Trace files of management plug-ins

Trace files of web plug-ins

If you use the Kaspersky Security Center Web Console to manage Kaspersky Security solution components, information about events that occur during operation of the management web plug-ins may be written to the trace files of the web plug-ins:

Web plug-in trace files are created automatically if logging to the Kaspersky Security Center Web Console activity log was enabled during installation of Kaspersky Security Center Web Console. For more information, refer to the Kaspersky Security Center Help of the relevant version.

Web plug-in trace files are saved in the Kaspersky Security Center Web Console installation folder in the logs subfolder:

• /var/opt/kaspersky/ksc-web-console/logs – on devices with Linux operating systems
• %ProgramFiles%\Kaspersky Lab\Kaspersky Security Center Web Console\logs – on devices with Windows operating systems

The following information may be stored in the Integration Server web plug-in trace file:

• Diagnostic information about the operation of the Integration Server Web Console.
• Description of exclusions and errors that occurred when working with internal subsystems and external services.
• Certificate for establishing the connection to the Integration Server.

The following information may be stored in the Protection Server web plug-in trace file:

• Diagnostic information about the operation of the Protection Server web plug-in.
• Description of exclusions and errors that occurred when working with internal subsystems and external services.
• Certificate for connecting the SVM to the Integration Server.
• Encrypted private key for establishing a secure connection between the Light Agent and the Protection Server.
• Policy settings.

Trace files of MMC plug-ins

If you use the Kaspersky Security Center Administration Console to manage Kaspersky Security solution components, information about events that occur during operation of the management MMC plug-ins may be written to the following files on the device where the Kaspersky Security Center Administration Server is installed:

• Trace file of the MMC plug-in for managing the Protection Server. This file contains information about the events that occur during the plug-in operation, in particular, about the operation of the Protection Server policy and tasks. The file is named KSVLA.<version of the solution>_<file creation date and time>_<process ID (PID)>.SVM.log.
• Trace files for management MMC plug-ins for Light Agent for Linux and Light Agent for Windows (applications running in Light Agent mode). These files record information about events that occur during operation of the plug-ins, in particular, about the Light Agent policy and tasks. The file names contain the application version number, the date and time the file was created, and the process identifier (PID).

By default, trace files of Kaspersky Security MMC plug-ins are not created.

To enable the creation of MMC plug-in trace files:

1. On the device where the Kaspersky Security Center Administration Console is installed, open the Windows registry editor and go to the following key:
   • HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\Products\SVM\<version number>\Settings\ – for 32-bit operating systems
   • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\KasperskyLab\Components\34\Products\SVM\<version number>\Settings\ – for 64-bit operating systems

   where <version number> is the number of the installed version of the Kaspersky Security solution, in X.X.X.X format.

   Administrator rights are required to edit trace settings.

2. In the TraceLevel value, specify the tracing level for MMC plug-in trace files. Possible values:
   • 0 – creation of trace files is disabled.
   • 100: "Always" – informational messages about MMC plug-ins being started and stopped.
   • 200: "Critical" – messages about critical errors, which can result in the MMC plug-ins being stopped.
   • 300: "Error" – messages about errors, which can result in partial inoperability of MMC plug-ins.
   • 400: "Danger" – warnings about the possibility of critical errors.
   • 500: "Warning" – warnings about possible errors.
   • 600: "Important" – important messages.
   • 700: "Information" – informational messages.
   • 800: "Debug": debug messages used by developers.
   • 900: "Paranoiac" – debug messages with more detailed information used by developers.
   • 1000: "Any" – all possible messages and warnings.

Technical Support staff can share more detailed information about creating MMC plug-in trace files.

All created MMC plug-in trace files are located in the %ProgramData%\Kaspersky Lab\Plugins\ folder.

In addition to general data, the following information may be saved in the trace file of the Protection Server MMC management plug-in:

• Paths to files of the solution.
• