Configuring task logs settings

To configure Kaspersky Embedded Systems Security for Windows logs, perform the following steps:

1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
2. Select the administration group for which you want to configure application settings.
3. Perform one of the following actions in the details pane of the selected administration group:
   • To configure log settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
   • To configure the application for an individual protected device, select the Devices tab and go to the application settings.
4. In the Logs and notifications section, click the Settings button in the Task logs subsection.
5. The Logs settings window opens on the Logs tab.
6. Configure the level of detail of events in logs:
   1. In the Component list, select the component of Kaspersky Embedded Systems Security for Windows for which you want to set the detail level.
   2. In the Importance level list, select a detail level for events in task logs, the system audit log, and the event log for the selected component.

      In the following table with a list of events, the check boxes are selected next to events that are registered in task logs, the system audit log, and the event log, according to the current detail level.

   3. If you want to manually enable registration of specific events for a selected component or task:
      1. In the Importance level list, select Custom.
      2. In the table with the list of events, select the check boxes next to events that you want to be registered in task logs, the system audit log, and the event log.
7. In the Log storage block, configure the log storage settings:
   • Logs folder
     

     Path to the log folder in UNC (Universal Naming Convention) format.

     Default path: C:\ProgramData\Kaspersky Lab\Kaspersky Embedded Systems Security\3.4\Reports\.

     If the default path is changed, a folder with a corresponding name is created. The new logs will be stored in the new folder. The old logs will be preserved.

   • Remove task logs older than (days)
     

     The check box enables / disables a function that deletes logs with the results of completed tasks and events published in the logs of running tasks after the specified period of time (default value: 30 days).

     If the check box is selected, Kaspersky Embedded Systems Security for Windows deletes logs with the results of completed tasks and events published in the logs of running tasks after the specified period of time.

     The check box is selected by default.

   • Remove from the system audit log events older than (days)
     

     The check box enables / disables a function that deletes events recorded in the system audit log after the specified period of time (default value: 60 days).

     If the check box is selected, Kaspersky Embedded Systems Security for Windows deletes events recorded in the system audit log after the specified period of time.

     By default, the check box is cleared.

8. On the SIEM integration tab, configure the settings for publishing audit events and task performance events to the syslog server.
9. Click the OK button.

The configured log settings are saved.

Page top