Trace files of management plug-ins

Trace files of web plug-ins

If you use the Kaspersky Security Center Web Console to manage Kaspersky Security solution components, information about events that occur during operation of the management web plug-ins may be written to the trace files of the web plug-ins:

Web plug-in trace files are created automatically if logging to the Kaspersky Security Center Web Console activity log was enabled during installation of Kaspersky Security Center Web Console. For more information, refer to the Kaspersky Security Center Help.

Web plug-in trace files are saved in the Kaspersky Security Center Web Console installation folder in the logs subfolder:

• /var/opt/kaspersky/ksc-web-console/logs – on devices with Linux operating systems
• %ProgramFiles%\Kaspersky Lab\Kaspersky Security Center Web Console\logs – on devices with Windows operating systems

The following information may be stored in the Integration Server web plug-in trace file:

• Diagnostic information about the operation of the Integration Server Web Console.
• Address of the device hosting the Kaspersky Security Center Administration Server.
• Port numbers for interaction with the Kaspersky Security Center Administration Server through the Kaspersky Security Center Network Agent.
• Description of exclusions and errors that occurred when working with internal subsystems and external services.
• Names of internal Integration Server accounts.
• Names of user accounts that are used to connect the Integration Server to virtual infrastructure objects.
• Certificate for establishing the connection to the Integration Server.
• Depending on the type of virtual infrastructure:
  • IP addresses or fully qualified domain names (FQDN) and names of hypervisors or virtual infrastructure administration servers to which the Integration Server connects.
  • IP addresses or fully qualified domain names (FQDN) of the Keystone microservice or other cloud infrastructure microservices to which the Integration Server connects.
  • Information about hypervisors needed to manage SVMs (including IDs and names of OpenStack domains and OpenStack projects).
  • Information about OpenStack domains and OpenStack projects needed for managing SVMs.
• Address of the VMware NSX Manager.
• Information about virtual machines (including IP addresses, IDs, and names of virtual machines).
• Settings for connecting Light Agents to SVMs.
• If Kaspersky Security is used in multitenancy mode:
  • information about tenants registered in the Integration Server database (tenant names, IDs, descriptions, and other information specified by the administrator of the cybersecurity service provider)
  • information about Kaspersky Security Center virtual Administration Servers (including their IDs, directory structure, and names of administrator accounts of virtual servers)
  • Information about virtual machines of tenants: virtual machine names, IDs, IP addresses, and the time periods during which the Light Agent was connected to the SVM

The following information may be stored in the Protection Server web plug-in trace file:

• Diagnostic information about the operation of the Protection Server web plug-in.
• Description of exclusions and errors that occurred when working with internal subsystems and external services.
• Certificate for connecting the SVM to the Integration Server.
• Encrypted private key for establishing a secure connection between the Light Agent and the Protection Server.
• Policy settings.

Trace files of MMC plug-ins

If you use the Kaspersky Security Center Administration Console to manage Kaspersky Security solution components, information about events that occur during operation of the management MMC plug-ins may be written to the following files on the device where the Kaspersky Security Center Administration Server is installed:

• Trace file of the MMC plug-in for managing the Protection Server. This file contains information about the events that occur during the plug-in operation, in particular, about the operation of the Protection Server policy and tasks. The file is named KSVLA.<version of the solution>_<file creation date and time>_<process ID (PID)>.SVM.log.
• Trace files for management MMC plug-ins for Light Agent for Linux and Light Agent for Windows (applications running in Light Agent mode). These files record information about events that occur during operation of the plug-ins, in particular, about the Light Agent policy and tasks. The file names contain the application version number, the date and time the file was created, and the process identifier (PID).

By default, trace files of Kaspersky Security MMC plug-ins are not created. You can create all trace files of the MMC plug-ins by using the registry keys. Contact Technical Support representatives for detailed information on how to create trace files.

All created MMC plug-in trace files are located in the %ProgramData%\Kaspersky Lab\Plugins\ folder.

In addition to general data, the following information may be saved in the trace file of the Protection Server MMC management plug-in:

• Paths to files of the solution.
• Settings for connecting SVMs to the Integration Server:
  • User name and password (whether the password is recorded in trace files is controlled by the settings in the ScanServer.conf configuration file).
  • Certificate for establishing the connection.
• Protection settings of the connection between the Light Agent and the Protection Server:
  • Encrypted certificate for estblishing a connection.
  • Encrypted private key.
• Headers and bodies of HTTP requests that are sent and received by the Protection Server management plug-in.
• Settings of policies and tasks for the Protection Server.
• Information about plug-in modules being loaded.
• Information about plug-in methods being called.

Access to trace files of management plug-ins is restricted. For full access, you need system administrator or local administrator rights. User accounts have read-only access.

Page top