Configuring log settings via the Application Console

You can edit the following settings of Kaspersky Embedded Systems Security for Windows logs:

• Length of the storage period for events in task logs and the system audit log.
• Location of the folder in which Kaspersky Embedded Systems Security for Windows stores task log files and the system audit log file.
• Events generation thresholds for Application database is out of date, Application database is extremely out of date and Critical areas scan has not been performed for a long time.
• Events that Kaspersky Embedded Systems Security for Windows saves in task logs, the system audit log, and the event log of Kaspersky Embedded Systems Security for Windows in Event Viewer.
• Settings for publishing audit events and task performance events to the syslog server via the Syslog protocol.

To configure log settings using the Application Console:

1. In the Application Console tree, open the context menu of the Logs and notifications node and select Properties.

   The Logs and notifications settings window opens.

2. On the General tab, if necessary, select events that Kaspersky Embedded Systems Security for Windows will save in task logs, the system audit log, and the event log of Kaspersky Embedded Systems Security for Windows in Event Viewer:
   1. In the Component list, select the component of Kaspersky Embedded Systems Security for Windows for which you want to set the detail level.
   2. In the Importance level list, select a detail level for events in task logs, the system audit log, and the event log for the selected component.

      In the following table with a list of events, the check boxes are selected next to events that are registered in task logs, the system audit log, and the event log, according to the current detail level.

   3. If you want to manually enable registration of specific events for a selected component or task:
      1. In the Importance level list, select Custom.
      2. In the table with the list of events, select the check boxes next to events that you want to be registered in task logs, the system audit log, and the event log.
3. On the Advanced tab, configure the log storage settings and event generation thresholds for device protection status:
   • In the Log storage block:
     • Logs folder
       

       Path to the log folder in UNC (Universal Naming Convention) format.

       Default path: C:\ProgramData\Kaspersky Lab\Kaspersky Embedded Systems Security\3.4\Reports\.

       If the default path is changed, a folder with a corresponding name is created. The new logs will be stored in the new folder. The old logs will be preserved.

     • Remove task logs older than (days)
       

       The check box enables / disables a function that deletes logs with the results of completed tasks and events published in the logs of running tasks after the specified period of time (default value: 30 days).

       If the check box is selected, Kaspersky Embedded Systems Security for Windows deletes logs with the results of completed tasks and events published in the logs of running tasks after the specified period of time.

       The check box is selected by default.

     • Remove from the system audit log events older than (days)
       

       The check box enables / disables a function that deletes events recorded in the system audit log after the specified period of time (default value: 60 days).

       If the check box is selected, Kaspersky Embedded Systems Security for Windows deletes events recorded in the system audit log after the specified period of time.

       By default, the check box is cleared.

   • In the Event generation thresholds block, specify the number of days after which the Application database is out of date, Application database is extremely out of date, and Critical areas scan has not been performed for a long time events will occur.
     

     Event generation thresholds

     Setting	Event generation thresholds.
     Description	You can specify thresholds for generation of the following event types: Application database is out of date and Application database is extremely out of date. These events occur if the Kaspersky Embedded Systems Security for Windows database has not been updated during the period (in days) specified by the setting since the release date of the most recently installed database updates. You can configure administrator notifications about this event. Critical areas scan has not been performed for a long time. This event occurs if none of the tasks marked with the Consider task as critical areas scan check box are performed during the specified number of days.
     Possible values	Number of days from 1 to 365.
     Default value	Application databases are obsolete – 7 days. Application databases are extremely out of date – 14 days. Critical Areas Scan has not been performed for a long time – 30 days.

4. On the SIEM integration tab, configure the settings for publishing audit events and task performance events to the syslog server.
5. Click the OK button to save the changes.

In this section About SIEM integration Configuring SIEM integration settings

Page top