General troubleshooting

This section provides information to help you solve problems that you might encounter when using Kaspersky CyberTrace.

If you have encountered problems while using Kaspersky CyberTrace, ensure that:

• The Kaspersky CyberTrace service is started.

  Windows: Use the sc query cybertrace command to check the service status from the command line.

  Linux: Use the systemctl status cybertrace.service command to check the service status from the terminal.

• You have enough free disk space and RAM on the Kaspersky CyberTrace server.
• The web page https://wlinfo.kaspersky.com is accessible from the Kaspersky CyberTrace server.

  To check accessibility of this web page both for Windows and Linux, use the following command: 
  curl -v --cert /opt/kaspersky/ktfs/dmz/feeds.pem [--proxy user:password@proxy-server.ru:3128] https://wlinfo.kaspersky.com/api/v1.0/feeds

  As a result of this check, you may have a list of available feeds according to the certificate, for example:

  { "name": "TI Demo Botnet C&C URL Data Feed", "updates": {"href": "https://wlinfo.kaspersky.com/api/v1.0/feeds/85/updates"}, "license": {"expires": "2024-02-19T00:00:00"} }

  If the result contains an error, send the output of this command to Technical Support.

• The event source (SIEM) is available from the Kaspersky CyberTrace server.
  • Web UI:

    Select the Settings > Service tab. Under Service sends events to, in the IP address text box, enter the IP address of SIEM; and in the Port text box, enter the port of SIEM.

  • In the kl_feed_service.conf configuration file (check this only if the Kaspersky CyberTrace service cannot run):

    Windows: \Kaspersky Lab\Kaspersky CyberTrace\bin\kl_feed_service.conf

    Linux: opt/kaspersky/ktfs/etc/kl_feed_service.conf

    The following is an example of settings from the configuration file:

  <OutputSettings> <ConnectionString>127.0.0.1:9998</ConnectionString> </OutputSettings>

  Check the port used by the source to connect to Kaspersky CyberTrace.

  Make sure that the embedded firewall service is configured to receive events from the source to Kaspersky CyberTrace on the correct port.

  Make sure that the embedded firewall service on the SIEM side is configured to receive detects from Kaspersky CyberTrace on the correct port.

If the problem is not solved, contact Technical Support, and attach the following:

• Configuration file for Kaspersky CyberTrace Windows: \Kaspersky Lab\Kaspersky CyberTrace\bin\kl_feed_service.conf
• Configuration file for Kaspersky CyberTrace Linux: opt/kaspersky/ktfs/etc/kl_feed_service.conf

  There are two ways of getting the configuration file:

  • If the web interface is available, select Settings>Service>Export configuration files.
  • If the Kaspersky CyberTrace service cannot be started, copy the files from the directories and specify the applicable paths for the different operating systems.
• Kaspersky CyberTrace log files of the debug level

  For more information, see Logging settings and Kaspersky CyberTrace Service logging.

  You should be aware that you will send Technical Support the debug log files containing full incoming events.

• Screenshots describing the problem.
• Results of running the collect.sh script.

  Running the collect.sh script creates a report containing all basic diagnostic information from your computer.

  Before sending the report to Technical Support, remove all confidential information from it.

  For information on how to create a report, see https://support.kaspersky.com/15732.

Page top