Contents and storage of trace files
Trace files allow you to track the step-by-step execution of application commands and detect at what stage of the application operation an error occurs.
Trace files are stored on the device as long as the application is in use, and are deleted permanently when the application is removed. Trace files are not sent to Kaspersky automatically.
Trace files are saved in a human-readable format. It is recommended to protect information from unauthorized access before sending it to Kaspersky.
By default, trace files are stored in the directory /var/log/kaspersky/kesl/. Root privileges are required to access the default trace files directory.
All trace files contain the following general data:
- Event time.
- Number of the thread of execution.
- Application component that caused the event.
- Degree of event severity (informational event, warning, critical event, error).
- A description of the event involving command execution by a component of the application and the result of execution of this command.
Kaspersky Endpoint Security saves user passwords to a trace file only in encrypted form.
Trace files may store the following information in addition to general data:
- The statuses of the application components and their operational data.
- Data on user activity in the application.
- Data on the hardware installed on the device.
- Data about all operating system objects and events, including information about user activity.
- Data contained in the objects of the operating system (for example, the contents of files that may contain any user personal data).
- Network traffic data (for example, the contents of the entry fields on a website, which may include bank card information or any other sensitive data).
- Data received from Kaspersky servers (such as the version of the application databases).