The table below describes operating system audit events registered by Kaspersky IoT Secure Gateway 1000.
Operating system audit events
Event name |
Event text |
Severity |
Subject ID |
|---|---|---|---|
Audit: Audit subsystem start |
Audit subsystem is running |
Informational |
System: Audit |
Audit: Audit subsystem test message |
The test message was successfully recorded during audit subsystem diagnostics |
Informational |
System: Audit |
admin: Log export |
The log is exported |
Informational |
Administrator |
admin: Log export error |
Failed to export the log |
Warning |
Administrator |
Audit: Audit log overwrite |
Audit log is overwritten due to full storage |
Informational |
System: Audit |
Audit: Audit log is running out of space |
The audit log will be overwritten after |
Warning |
System: Audit |
KscController: Rebooting the device |
The device is being rebooted |
Informational |
System: KscController |
KscController: Uploading the application certificate |
Application certificate is uploaded to the certificate storage |
Informational |
System: KscController |
Launcher: Attempting to launch an incompatible version of the application |
An attempt to launch the application version incompatible with the system was detected |
Warning |
System: Launcher |
Launcher: Attempting to launch a blocked application |
An attempt to run a blocked application is detected |
Warning |
System: Launcher |
Launcher: Launching an application |
The application |
Informational |
System: Launcher |
Launcher: Error launching an application |
Failed to start the application |
Warning |
System: Launcher |
Launcher: Untrusted application |
Failed to verify the integrity of the application |
Critical |
System: Launcher |
Launcher: Stopping an application |
The application |
Informational |
System: Launcher |
Launcher: Application has failed |
The application |
Warning |
System: Launcher |
Launcher: Changing application autorun |
The list of applications for autorun is changed |
Informational |
System: Launcher |
Launcher: Error changing application autorun |
Failed to change the list of applications for autorun |
Warning |
System: Launcher |
Launcher: Enabling the non-immune mode |
The device is running in non-immune mode; immunity is not guaranteed |
Warning |
System: Launcher |
Launcher: Enabling the developer mode |
The device is running in developer mode |
Warning |
System: Launcher |
Launcher: Attempting to download a new version of the application |
An attempt to download a new version of an installed application is detected. |
Critical |
System: Launcher |
Orchestrator: Downloading the application |
Download of the application |
Informational |
System: Orchestrator |
Orchestrator: Successful application download |
The application |
Informational |
System: Orchestrator |
Orchestrator: Successful application installation |
The application |
Informational |
System: Orchestrator |
Orchestrator: Uninstalling the application |
Uninstallation of the application |
Informational |
System: Orchestrator |
Orchestrator: Successful application uninstallation |
|
Informational |
System: Orchestrator |
Orchestrator: Application download error |
Failed to download the application |
Warning |
System: Orchestrator |
Orchestrator: Application signature verification error |
Failed to verify authenticity of the |
Critical |
System: Orchestrator |
Orchestrator: Application installation error |
Failed to install the application |
Warning |
System: Orchestrator |
Orchestrator: Application installation error |
Failed to install the application |
Warning |
System: Orchestrator |
Orchestrator: Application uninstallation error |
Failed to uninstall the application |
Warning |
System: Orchestrator |
TrafficController: Enabling a network cluster |
The network cluster is enabled and its settings are configured |
Warning |
System: TrafficController |
TrafficController: Disabling a network cluster |
The network cluster is disabled |
Warning |
System: TrafficController |
EmergencyManager: Enabling the Emergency support mode |
A critical operating system error is detected. Emergency support mode is enabled: |
Critical |
System: EmergencyManager |
EmergencyManager: Limiting the operating system functions |
Operating system functions ( |
Critical |
System: EmergencyManager |
BlobContainer: Component blocked from starting |
Starting |
Critical |
System: BlobContainer |
Updater: System update |
Full system update is started |
Informational |
System: Updater |
Updater: Verifying updates |
Downloaded updates are verified and ready to install |
Informational |
System: Updater |
Updater: Downloading updates |
Updates downloaded successfully |
Informational |
System: Updater |
Updater: System update successful |
System update completed successfully |
