This section contains examples of using Log Scanner in some situations.
Checking several log files
All log files that you pass for scanning must be in UTF-8 encoding. If your log files have different encoding, make sure to convert them to UTF-8.
If you have feeds that are not compiled and a directory containing log files, you can check the log files by performing the following procedure.
To check several log files:
systemctl start cybertrace.service (in Linux)
sc start cybertrace (in Windows)
./log_scanner -r –p ../logs (in Linux)
log_scanner.exe -r –p ..\logs (in Windows)
systemctl stop cybertrace.service (in Linux)
sc stop cybertrace (in Windows)
After Log Scanner finishes its work, the directory specified by the OutputDir element of the log_scanner.conf configuration file will contain a report about the URLs and hashes detected by Kaspersky CyberTrace Service.
Checking several URLs and hashes
If you have to check several URLs and hashes, perform the following procedure.
To check several URLs and hashes:
systemctl start cybertrace.service (in Linux)
sc start cybertrace (in Windows)
./log_scanner -r -s A72C5B99F2706B00718279C9533A3648 -s 6AA0321FA9D82D652AB53882D7CF9E592B4439B8 (in Linux)
log_scanner.exe -r -s A72C5B99F2706B00718279C9533A3648 -s 6AA0321FA9D82D652AB53882D7CF9E592B4439B8 (in Windows)
./log_scanner -r –u test.mav.example.com?bad_url=1 -u test.phishing.example.com/psh/test?p=1&p=2 (in Linux)
log_scanner.exe -r –u test.mav.example.com?bad_url=1 -u test.phishing.example.com/psh/test?p=1&p=2 (in Windows)
systemctl stop cybertrace.service (in Linux)
sc stop cybertrace (in Windows)
After Log Scanner finishes its work, the directory specified by the OutputDir element of the log_scanner.conf configuration file will contain a report about the URLs detected by Kaspersky CyberTrace Service and a report about the detected hashes.