Event notifications displayed by running an executable file

Kaspersky Security Center Linux can notify the administrator about events on client devices by running an executable file. The executable file must contain another executable file with Environment variables of the event to be relayed to the administrator (see the table below).

Environment variables for describing an event

Environment variable

Environment variable description

$SEVERITY

Event severity. Possible values:

  • Info
  • Warning
  • Error
  • Critical

$COMPUTER

Name of the device where the event occurred.

Maximum length of the device name is 256 characters.

$DOMAIN

Domain name of the device where the event occurred.

$EVENT

Name of the event type.

Maximum length of the event type name is 50 characters.

$DESCR

Event description.

Maximum length of the description is 1000 characters.

$RISE_TIME

Event creation time.

$KLCSAK_EVENT_TASK_DISPLAY_NAME

Task name.

Maximum length of the task name is 100 characters.

$KL_PRODUCT

Application name.

$KL_VERSION

Application version number.

$KLCSAK_EVENT_SEVERITY_NUM

Event severity number. Possible values:

  • 1—Info
  • 2—Warning
  • 3—Error
  • 4—Critical

$HOST_IP

IP address of the device where the event occurred.

$HOST_CONN_IP

Connection IP address of the device where the event occurred.

Example:

Event notifications are sent by an executable file (such as script1.bat) inside which another executable file (such as script2.bat) with the $COMPUTER environment variable is launched. When an event occurs, the script1.bat file is run on the administrator's device, which, in turn, runs the script2.bat file with the $COMPUTER environment variable. The administrator then receives the name of the device where the event occurred.

Page top