Viewing events and reports

While the application is running, various events can occur. The events may be informational or may contain important data. For example, the application can use events to notify about a successful application database update, or to inform about an error in the operation of application components that must be eliminated.

Kaspersky Endpoint Security saves information about application events to the following logs:

Access to the application event log and operating system log requires root privileges.

If Kaspersky Endpoint Security is managed by Kaspersky Security Center, information about events may be transmitted to the Kaspersky Security Center Administration Server. Aggregation rules apply to certain events. If a large number of same-type events are created within a short period of time while the application is running, the application will switch to event aggregation mode and send to Kaspersky Security Center one aggregated event with a description of the events settings. Different aggregation rules may be used for different events. For more information about events, refer to the Kaspersky Security Center Help.

You can receive information about application events in the following ways:

Some events may contain file paths. For output, the file path is treated as a UTF-8 string. If any of the bytes in the path does not comply with the UTF-8 encoding rules, is it replaced with the ? character. Any four-byte sequence that encodes a character code outside the Unicode range (greater than 0x10FFFF) is also replaced with the ? character. Special characters are escaped (replaced) in a certain way.

The following rules apply for escaping characters in file paths inside events in the output of kesl-control -E --query:

The following rules apply for escaping characters in file paths inside events in the output of kesl-control -E --query --json:

Rules for escaping characters in file paths in events when sending to syslog:

The first backslash in the sequence when describing rules is the escape character.

Examples:

'\a' is one character (a control character).

'\\a' is two characters (backslash + the a character).

'\\' is one character (backslash), '\\\\' is two characters (backslash + backslash).

The application can generate various types of reports on the events that occur while the application is running. Reports contain information about the operation of each Kaspersky Endpoint Security component, the results of each task, and the overall operation of the application.

You can view reports in the following ways:

Events and reports may contain the following personal data:

In this Help section

Configuring event logging to the operating system log

Configuring application event log settings

Viewing events in Kaspersky Security Center

Viewing events in the command line

Page top