The table below shows the events of Kaspersky Security Center Administration Server that have the Warning importance level.
For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.
Administration Server warning events
Event type display name |
Event type ID |
Event type |
Description |
Default storage term |
---|---|---|---|---|
A frequent event has been detected |
|
KLSRV_EVENT_SPAM_EVENTS_DETECTED |
Events of this type occur when Administration Server detects a frequent event on a managed device. Refer to the following section for details: Blocking frequent events. |
90 days |
License limit has been exceeded |
4098 |
KLSRV_EV_LICENSE_CHECK_100_110 |
Once a day Kaspersky Security Center Linux checks whether a licensing limit is exceeded. Events of this type occur when Administration Server detects that some licensing limits are exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license constitute 100% to 110% of the total number of units covered by the license. Even when this event occurs, client devices are protected. You can respond to the event in the following ways:
Kaspersky Security Center Linux determines the rules to generate events when a licensing limit is exceeded. |
90 days |
Device has remained inactive on the network for a long time |
4103 |
KLSRV_EVENT_HOSTS_NOT_VISIBLE |
Events of this type occur when a managed device shows inactivity for some time. Most often, this happens when a managed device is decommissioned. You can respond to the event in the following ways:
|
90 days |
Conflict of device names |
4102 |
KLSRV_EVENT_HOSTS_CONFLICT |
Events of this type occur when Administration Server considers two or more managed devices as a single device. Most often this happens when a cloned hard drive was used for software deployment on managed devices and without switching the Network Agent to the dedicated disk cloning mode on a reference device. To avoid this issue, switch Network Agent to the disk cloning mode on a reference device before cloning the hard drive of this device. |
90 days |
Device status is Warning
|
4114
|
KLSRV_HOST_STATUS_WARNING
|
Events of this type occur when a managed device is assigned the Warning status. You can configure the conditions under which the device status is changed to Warning.
|
90 days
|
Certificate has been requested |
4133 |
KLSRV_CERTIFICATE_REQUESTED |
Events of this type occur when a certificate for Mobile Device Management fails to be automatically reissued. Following might be the causes and appropriate responses to the event:
|
90 days |
Certificate has been removed |
4134 |
KLSRV_CERTIFICATE_REMOVED |
Events of this type occur when an administrator removes any type of certificate (General, Mail, VPN) for Mobile Device Management. After removing a certificate, mobile devices connected via this certificate will fail to connect to Administration Server. This event might be helpful when investigating malfunctions associated with the management of mobile devices. |
90 days |
APNs certificate has expired |
4135 |
KLSRV_APN_CERTIFICATE_EXPIRED |
Events of this type occur when an APNs certificate expires. You need to manually renew the APNs certificate and install it on an iOS MDM Server. |
Not stored |
APNs certificate expires soon |
4136 |
KLSRV_APN_CERTIFICATE_EXPIRES_SOON |
Events of this type occur when there are fewer than 14 days left before the APNs certificate expires. When the APNs certificate expires, you need to manually renew the APNs certificate and install it on an iOS MDM Server. We recommend that you schedule the APNs certificate renewal in advance of the expiration date. |
Not stored |
Failed to send the FCM message to the mobile device |
4138 |
KLSRV_GCM_DEVICE_ERROR |
Events of this type occur when Mobile Device Management is configured to use Google Firebase Cloud Messaging (FCM) for connecting to managed mobile devices with an Android operating system and FCM Server fails to handle some of the requests received from Administration Server. It means that some of the managed mobile devices will not receive a push notification. Read the HTTP code in the details of the event description and respond accordingly. For more information on the HTTP codes received from FCM Server and related errors, please refer to the Google Firebase service documentation (see chapter "Downstream message error response codes"). |
90 days |
HTTP error sending the FCM message to the FCM server |
4139 |
KLSRV_GCM_HTTP_ERROR |
Events of this type occur when Mobile Device Management is configured to use Google Firebase Cloud Messaging (FCM) for connecting managed mobile devices with the Android operating system and FCM Server reverts to the Administration Server a request with a HTTP code other than 200 (OK). Following might be the causes and appropriate responses to the event:
|
90 days |
Failed to send the FCM message to the FCM server |
4140 |
KLSRV_GCM_GENERAL_ERROR |
Events of this type occur due to unexpected errors on the Administration Server side when working with the Google Firebase Cloud Messaging HTTP protocol. Read the details in the event description and respond accordingly. If you cannot find the solution to an issue on your own, we recommend that you contact Kaspersky Technical Support. |
90 days |
Little free space on the hard drive |
4105 |
KLSRV_NO_SPACE_ON_VOLUMES |
Events of this type occur when the hard drive of the device on which Administration Server is installed almost runs out of free space. Free up disk space on the device. |
90 days |
Little free space in the Administration Server database |
4106 |
KLSRV_NO_SPACE_IN_DATABASE |
Events of this type occur if space in the Administration Server database is too limited. If you do not remedy the situation, soon the Administration Server database will reach its capacity and Administration Server will not function. Following are the causes of this event, depending on the DBMS that you use, and the appropriate responses to the event.
Review the information on DBMS selection. |
90 days |
Connection to the secondary Administration Server has been interrupted |
4116 |
KLSRV_EV_SLAVE_SRV_DISCONNECTED |
Events of this type occur when a connection to the secondary Administration Server is interrupted. Read the operating system log on the device where the secondary Administration Server is installed and respond accordingly. |
90 days |
Connection to the primary Administration Server has been interrupted |
4118 |
KLSRV_EV_MASTER_SRV_DISCONNECTED |
Events of this type occur when a connection to the primary Administration Server is interrupted. Read the operating system log on the device where the primary Administration Server is installed and respond accordingly. |
90 days |
New updates for Kaspersky software modules have been registered |
4141 |
KLSRV_SEAMLESS_UPDATE_REGISTERED |
Events of this type occur when Administration Server registers new updates for the Kaspersky software installed on managed devices that require approval to be installed. Approve or decline the updates by using Kaspersky Security Center Web Console. |
90 days |
The limit on the number of events in the database is exceeded, deletion of events has started |
4145 |
KLSRV_EVP_DB_TRUNCATING |
Events of this type occur when deletion of old events from the Administration Server database has started after the Administration Server database capacity is reached. You can respond to the event in the following ways: |
Not stored |
The limit on the number of events in the database is exceeded, the events have been deleted |
4146 |
KLSRV_EVP_DB_TRUNCATED |
Events of this type occur when old events have been deleted from the Administration Server database after the Administration Server database capacity is reached. You can respond to the event in the following ways: |
Not stored |
Audit: Test connection to SIEM server failed |
5120 |
KLAUD_EV_SIEM_TEST_FAILED |
Events of this type occur when an automatic connection test to the SIEM server failed. |
90 days |