Kaspersky Security Center Linux can notify the administrator about events on client devices by running an executable file. The executable file must contain another executable file with Environment variables of the event to be relayed to the administrator (see the table below).
Environment variables for describing an event
Environment variable |
Environment variable description |
|---|---|
$SEVERITY |
Event severity. Possible values:
|
$COMPUTER |
Name of the device where the event occurred. Maximum length of the device name is 256 characters. |
$DOMAIN |
Domain name of the device where the event occurred. |
$EVENT |
Name of the event type. Maximum length of the event type name is 50 characters. |
$DESCR |
Event description. Maximum length of the description is 1000 characters. |
$RISE_TIME |
Event creation time. |
$KLCSAK_EVENT_TASK_DISPLAY_NAME |
Task name. Maximum length of the task name is 100 characters. |
$KL_PRODUCT |
Application name. |
$KL_VERSION |
Application version number. |
$KLCSAK_EVENT_SEVERITY_NUM |
Event severity number. Possible values:
|
$HOST_IP |
IP address of the device where the event occurred. |
$HOST_CONN_IP |
Connection IP address of the device where the event occurred. |
Example: Event notifications are sent by an executable file (such as script1.bat) inside which another executable file (such as script2.bat) with the $COMPUTER environment variable is launched. When an event occurs, the script1.bat file is run on the administrator's device, which, in turn, runs the script2.bat file with the $COMPUTER environment variable. The administrator then receives the name of the device where the event occurred. |