The table below shows the events of Kaspersky Security Center Administration Server that have the Info importance level.
For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.
Administration Server informational events
Event type display name |
Event type ID |
Event type |
Default storage term |
Remarks |
|---|---|---|---|---|
Over 90% of the license key is used up |
4097 |
KLSRV_EV_LICENSE_CHECK_90 |
30 days |
Events of this type occur when Administration Server detects that some licensing limits are close to being exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license constitute over 90% of the total number of units covered by the license. Even when a licensing limit is exceeded, client devices are protected. You can respond to the event in the following ways:
Kaspersky Security Center Linux determines the rules to generate events when a licensing limit is exceeded. |
New device has been detected |
4100 |
KLSRV_EVENT_HOSTS_NEW_DETECTED |
30 days |
Events of this type occur when new networked devices have been discovered. |
Device has been automatically added to the group |
4101 |
KLSRV_EVENT_HOSTS_NEW_REDIRECTED |
30 days |
Events of this type occur when devices have been assigned to a group according to device moving rules. |
Device has been removed from the group: inactive on the network for a long time
|
4104
|
KLSRV_INVISIBLE_HOSTS_REMOVED
|
30 days
|
|
Files have been found to send to Kaspersky for analysis |
4131 |
KLSRV_APS_FILE_APPEARED |
30 days |
|
FCM Instance ID has changed on this mobile device |
4137 |
KLSRV_GCM_DEVICE_REGID_CHANGED |
30 days |
|
Updates have been successfully copied to the specified folder |
4122 |
KLSRV_UPD_REPL_OK |
30 days |
|
Connection to the secondary Administration Server has been established |
4115 |
KLSRV_EV_SLAVE_SRV_CONNECTED |
30 days |
|
Connection to the primary Administration Server has been established |
4117 |
KLSRV_EV_MASTER_SRV_CONNECTED |
30 days |
|
Databases have been updated |
4144 |
KLSRV_UPD_BASES_UPDATED |
30 days |
|
Audit: Connection to the Administration Server has been established |
4147 |
KLAUD_EV_SERVERCONNECT |
30 days |
|
Audit: Object has been modified |
4148 |
KLAUD_EV_OBJECTMODIFY |
30 days |
This event tracks changes in the following objects:
|
Audit: Object status has changed |
4150 |
KLAUD_EV_TASK_STATE_CHANGED |
30 days |
For example, this event occurs when a task has failed with an error. |
Audit: Group settings have been modified |
4149 |
KLAUD_EV_ADMGROUP_CHANGED |
30 days |
|
Audit: Connection to Administration Server has been terminated |
4151 |
KLAUD_EV_SERVERDISCONNECT |
30 days |
|
Audit: Object properties have been modified |
4152 |
KLAUD_EV_OBJECTPROPMODIFIED |
30 days |
This event tracks changes in the following properties:
|
Audit: User permissions have been modified |
4153 |
KLAUD_EV_OBJECTACLMODIFIED |
30 days |
|
Audit: Encryption keys have been imported or exported from Administration Server |
5100 |
KLAUD_EV_DPEKEYSEXPORT |
30 days |
|