This section describes alert events that can be generated by Kaspersky CyberTrace.
KL_ALERT_ConfigurationUpdated
This event is generated if Kaspersky CyberTrace Service has reloaded the configuration file.
This event has no context fields.
KL_ALERT_FeedBecameAvailable
This event is generated if a feed that can be used with the current certificate has become available.
This event has the following field:
Feed name.
KL_ALERT_FeedBecameUnavailable
This event is generated if a feed that is being used with the current certificate has become unavailable.
This event has the following context field:
Feed name.
KL_ALERT_OutdatedFeed
This event is generated if a feed has not been updated during the specified period.
This event has the following context field:
Feed name.
KL_ALERT_ServiceUnavailable
This event is generated when the watchdog module has detected that Kaspersky CyberTrace Service has crashed or frozen.
This event has no context fields.
KL_ALERT_ServiceStopped
This event is generated when Kaspersky CyberTrace Service is stopped successfully.
This event has no context fields.
KL_ALERT_ServiceStarted
This event is generated when Kaspersky CyberTrace Service is started successfully.
This event has no context fields.
KL_ALERT_UpdatedFeed
This event is generated when a feed is updated and loaded by Kaspersky CyberTrace Service. This means that new indicators from the feed can be used in the matching process. Please note that these indicators may be added to the database later, as they are loaded asynchronously.
This event has the following context fields:
Feed name.
The number of records loaded from the feed.
KL_ALERT_FailedToUpdateFeed
This event is generated when Kaspersky CyberTrace Service fails to load a new feed (for example, due to the limitation on the number of indicators that are imposed by the license key) and continues using an old feed.
This event has the following context fields:
Feed name.
Error message from Feed Utility or the text "Error while applying feed <FeedName>".
KL_ALERT_LicenseExpires
This event is generated to inform you that the license key that is being used will expire in less than 30 days.
This event has the following context fields:
Name of the license key.
Expiration date of the license key.
KL_ALERT_LicenseExpired
This event is generated when a current license key has expired.
This event has the following context fields:
Name of the license key.
Expiration date of the license key.
KL_ALERT_EPSLimitExceeded
This event is generated when the limit on the number of processed events per second (EPS) imposed by the licensed key or licensing level has been exceeded.
This event has the following context fields:
Actual number of EPS that arrive in Kaspersky CyberTrace Service.
Limit on the number of EPS that is imposed by the license key or licensing level.
KL_ALERT_EPSHardLimit
This event is generated when Kaspersky CyberTrace Service limits the number of events processed per second to the maximum number of events for the current license key or licensing level. The limit applies regardless of the number of incoming events.
Limit on the number of EPS that is imposed by the license key or licensing level.
KL_ALERT_LicenseChanged
This event is generated when Kaspersky CyberTrace starts to use another license key or licensing level.
This event has the following context fields:
Name of the license key.
If no license key is used, this context field is not included.
Expiration date of the license key.
If no license key is used, this context field is not included.
Licensing level of the key, if a license key is used.
Licensing level, if a license key is not used.
KL_ALERT_RetroScanCompleted
This event is generated when the retrospective scan task succeeded.
This event has the following context fields:
Number of scanned indicators.
Number of detected indicators.
Link to the result of the retrospective scan.
This field is absent if the value of the iocs_detected field is 0.
KL_ALERT_RetroScanError
This event is generated when the retrospective scan task failed.
This event has the following context field:
Short text error description.
KL_ALERT_RetroScanStorageExceeded
This event is generated when the limit on the size of the saved events has been exceeded.
This event has the following context field:
Limit on the size of the saved events, in megabytes.
KL_ALERT_FreeSpaceEnds
This event is generated when the available disk space becomes low.
This event has the following context field:
Amount of disk space that is still available for the indicator database.
The message has the following format: "Free space left: %FreeSpace% Mb", where %FreeSpace% is the remaining number of MB available for the indicator database.
KL_ALERT_IndicatorsStoreLimitExceeded
This event is generated when the limit on the size of the saved indicators has been exceeded.
This event has the following context fields:
Current number of indicators.
Limit on the number of indicators that is imposed by the license key.
KL_ALERT_DetectsStorageExceeded
This event is generated when the limit on the size of the saved detection events has been exceeded.
This event has the following context field:
Limit on the size of the saved detection events, in megabytes.
KL_ALERT_IndicatorsStoreHardLimit
This event is generated when Kaspersky CyberTrace limits adding and updating of indicators.
This event has the following context fields:
Limit on the number of indicators that are imposed by the license key.
Message that new indicators cannot be added to the database due to the limitation on the number of indicators that is imposed by the license key.