Trace files of the Linux-based Integration Server

Information about the operation of the Linux-based Integration Server can be logged in the following trace files:

• /var/log/kaspersky/viis/service.log – Integration Server trace file.
• /var/log/kaspersky/viis/SvmManagement/sm_<file creation date>.log – trace file for the deployment, reconfiguration, and deletion of SVMs using the REST API of the Linux-based Integration Server

By default, logging of information to trace files is disabled.

You can enable or disable logging of information to the Linux-based Integration Server trace files and configure tracing using the /var/opt/kaspersky/viis/common/appsettings.logging.json configuration file.

A privileged account is required to edit the configuration file.

To enable logging of information to the trace files of the Linux-based Integration Server:

1. Open the /var/opt/kaspersky/viis/common/appsettings.logging.json file.
2. In the LogLevel section, set the overall level of detail in the trace files. To do this, specify one of the following values for the Default setting:
   • Error to log information about errors that can make the component partially inoperable.
   • Warning to log information about errors that do not prevent the component from working.
   • Information to log informational messages.
   • Debug to log debug messages used by developers, without tracing.
   • Trace to log debug messages used by developers, with tracing.

   The default setting is None (logging of information in trace files is disabled).

3. In the rules section, set the level of detail for each trace file in the Service (trace file of the Integration Server) and SvmManagement (trace file of SVM deployment, configuration and removal procedures) subsections. To do this, specify a value other than None for the minlevel setting. The default value is None.
4. Save the /var/opt/kaspersky/viis/common/appsettings.logging.json file.

The new settings are applied without restarting the Integration Server.

By default, trace files are moved to the archival directory (/var/log/kaspersky/viis/archives):

• Integration Server trace files are moved to the archive when the file size reaches 50 MB.
• Trace files of deployment, reconfiguration, and deletion procedures are archived daily.

The archive contains up to 20 Integration Server trace files and up to 10 trace files for SVM deployment, reconfiguration, and deletion procedures. When this number is reached, older files are deleted.

You can configure the archival of trace files in the /var/opt/kaspersky/viis/common/appsettings.logging.json configuration file. Contact Technical Support representatives for details.

Access to the trace file directory and the archival directory is restricted. Administrator rights (root, sudoers) are required for access.

If you change the default directory for storing trace files, Kaspersky Security does not control access to trace files. We recommend protecting the information from unauthorized access.

Data in the Integration Server trace file

In addition to the general data, the following information may be saved in the trace file of a Linux-based Integration Server:

• Headers and contents of HTTP requests that are sent and received by the Integration Server during its operation.
• Paths to files of the solution.
• Paths to the SVM image description file and to the Kaspersky Security Center Network Agent package (may include personal data, for example, the last name and first name if this information is part of the path).
• Depending on the type of virtual infrastructure:
  • IP addresses or fully qualified domain names (FQDN) and names of hypervisors or virtual infrastructure administration servers to which the Integration Server connects.
  • IP addresses or fully qualified domain names (FQDN) of the Keystone microservice or other cloud infrastructure microservices to which the Integration Server connects.
  • Information about hypervisors needed for managing SVMs.
  • Information about OpenStack domains and OpenStack projects needed to manage SVMs (including IDs and names of OpenStack domains and OpenStack projects).
• IP address of the VMware NSX Manager and security tags assigned to protected virtual machines.
• Information about virtual machines (including IP addresses, IDs, and names of virtual machines).
• Names of internal Integration Server accounts.
• Names of user accounts that are used to connect the Integration Server to virtual infrastructure objects and the Kaspersky Security Center.
• Address of the device hosting the Kaspersky Security Center Administration Server
• IP address of the device hosting the Kaspersky Security Center Administration Console.
• Settings for connecting Light Agents to SVMs
• Fingerprints of certificates of virtual infrastructure objects.
• If Kaspersky Security is used in multitenancy mode:
  • information about tenants registered in the Integration Server database (including tenant names, IDs, descriptions, and other information specified by the administrator of the cybersecurity service provider)
  • information about Kaspersky Security Center virtual Administration Servers (including their IDs, directory structure, and names of administrator accounts of virtual servers)
  • Information about virtual machines of tenants: virtual machine names, IDs, IP addresses, and the time periods during which the Light Agent was connected to the SVM

Data in the trace file of SVM deployment, configuration, and removal procedures

In addition to the general data, the following information may be saved in the trace file of SVM deployment, configuration, and removal procedures using the Linux-based Integration Server REST API:

• Headers and contents of HTTP requests that are sent and received by the Integration Server during its operation.
• Depending on the type of virtual infrastructure:
  • IP addresses or fully qualified domain names (FQDN) and names of hypervisors or virtual infrastructure administration servers to which the Integration Server connects.
  • IP addresses or fully qualified domain names (FQDN) of the Keystone microservice or other cloud infrastructure microservices to which the Integration Server connects.
  • Information about hypervisors needed for managing SVMs.
  • Information about OpenStack domains and OpenStack projects needed to manage SVMs (including IDs and names of OpenStack domains and OpenStack projects).
• Fingerprints of certificates of virtual infrastructure objects.
• Address of the VMware NSX Manager.
• Information about SVMs required for management (including SVM names and IDs, MAC addresses, and the path to the SVM in the hierarchy of the virtual infrastructure).
• If Kaspersky Security is used in multitenancy mode: information about tenants and a list of Kaspersky Security Center virtual Administration Servers.
• Additionally, in the trace file of the SVM deployment procedure:
  • Name of the account used for connecting to the virtual infrastructure.
  • For deployments on the VMware vSphere platform:
    • A list of all VMware ESXi hypervisors managed by a single VMware vCenter Server, their state, the protection status and privileges of the account used to connect to the VMware vCenter Server.
    • A list of VMware ESXi hypervisors that were selected for SVM deployment, and their versions.
  • Path to the SVM image file and information about the SVM image (may include personal data, for example, the last name and first name, if this information is part of the path).
  • SVM image validation status.
  • Path to the installer of the Kaspersky Security Center Network Agent (may include personal data, for example, the last name and first name if this information is part of the path).
  • Other SVM settings that the user specified during deployment (including the address of Kaspersky Security Center and IP addressing settings for the SVM).
  • SVM configuration commands (commands executed over SSH under the klconfig account), including command line arguments, except for passwords.
• Additionally, in the trace file of the SVM reconfiguration procedure:
  • Information on whether or not the reconfiguration will change:
    • Settings of accounts for connecting to SVMs.
    • List of virtual networks used by SVMs.
    • IP addressing settings for SVMs.
  • Address of the device hosting the Kaspersky Security Center Administration Server.
  • SVM configuration commands (commands executed over SSH under the klconfig account), including command line arguments, except for passwords.
• Additionally, in the trace file of the SVM removal procedure, address of the device hosting the Kaspersky Security Center Administration Server.

Page top