This section describes the watchdog module workflow.
How watchdog mode works (Linux)
Kaspersky CyberTrace can run in watchdog mode. In this case, a separate module monitors the service and re-launches it when it freezes or crashes. It works as follows:
KL_ALERT_ServiceUnavailable
event) to the event target software that Feed Service is unavailable.KL_ALERT_ServiceStarted
event) to the event target software that Feed Service started.You can run Feed Service in watchdog mode from the command line or by means of the script.
How watchdog mode works (Windows)
When you run Feed Service in watchdog mode, make sure that one scanner (the ServiceSettings > ScannersCount
parameter in the configuration file) is reserved for the watchdog module.
Kaspersky CyberTrace runs in watchdog mode: the watchdog service monitors Feed Service and re-launches it when it freezes or crashes. It works as follows:
KL_ALERT_ServiceUnavailable
event) to the event target software that Feed Service is unavailable.Make sure that one scanner (the ServiceSettings > ScannersCount
parameter in the configuration file) is reserved for the watchdog service.
The watchdog service binary file kl_watchdog_service.exe is launched from the command line. The binary file uses the flags described in the following table.
Flags for kl_watchdog_service.exe
Flag |
Description |
--reg |
Adds the watchdog service to the list of Windows services. |
--del |
Removes the watchdog service from the list of Windows services. |
--svc |
Starts the watchdog service as a Windows service. Note that only Service Control Manager can run kl_watchdog_service.exe with this flag. If the user tries to run kl_watchdog_service.exe with this flag, an error occurs. |
--help (or -h) |
Prints information about flags that can be used with kl_watchdog_service.exe. |
If no flag is specified, the kl_watchdog_service.exe program prints the list of available flags to the screen.
Restarting Feed Service by the watchdog module
Feed Service can be launched in watchdog mode. In this case, the watchdog module monitors Feed Service to make sure that it keeps running. When the watchdog module detects that the service has crashed or frozen, it notifies the SIEM solution and restarts the service. Feed Service starts working and notifies the SIEM solution. Therefore, you can look in the SIEM solution log to learn the period during which Feed Service was not active.
Restarting Feed Service using the watchdog module
Page top