.
For the purpose of working with trace files, Technical Support experts may ask you to use the logcontrol.sh script that is included in the application distribution kit (for details, please refer to the Knowledge Base).
Trace files are stored in non-encrypted form. You are advised to provide protection against unauthorized access.
About Kaspersky Security components Installation Wizard trace files
Information about the progress and results of installation, upgrade, and removal of the Kaspersky Security administration plug-in, Integration Server, and Integration Server Console is logged to trace files of the Installation Wizard for Kaspersky Security components. If installation, upgrade, or removal ends in an error, you can use these files when contacting Technical Support.
Trace files of the Kaspersky Security Components Installation Wizard are files in TXT format. They are automatically saved on the same computer on which the user ran the installation, upgrade or removal of the Kaspersky Security administration plug-in, Integration Server, and Integration Server Console.
If you install Kaspersky Security components, the trace files are saved to an archive in the path %temp%\Kaspersky_Security_for_Virtualization_6.0_Agentless_BundleInitialInstall_logs_<date and time>.zip, where <date and time> is the date and time of installation completion.
If you upgrade Kaspersky Security components, the trace files are saved to an archive in the path %temp%\Kaspersky_Security_for_Virtualization_6.0_Agentless_BundleMajorUpgrade_logs_<date and time>.zip, where <date and time> is the date and time of upgrade completion.
If you remove Kaspersky Security components, the trace files are saved to an archive in the path %temp%\Kaspersky_Security_for_Virtualization_6.0_Agentless_BundleUninstall_logs_<date and time>.zip, where <date and time> is the date and time of removal completion.
Trace files of the Kaspersky Security Components Installation Wizard contain the following information:
- Diagnostic information about the process of installation, upgrade or removal of Kaspersky Security components.
- Name of the computer on which the user started the procedure for installing, upgrading or removing Kaspersky Security components, and the name of the user that started the procedure.
- Information about errors that occurred during the process of installation, upgrade or removal of Kaspersky Security components.
About trace files of the Installation Wizard for the Kaspersky Security administration plug-in for tenants
Information about the progress and results of installation, upgrade and removal of the Kaspersky Security administration plug-in for tenants is written to Wizard trace files. If installation, upgrade, or removal ends in an error, you can use these files when contacting Technical Support.
Trace files of the Installation Wizard for the Kaspersky Security administration plug-in for tenants are in TXT format. They are automatically saved on the same computer on which the installation, upgrade, or removal of the administration plug-in was performed.
If you install the Kaspersky Security administration plug-in for tenants, the trace files are saved to an archive in the path %temp%\Kaspersky_Security_for_Virtualization_6.0_Agentless_(for_tenants)_BundleInitialInstall_logs_<date and time>.zip (<date and time> is the date and time of installation completion).
If you upgrade the Kaspersky Security administration plug-in for tenants, the trace files are saved to an archive in the path %temp%\Kaspersky_Security_for_Virtualization_6.0_Agentless_(for_tenants)_BundleMajorUpgrade_logs_<date and time>.zip (<date and time> is the date and time of upgrade completion).
If you remove the Kaspersky Security administration plug-in for tenants, the trace files are saved to an archive in the path %temp%\Kaspersky_Security_for_Virtualization_6.0_Agentless_(for_tenants)_BundleUninstall_logs_<date and time>.zip (<date and time> is the date and time of removal completion).
Trace files of the Installation Wizard for the Kaspersky Security administration plug-in for tenants contain the following information:
- Diagnostic information about the process of installation, upgrade or removal of the Kaspersky Security administration plug-in for tenants
- Name of the computer on which the user started the procedure for installing, upgrading or removing the Kaspersky Security administration plug-in for tenants, and the name of the user that started the procedure
- Information about errors that occurred during the process of installation, upgrade or removal of the Kaspersky Security administration plug-in for tenants
About SVM trace files
Information about application operation may be logged to the following trace files located on SVMs:
- on an SVM with the File Threat Protection component:
- /var/log/kaspersky/ksv/connector.ksv.log
- /var/log/kaspersky/ksv/connector.ksvt.log
- /var/log/kaspersky/ksv/wdserver.log
- /var/log/kaspersky/ksv/klmount.log
- /var/log/kaspersky/ksv/ksvmain.log
- on an SVM with the Network Threat Protection component:
- /var/log/kaspersky/ksvns/connector.ksv.log
- /var/log/kaspersky/ksvns/wdserver.log
- /var/log/kaspersky/ksvns/ksvnsmain.log
- on an SVM with the File Threat Protection component and on an SVM with the Network Threat Protection component:
- /var/log/kaspersky/klnagen64/$klnagent-1103-wd.log
- /var/log/kaspersky/klnagen64/$klnagent-1103.log
- /var/log/ksv
- /var/log/secure
- /var/log/messages
- /var/log/mr_product_stat_ksv.log
- /var/log/mr_system_stat_ksv.log
By default, information about the application operation is not saved. To enable logging of information to SVM trace files, you must perform the steps described on the application page in the Knowledge Base.
