Administration Server informational events

The table below shows the events of Kaspersky Security Center Administration Server that have the Info importance level.

For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.

Administration Server informational events

Event type display name

Event type ID

Event type

Default storage term

Remarks

Over 90% of the license key is used up

4097

KLSRV_EV_LICENSE_CHECK_90

30 days

Events of this type occur when Administration Server detects that some licensing limits are close to being exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license constitute over 90% of the total number of units covered by the license.

Even when a licensing limit is exceeded, client devices are protected.

You can respond to the event in the following ways:

  • Look through the managed devices list. Delete devices that are not in use.
  • Provide a license for more devices (add a valid activation code or a key file to Administration Server).

Kaspersky Security Center Linux determines the rules to generate events when a licensing limit is exceeded.

New device has been detected

4100

KLSRV_EVENT_HOSTS_NEW_DETECTED

30 days

Events of this type occur when new networked devices have been discovered.

Device has been automatically added to the group

4101

KLSRV_EVENT_HOSTS_NEW_REDIRECTED

30 days

Events of this type occur when devices have been assigned to a group according to device moving rules.

Device has been removed from the group: inactive on the network for a long time

 

 

4104

 

 

KLSRV_INVISIBLE_HOSTS_REMOVED

 

 

30 days

 

 

 

Files have been found to send to Kaspersky for analysis

4131

KLSRV_APS_FILE_APPEARED

30 days

 

FCM Instance ID has changed on this mobile device

4137

KLSRV_GCM_DEVICE_REGID_CHANGED

30 days

 

Updates have been successfully copied to the specified folder

4122

KLSRV_UPD_REPL_OK

30 days

 

Connection to the secondary Administration Server has been established

4115

KLSRV_EV_SLAVE_SRV_CONNECTED

30 days

 

Connection to the primary Administration Server has been established

4117

KLSRV_EV_MASTER_SRV_CONNECTED

30 days

 

Databases have been updated

4144

KLSRV_UPD_BASES_UPDATED

30 days

 

Audit: Connection to the Administration Server has been established

4147

KLAUD_EV_SERVERCONNECT

30 days

 

Audit: Object has been modified

4148

KLAUD_EV_OBJECTMODIFY

30 days

This event tracks changes in the following objects:

  • Administration group
  • Security group
  • User
  • Package
  • Task
  • Policy
  • Server
  • Virtual Server

Audit: Object status has changed

4150

KLAUD_EV_TASK_STATE_CHANGED

30 days

For example, this event occurs when a task has failed with an error.

Audit: Group settings have been modified

4149

KLAUD_EV_ADMGROUP_CHANGED

30 days

 

Audit: Connection to Administration Server has been terminated

4151

KLAUD_EV_SERVERDISCONNECT

30 days

 

Audit: Object properties have been modified

4152

KLAUD_EV_OBJECTPROPMODIFIED

30 days

This event tracks changes in the following properties:

  • User
  • License
  • Server
  • Virtual server

Audit: User permissions have been modified

4153

KLAUD_EV_OBJECTACLMODIFIED

30 days

 

Audit: Encryption keys have been imported or exported from Administration Server

5100

KLAUD_EV_DPEKEYSEXPORT

30 days

 

Page top