Contents
Receiving tenant protection reports
A virtual machine is considered protected if the Light Agent installed on it is connected to the SVM. Each SVM can receive data about the time intervals when Light Agents were connected to the SVM and pass this data to the Integration Server database. Based on this information, you can receive reports on the protection status of the tenant virtual machines using the Integration Server REST API.
You can use the tenant protection report to obtain information about all protected tenant virtual machines and all time intervals when each virtual machine was protected by Kaspersky Security. The report can also be used to obtain information about the protection of all virtual machines that connected to the SVM during the specified reporting period, including the virtual machines that do not belong to any tenant.
Receiving tenant protection reports consists of the following steps:
- Enabling the function of transferring report data to the Integration Server database.
- Report generation. The report is generated as a CSV file in a temporary folder.
- Report upload. The generated report can be uploaded in its entirety or in parts for integration into the provider’s reporting system.
Enabling the function of transferring report data
By default, the function of transferring report data is disabled on the Integration Server. If you want to receive tenant protection reports, enable the function of transferring report data in the Integration Server configuration file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\viislaservice.exe.config.
To enable the function of receiving report data:
- Open the viislaservice.exe.config configuration file for editing.
- Set the
EnableTenantsProtectionReports
parameter totrue
and save the file. - Restart the Integration Server.
The Integration Server will receive data on the time intervals when Light Agents were connected to SVMs from each SVM.
If the function of receiving report data is enabled, but SVM is not connected to the Integration Server, the data packets are queued for sending. When the maximum number of packets in the queue is reached, older data packets are deleted. The parameters for sending data are set up in the /etc/opt/kaspersky/agents_monitor/agents_monitor.conf configuration file on SVM. You can configure the maximum queue size for the packets to be sent using the max_queue_size
parameter.
The received data is stored in the Integration Server database. The default report retention period is 460 days. You can configure this value using the TenantsProtectionPeriodsRecordsLifetimeDays
parameter in the viislaservice.exe.config configuration file of the Integration Server.
The size of the Integration Server database increases proportionally to the number of the tenant protected virtual machines.
Generating tenant protection reports
The report generation procedure is automated by means of the Integration Server REST API.
You can pass the following report generation parameters in the request to the REST API:
- Identifier of the tenant for which want to generate the protection report.
- Start date and time of the period for which you want to generate a report.
- End date and time of the period for which you want to generate a report.
If the tenant identifier is not specified in the request, the report will include data on all virtual machines that were protected during the specified period. Including the data on virtual machines that do not belong to the tenants.
If the report generation period is not specified in the request, the report will include data stored in the Integration Server database from the earliest date up to the current moment.
To obtain reliable information in the reports, it is recommended to follow these rules when specifying the reporting period:
- Specify the reporting period accurate to a day.
- Set the end of the reporting period not less than 60 minutes from the current moment.
As a result of the report generation procedure, the report identifier is returned. The report is generated in the protected service folder %ProgramData%\Kaspersky Lab\VIISLA\protectionPeriodsReports. By default the report is stored within 24 hours from the moment of generation. To get the report, use the report identifier in the request to the REST API to upload the report.
You can configure the report retention period using the TenantsProtectionReportsLifetimeHours
parameter in the Integration Server configuration file: %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\viislaservice.exe.config.
The data in the report is presented line by line. Each line contains information about one virtual machine protection period in the following format:
{
tenant ID
};{
tenant name
};{
virtual machine ID
};{
virtual machine name
};{
date and time when protection was enabled
};{
date and time when protection was disabled
}
where:
{
tenant ID
}
– identifier of the tenant to which the virtual machine belongs. If the virtual machine does not belong to any tenant, nothing is displayed in this field.{
tenant name
}
– tenant name specified when the tenant was created. If the virtual machine does not belong to any tenant, nothing is displayed in this field.{
virtual machine ID
}
– identifier of the virtual machine that was protected by the application.{
virtual machine name
}
– name of the virtual machine that was protected by the application.{
date and time when protection was enabled
}
– start date and time of the virtual machine protection period.{
date and time when protection was disabled
}
– end date and time of the virtual machine protection period.
If during the reporting period the virtual machine was protected by the application several times (protection was enabled and disabled), the report displays each virtual machine protection period.
Page topUploading tenant protection reports
The report upload procedure is automated by means of the Integration Server REST API.
In the request to the REST API, the report identifier obtained at the previous step and the data display format (CSV) must be specified.
Other data display formats are not supported.
You can upload all report data or get partial data.
You can integrate data obtained as a result of the query into your reporting system.
Page top