Trace files of the Integration Server and Integration Server Console
Trace files of the Linux-based Integration Server
Information about the operation of the Linux-based Integration Server can be logged in the following trace files:
- /var/log/kaspersky/viis/service.log – Integration Server trace file.
- /var/log/kaspersky/viis/SvmManagement/sm_<file creation date>.log – trace file for the deployment, reconfiguration, and deletion of SVMs using the REST API of the Linux-based Integration Server
By default, logging of information to trace files is disabled.
You can enable or disable logging of information to the Linux-based Integration Server trace files using the /var/opt/kaspersky/viis/common/appsettings.logging.json configuration file.
A privileged account is required to edit the configuration file.
To enable logging of information to the trace files of the Linux-based Integration Server:
- Open the /var/opt/kaspersky/viis/common/appsettings.logging.json file.
- In the LogLevel section, set the value of the
Defaultsetting toTrace. The default value isNone. - In the rules section, in the Service and SvmManagement subsections, set the value of the
minlevelsetting toTrace. The default value isNone. - Save the /var/opt/kaspersky/viis/common/appsettings.logging.json file.
The new settings are applied without restarting the Integration Server.
Trace files are moved to the archival directory (/var/log/kaspersky/viis/archives). Integration Server trace files are moved to the archive when the file size reaches 50 MB. Trace files of deployment, reconfiguration, and deletion procedures are archived daily. The archive contains up to 20 Integration Server trace files and up to 10 trace files for SVM deployment, reconfiguration, and deletion procedures. When this number is reached, older files are deleted.
Access to the directory where trace files are saved is restricted by using an ACL. To access the directory, administrator rights (root, sudoers) are required.
If you change the default directory for storing trace files, Kaspersky Security does not control access to trace files. You are advised to ensure that information is protected against unauthorized access.
Trace files of the Windows-based Integration Server and Integration Server Console
Information about the operation of the Windows-based Integration Server and Integration Server Console can be logged in the following trace files:
- %ProgramData%\Kaspersky Lab\VIISLA\logs\viisla_service_loader.log – trace file for startup of the Windows-based Integration Server. The file does not contain personal data.
- %ProgramData%\Kaspersky Lab\VIISLA\logs\service.log – Windows-based Integration Server trace file.
- %ProgramData%\Kaspersky Lab\VIISLA Console\logs\console.log – Integration Server Console trace file.
- %ProgramData%\Kaspersky Lab\VIISLA\logs\SvmManagement\sm_<file creation date>.log – trace file for the deployment, reconfiguration, and removal of SVMs using the REST API of the Windows-based Integration Server.
By default, trace files are created with the Error level of detail. You can use the following configuration files to enable and disable logging of information to the trace files of the Integration Server and Integration Server Console, and change the level of detail of information in the trace files:
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\appsettings.logging.json – for the Integration Server trace file and the trace file for the deployment, reconfiguration, and removal of SVMs.
- %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA Console\NLog.config – for the Integration Server Console trace file.
Contact Technical Support representatives for details.
Trace files are moved to the archive folder (%ProgramData%\Kaspersky Lab\VIISLA\logs\archives). Integration Server trace files are moved to the archive when the file size reaches 50 MB. Trace files of deployment, reconfiguration, and deletion procedures are archived daily. The archive contains up to 20 Integration Server trace files and up to 10 trace files for SVM deployment, reconfiguration, and deletion procedures. When this number is reached, older files are deleted.
Access to the folder where trace files are saved is restricted by using an ACL. Administrator rights are required to access this folder.
If you change the default folder for storing trace files, Kaspersky Security does not control access to trace files. It is recommended to protect the information from unauthorized access.
Contents of trace files
The following information may be saved in the Integration Server trace file:
- Diagnostic information about the operation of the Integration Server, its workload, and the results of a data integrity check.
- Headers and contents of HTTP requests that are sent and received by the Integration Server during its operation.
- IP addresses of SVMs and protected virtual machines, and the IP address of the device hosting the Kaspersky Security Center Administration Console if the Kaspersky Security Center Administration Console is installed separately from the Kaspersky Security Center Administration Server.
- Tracing of requests to the Integration Server.
- Description of exclusions and errors that occurred when working with internal subsystems and external services.
- Names of internal Integration Server accounts.
- Names of accounts that are used to connect the Integration Server to virtual infrastructure objects.
- Depending on the type of virtual infrastructure:
- IP addresses or fully qualified domain names (FQDN) of hypervisors or virtual infrastructure administration servers to which the Integration Server connects.
- IP addresses or fully qualified domain names (FQDN) of the Keystone microservice or other cloud infrastructure microservices to which the Integration Server connects.
- If Kaspersky Security is used in multitenancy mode:
- Names and identifiers of the tenants registered in the Integration Server database.
- Account names of Kaspersky Security Center virtual Administration Servers administrators.
- Identifiers and IP addresses of the tenant virtual machines.
The following information may be saved in the Integration Server Console trace file:
- Diagnostic information about the operation of the Integration Server Console.
- Tracing of command line parameters and results of checking them.
- Headers and contents of HTTP requests that are sent and received by the Integration Server Console during its operation.
- Information about navigations through sections of the Integration Server Console and working with interface elements.
- IP address of the Kaspersky Security Center Administration Server.
- Port numbers for interaction with the Kaspersky Security Center Administration Server through the Kaspersky Security Center Network Agent.
- Description of exclusions and errors that occurred when working with internal subsystems and external services.
- Names of internal Integration Server accounts.
- Names of accounts that are used to connect the Integration Server to virtual infrastructure objects.
- Depending on the type of virtual infrastructure:
- IP addresses or fully qualified domain names (FQDN) of hypervisors or virtual infrastructure administration servers to which the Integration Server connects.
- IP addresses or fully qualified domain names (FQDN) of the Keystone microservice or other cloud infrastructure microservices to which the Integration Server connects.
- If Kaspersky Security is used in multitenancy mode, the names of tenants registered in the Integration Server database are listed.
You can use Integration Server trace files and Integration Server Console trace files when contacting the Technical Support. The information recorded in trace files may be needed for analysis and identification of the causes of errors in the operation of the Integration Server.
Integration Server trace files and Integration Server Console trace files are not automatically sent to Kaspersky.