Any Kaspersky Endpoint Security operation generates events. The application administrator can view these events by using the query system.
Kaspersky Endpoint Security notifies users about new events in the following ways:
If Kaspersky Endpoint Security is managed by Kaspersky Security Center, information about events may be transmitted to the Kaspersky Security Center Administration Server. Kaspersky Endpoint Security administrator can configure the email notifications or script execution when an event is received from the application. For more details about managing reports in Kaspersky Security Center, please refer to the Kaspersky Security Center documentation.
If the graphical user interface (GUI) is enabled, information about events may be viewed in the reports and in the application pop-ups.
By using the local query to the Kaspersky Endpoint Security event storage. The application administrator can write the scripts based on the generated events.
To get information about all events in the Storage:
kesl-control -E --query|less
By default, the application stores up to 500 000 events. You can use the less command to navigate through the list of displayed events.
You can use the query system to view specific events. When you create a query, specify the required field, select the comparison operator, and set the required value for it. Value must be specified in the single quotation marks (‘), the whole query must be in the double quotation marks (“):