Trace files of SVMs, Light Agents and Kaspersky Security management plug-ins

Trace files of SVMs, Light Agents and Kaspersky Security management plug-ins may contain the following data:

• Event time
• Number of the thread of execution
• Name of the Kaspersky Security component that caused the event
• Degree of event importance (informational event, warning, critical event, error)
• Description of the event involving execution of a command received from the Kaspersky Security component, and the result of execution of this command

For more information about trace files of Light Agent for Linux and Light Agent for Windows, see the Help of the application used in Light Agent mode.

SVM trace files

During SVM operation, the following trace files may be created on an SVM:

• Protection Server trace file (ScanServer.log). The name of the file contains the file creation date and time. In addition to general data, this file may contain the following information:
  • Personal data, including the last name, first name and middle name, if such data is included in the path to files on protected virtual machines.
  • The name of the account used to log in to the operating system if the user account name is part of a file name.
  • Your email address or web address containing the name of your account and password if they are contained in the name of the detected object.
  • Settings for connecting SVMs to the Integration Server.
  • Information about connecting Light Agents to SVM: unique SVM identifier, unique identifier and information about the operating system of the virtual machine, on which Light Agent is installed, time intervals during which the Light Agent was connected to the SVM.
• boot_config.log trace file This file records the results of executing commands of the SVM first startup script.
• wdserver.log trace file. This file records information about events that occur during operation of the watchdog service (wdserver). The file contains general data.
• SnmpTool.log trace file This file records information about events that occur during operation of the SNMP service (SnmpTool). The file contains general data.
• Trace file of the Kaspersky Security Center Network Agent. This file records information about events occurring during operation of the Kaspersky Security Center connectivity module. The file contains general data.

boot_config.log and wdserver.log trace files are created automatically.

You can create the ScanServer.log and SnmpTool.log trace files using the ScanServer.conf and SnmpTool.conf configuration files, which are located in the /etc/opt/kaspersky/la/ directory on the SVM. A special script is used to create a Network Agent trace file.

For detailed information on how to create and configure trace files, please contact our Technical Support experts.

All created SVM trace files are located in the /var/log/kaspersky/la/ directory.

ScanServer.log trace file can also be created in the Protection Server policy. To do this, you need to:

1. Enable the display of additional settings in the Protection Server policy. By default, additional settings are not displayed.
2. Configure the trace level in the Advanced settings section of the policy and apply the change.

   You are advised to clarify the required trace level with a Technical Support specialist.

SVM trace files are stored in readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.

SVM trace files are not automatically sent to Kaspersky. Trace files are automatically deleted when uninstalling Kaspersky Security.

Trace files of management plug-ins

Trace files of web plug-ins

If you use the Kaspersky Security Center Web Console to manage Kaspersky Security solution components, information about events that occur during operation of the management web plug-ins may be written to the trace files of the web plug-ins:

Web plug-in trace files are created automatically if logging to the Kaspersky Security Center Web Console activity log was enabled during installation of Kaspersky Security Center Web Console. For more information, see the Kaspersky Security Center Help.

Web plug-in trace files are saved in the Kaspersky Security Center Web Console installation folder in the logs subfolder:

• /var/opt/kaspersky/ksc-web-console/logs – on devices with Linux operating systems
• %ProgramFiles%\Kaspersky Lab\Kaspersky Security Center Web Console\logs – on devices with Windows operating systems

The following information may be stored in the Integration Server web plug-in trace file:

• Diagnostic information about the operation of the Integration Server Web Console.
• IP address of the Kaspersky Security Center Administration Server.
• Port numbers for interaction with the Kaspersky Security Center Administration Server through the Kaspersky Security Center Network Agent.
• Description of exclusions and errors that occurred when working with internal subsystems and external services.
• Names of internal Integration Server accounts.
• IP addresses or fully qualified domain names (FQDN) of hypervisors or virtual infrastructure administration servers to which the Integration Server connects.
• IP addresses, versions, and names of SVMs deployed on hypervisors.

The following information may be stored in the Protection Server web plug-in trace file:

• Diagnostic information about the operation of the Protection Server web plug-in.
• Description of exclusions and errors that occurred when working with internal subsystems and external services.

Trace files of MMC plug-ins

If you use the Kaspersky Security Center Administration Console to manage Kaspersky Security solution components, information about events that occur during operation of the management MMC plug-ins may be written to the following files on the device where the Kaspersky Security Center Administration Server is installed:

• Trace file of the MMC plug-in for managing the Protection Server. The file name is specified by the user, and the user name and process ID (PID) are added to the specified name. This file contains information about the events that occur during the plug-in operation, in particular, about the operation of the Protection Server policy and tasks.
• Trace files for management MMC plug-ins for Light Agent for Linux and Light Agent for Windows (applications running in Light Agent mode). The file names contain the application version number, the date and time the file was created, and the process identifier (PID). This file records information about events that occur during operation of the plug-in, in particular, about the operation of tasks and the Light Agent policy.

In addition to general data, MMC plug-in trace files may contain the following information:

• Personal data, including the last name, first name, and middle name, if such data is part of the path to files.
• The name of the account used to log in to the operating system if the user account name is part of a file name.

By default, trace files of Kaspersky Security MMC plug-ins are not created. You can create all trace files of the MMC plug-ins by using the registry keys. Contact Technical Support representatives for detailed information on how to create trace files.

All created MMC plug-in trace files are located in the %ProgramData%\Kaspersky Lab\Plugins\ folder.

The trace files of the management plug-ins are saved in a human-readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.

The trace files of the management plug-ins are not sent to Kaspersky automatically. Trace files are automatically deleted when Kaspersky Security is uninstalled.