In addition to general data, SVM trace files may contain the following information:
- Names of scanned files and the paths to them on the virtual machine. Personal data (last name, first name, and middle name, email address, user account name) may also be saved if this data is contained in the paths or names of scanned files.
- Scanned web addresses, IP addresses and names of virtual machines, information about the virtual local area network (VLAN), information about the Ethernet, IP, TCP, and UDP headers for each network packet.
- Information about drive mounts for scanning powered-off virtual machines, lists of file systems and their IDs.
- Information about operating system events.
- Information about events that occurred during interaction with Kaspersky Security Center.
- Information about events that occurred during operation of the watchdog service.
- Information about the operation of an SVM in the multitenancy mode, and about SVM configuration settings received from the Integration Server.
About trace files of the Integration Server and Integration Server Console
Information about the operation of the Integration Server and the Integration Server Console may be recorded in the following trace files:
- %ProgramData%\Kaspersky Lab\VIIS\logs\service.log – the Integration Server trace file.
- %ProgramData%\Kaspersky Lab\VIIS Console\logs\console.log – the trace file of the Integration Server Console.
Trace files are created only after you have enabled the logging of information about the Integration Server and Integration Server Console. By default, information about the operation of the Integration Server and Integration Server Console is not saved.
You can enable the logging of information to Integration Server and Integration Server Console trace files, and change the level of detail of information in trace files by using configuration files:
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIIS\Nlog.config – for the Integration Server trace file
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIIS Console\NLog.config – for the Integration Server Console trace file
Contact Technical Support experts for details.
If you enabled the logging of information to the Integration Server trace file, you can view this file by clicking the View trace file link in the Integration Server settings section of the Integration Server Console. The link is available only if the Integration Server Console is installed on the same computer as the Integration Server.
The following information may be saved in the Integration Server trace file:
- Diagnostic information about the operation of the Integration Server, its workload, and the results of a data integrity check.
- Headers and contents of HTTP requests that are sent and received by the Integration Server during its operation.
- IP addresses of the SVM and computer hosting the Kaspersky Security Center Administration Console and the Kaspersky Security administration plug-in, if the Kaspersky Security Center Administration Console was installed separately from the Kaspersky Security Center Administration Server.
- Traces of requests to the Integration Server.
- Description of exclusions and errors that occurred when working with internal subsystems and external services.
- Names of internal Integration Server user accounts.
- IP addresses or fully qualified domain names (FQDN) of VMware vCenter Server, VMware vCloud Director, or VMware NSX Manager servers to which the Integration Server connects.
- Information about the Kaspersky Security service registration process.
- Information about the Kaspersky Security reconfiguration process.
The following information may be saved in the Integration Server Console trace file:
- Diagnostic information about the operation of the Integration Server Console.
- Traces of command line parameters and results of checking them.
- Headers and contents of HTTP requests that are sent and received by the Integration Server Console during its operation.
- Information about navigations through sections of the Integration Server Console and working with interface elements.
- IP address of the Kaspersky Security Center Administration Server.
- Port numbers for interaction with the Kaspersky Security Center Administration Server through the Kaspersky Security Center Network Agent.
- Description of exclusions and errors that occurred when working with internal subsystems and external services.
- Names of internal Integration Server user accounts.
- IP addresses or fully qualified domain names (FQDN) of VMware vCenter Server, VMware vCloud Director, or VMware NSX Manager servers to which the Integration Server connects.