About the log of content filtering
May 17, 2024
ID 68060
The log of Content Filtering allows you to check if Content Filtering is configured properly.
The log of Content Filtering is located in the folder <Application installation folder>\logs\content_filtering\content_filtering_incidents_log_YYYYDDMM.csv, where YYYYDDMM stands for the log creation date.
The log of Content Filtering is created on a daily basis and contains the details of content filtering incidents for the relevant day. Logs for the previous days are stored in the folder <Application setup folder>\logs\content_filtering in archives with the corresponding names.
When a Content Filtering incident is triggered by the name or the content of a file, the following details are recorded in the log of Content Filtering:
- Incident ID
- Path to the file
- File name
- The word or phrase that caused the Content filtering incident
- The Kaspersky Lab section or user category to which the specific word belongs
The log of Content Filtering will additionally record a sequence of characters from the text that has been extracted from the file or the field of a SharePoint web object by the corresponding filter of Kaspersky IFilter Utility.
When a content filtering incident is caused by the content of a SharePoint web part, the following details are recorded in the log of content filtering incidents:
- Incident ID
- Path to the SharePoint web object
- Name of the field of the SharePoint web object in which unwanted content has been detected
- The word that caused the content filtering incident
- The Kaspersky Lab section or user category to which the specific word belongs
For a more detailed check of the operation of Content Filtering, you can enable the detailed logging of events to the log of Content Filtering. The log records a sequence of 10 words located in the text before the word that caused the Content filtering incident, the word itself, and 10 words located in the text after the word that caused the incident. If these 10 words contain more than 100 characters, the sequence is limited to 100 characters before and after the word that caused the Content filtering incident.
Data in the Content filtering log is not encrypted. For security reasons (for example, to prevent unauthorized access or possible data leaks), you are advised to personally protect files of the application log.
