Administration Server informational events

The table below shows the events of Kaspersky Security Center Administration Server that have the Info importance level.

For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.

Administration Server informational events

Event type display name

Event type ID

Event type

Description

Default storage term

Over 90% of the license key is used up

4097

KLSRV_EV_LICENSE_CHECK_90

Events of this type occur when Administration Server detects that some licensing limits are close to being exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license constitute over 90% of the total number of units covered by the license.

Even when a licensing limit is exceeded, client devices are protected.

You can respond to the event in the following ways:

  • Look through the managed devices list. Delete devices that are not in use.
  • Provide a license for more devices (add a valid activation code or a key file to Administration Server).

Kaspersky Security Center Linux determines the rules to generate events when a licensing limit is exceeded.

30 days

New device has been detected

4100

KLSRV_EVENT_HOSTS_NEW_DETECTED

Events of this type occur when new networked devices have been discovered.

30 days

Device has been automatically added to the group

4101

KLSRV_EVENT_HOSTS_NEW_REDIRECTED

Events of this type occur when devices have been assigned to a group according to device moving rules.

30 days

Device has been automatically moved according to a rule

1074

KLSRV_HOST_MOVED_WITH_RULE_EX

Events of this type occur when devices have been moved to administration groups by using device moving rules.

30 days

Device has been removed from the group: inactive on the network for a long time

 

 

 

 

4104

 

 

KLSRV_INVISIBLE_HOSTS_REMOVED

 

 

Events of this type occur when devices have been automatically removed from a group for inactivity.

 

 

 

 

 

30 days

 

 

FCM Instance ID has changed on this mobile device

4137

KLSRV_GCM_DEVICE_REGID_CHANGED

Events of this type occur when the Firebase Cloud Messaging token has changed on the device.

For information on the FCM token rotation, please refer to the Firebase service documentation.

30 days

Updates have been successfully copied to the specified folder

4122

KLSRV_UPD_REPL_OK

Events of this type occur when the Download updates to the Administration Server repository task finishes copying files to a specified folder.

30 days

Connection to the secondary Administration Server has been established

4115

KLSRV_EV_SLAVE_SRV_CONNECTED

Refer to the following topic for details: Creating a hierarchy of Administration Servers: adding a secondary Administration Server.

30 days

Connection to the primary Administration Server has been established

4117

KLSRV_EV_MASTER_SRV_CONNECTED

 

30 days

Files have been found to send to Kaspersky for analysis

4131

KLSRV_APS_FILE_APPEARED

 

30 days

Databases have been updated

4144

KLSRV_UPD_BASES_UPDATED

Events of this type occur when the Download updates to the Administration Server repository task finishes updating databases.

30 days

Audit: Connection to the Administration Server has been established

4147

KLAUD_EV_SERVERCONNECT

 

30 days

Audit: Object has been modified

4148

KLAUD_EV_OBJECTMODIFY

This event tracks changes in the following objects:

  • Administration group
  • Security group
  • User
  • Package
  • Task
  • Policy
  • Server
  • Virtual Server

30 days

Audit: Object status has changed

4150

KLAUD_EV_TASK_STATE_CHANGED

For example, this event occurs when a task has failed with an error.

30 days

Audit: Group settings have been modified

4149

KLAUD_EV_ADMGROUP_CHANGED

Events of this type occur when a security group has been edited.

30 days

Audit: Connection to Administration Server has been terminated

4151

KLAUD_EV_SERVERDISCONNECT

 

30 days

Audit: Object properties have been modified

4152

KLAUD_EV_OBJECTPROPMODIFIED

This event tracks changes in the following properties:

  • User
  • License
  • Server
  • Virtual server

30 days

Audit: User permissions have been modified

4153

KLAUD_EV_OBJECTACLMODIFIED

 

30 days

Audit: Encryption keys have been imported or exported from Administration Server

5100

KLAUD_EV_DPEKEYSEXPORT

For example, this event occurs during migration.

30 days

Audit: Test connection to SIEM server succeeded

5110

KLAUD_EV_SIEM_TEST_SUCCESS

Events of this type occur when a test connection to the SIEM server succeeded.

30 days

Page top