This section describes the watchdog module workflow.
How watchdog mode works (Linux)
Kaspersky CyberTrace can run in watchdog mode. In this case, a separate module monitors the service and re-launches it when it freezes or crashes. It works as follows:
KL_ALERT_ServiceUnavailable
event) to the event target software that Kaspersky CyberTrace Service is unavailable.KL_ALERT_ServiceStarted
event) to the event target software that Kaspersky CyberTrace Service started.You can run Kaspersky CyberTrace Service in watchdog mode from the command line or by using the script.
How watchdog mode works (Windows)
Kaspersky CyberTrace runs in watchdog mode: the watchdog service monitors Kaspersky CyberTrace Service and re-launches it when it freezes or crashes. It works as follows:
KL_ALERT_ServiceUnavailable
event) to the event target software that Kaspersky CyberTrace Service is unavailable.When you run Kaspersky CyberTrace Service in watchdog mode, make sure that one scanner (the ServiceSettings > ScannersCount
element in the configuration file) is reserved for the watchdog module.
The watchdog service binary file kl_watchdog_service.exe is launched from the command line. The binary file uses the flags described in the following table.
Flags for kl_watchdog_service.exe
Flag |
Description |
--reg |
Adds the watchdog service to the list of Windows services. |
--del |
Removes the watchdog service from the list of Windows services. |
--svc |
Starts the watchdog service as a Windows service. Note that only Service Control Manager can run kl_watchdog_service.exe with this flag. If the user tries to run kl_watchdog_service.exe with this flag, an error occurs. |
--help (or -h) |
Prints information about flags that can be used with kl_watchdog_service.exe. |
If no flag is specified, the kl_watchdog_service.exe program prints the list of available flags to the screen.
Restarting Kaspersky CyberTrace Service by the watchdog module
Kaspersky CyberTrace Service can be launched in watchdog mode. In this case, the watchdog module monitors Kaspersky CyberTrace Service to make sure that it keeps running. When the watchdog module detects that the service has crashed or frozen, it notifies the SIEM solution and restarts the service. Kaspersky CyberTrace Service starts working and notifies the SIEM solution. Therefore, you can look in the SIEM solution log to learn the period during which Kaspersky CyberTrace Service was not active.
Restarting Kaspersky CyberTrace Service using the watchdog module
Page top