Informational |
System: Updater |
Updater: No update required |
No update required. The latest system version is installed |
Informational |
System: Updater |
Updater: System update error |
Error |
Critical |
System: Updater |
Updater: Error downloading updates |
Failed to download updates |
Informational |
System: Updater |
Updater: Error rebooting the device |
Failed to restart the device while installing updates |
Critical |
System: Updater |
Updater: Invalid updates |
Downloaded updates are invalid and cannot be installed |
Warning |
System: Updater |
admin: Date and time change |
System date and time were changed manually |
Informational |
Administrator |
KscController: Time synchronization with the source |
System time is synchronized with Kaspersky Security Center |
Informational |
System: KscController |
admin: Account credentials expiry user: Account credentials expiry |
User name and password expire in |
Informational |
Administrator or user |
admin: Certificate expiry user: Certificate expiry |
User certificate expires in |
Informational |
Administrator or user |
admin: User account credentials expired user: User account credentials expired |
User name and password expired, refresh the account credentials |
Warning |
Administrator or user |
admin: User certificate expired user: User certificate expired |
User certificate has expired |
Warning |
Administrator or user |
Authenticator: User blocked |
User blocked due to exceeding the number of failed login attempts |
Critical |
System: Authenticator |
WebServer: Connection session lock |
Connection session blocked due to inactivity |
Informational |
System: WebServer |
admin: Modified lockout duration after failed password entry attempts user: Modified lockout duration after failed password entry attempts |
Lockout duration after failed password attempts changed. New value: |
Informational |
Administrator or user |
admin: Modified user idle time before locking user: Modified user idle time before locking |
User idle time before locking changed, new value: |
Informational |
Administrator or user |
admin: Modified maximum number of failed login attempts user: Modified maximum number of failed login attempts |
Maximum number of failed login attempts changed. New value: |
Informational |
Administrator or user |
admin: Change credentials user: Change credentials |
The administrator password for initial login is changed |
Informational |
Administrator or user |
admin: Change credentials user: Change credentials |
Password for user |
Informational |
Administrator or user |
admin: Change credentials user: Change credentials |
Certificate for user |
Informational |
Administrator or user |
admin: Change credentials user: Change credentials |
|
Informational |
Administrator or user |
admin: Creating a user account |
User account created for |
Informational |
Administrator |
admin: Error creating user account |
User account for |
Warning |
Administrator |
admin: Deleting a user account |
User account for |
Informational |
Administrator |
admin: User authentication user: User authentication |
|
Informational |
Administrator or user |
Authenticator: User authentication error |
User |
Warning |
System: Authenticator |
Authenticator: User authentication error |
User |
Warning |
System: Authenticator |
Authenticator: User authentication error |
User |
Warning |
System: Authenticator |
admin: Restoring the system configuration |
Status of the operating system configuration restoring from the backup: |
Informational |
Administrator |
admin: Backing up the system configuration |
Status of the backup creation from the operating system configuration: |
Informational |
Administrator |
admin: Generation of the integrity check report |
Generation of the integrity check report started: |
Informational |
Administrator |
IntegrityService: Integrity check status |
Integrity check status: |
Informational |
System: IntegrityService |
IntegrityService: Object integrity violation |
|
Critical |
System: IntegrityService |
admin: Operating system self-testing start |
Operating system self-testing started |
Informational |
Administrator |
SelfTestManager: Operating system error during self-testing |
Operating system error during self-testing detected: |
Critical |
System: SelfTestManager |
SelfTestManager: Operating system self-testing result |
Operating system self-testing result: completed successfully |
Informational |
System: SelfTestManager |
SelfTestManager: Operating system self-testing result |
Operating system self-testing result: errors detected |
Informational |
System: SelfTestManager |
SelfTestManager: Operating system self-testing result |
Operating system self-testing result: canceled manually |
Informational |
System: SelfTestManager |