In the command line, you can view:
Displaying current events
You can output information about all current application events or about current events associated with starting or stopping a specified task. You can use the filter to output certain current events, for example, events of a specified type.
To output information about all current application events, run:
kesl-control -W
The command returns the name of the event and additional information about the event.
To output only information about current events associated with a running task, run:
kesl-control --start-task
<task ID/name
> -W
Example: Enable display of the current events of the running task with ID=1:
|
To output information about current events that match the filter conditions, run:
kesl-control -W --query "<
filter conditions
>"
filter conditions are set with one or more logical expressions in the format <
field
> <
comparison operator
> '<
value
>'
, combined with the help of the logical operator and
.
Example: Display TaskStateChanged events:
Display TaskSettingsChanged events initiated by the 'User' user:
|
Displaying events from the event log
You can output information about events from the application event log to the console or a file. You can use a filter to display only certain events.
To output information about all events in the application event log, run:
kesl-control -E --query [--db <
database file
>]
where:
<
database file
>
is the full path to the event log database file to output events from. By default, the application saves information about events to the database at /var/opt/kaspersky/kesl/private/storage/events.db. The location of the database is determined by the EventsStoragePath global application setting
.You can use less
to navigate the list of displayed events. By default, the application stores up to 500,000 events. The maximum number of events that the application stores is determined by the MaxEventsNumber
general application setting.
If the event log is located in the default database, you can output information about all events using the command:
kesl-control -E
To output information about events in the application event log that meet certain criteria, run:
kesl-control -E --query "<
filter conditions
>" [--db <
database file
>] [-n <
number
>] [--json] [--reverse]
where:
<
filter conditions
>
: one or several logical expressions in the format <
field
> <
comparison operator
> '<
value
>'
, combined with the help of the logical operator and
to limit the results.<
number
>
– number of the latest events of the selection (number of records from the end of the selection) to be displayed.--json
: output events in JSON format. --reverse
: display events in reverse order (from the newest event at the top to the oldest at the bottom).To output information about events in the application event log that meet certain criteria to a file, run:
kesl-control -E --query "<
filter conditions
>" [--db <
database file
>] [-n <
number
>] --file <
file path
> [--json]
where --file <
file path
>
is the full path to the file to output events to.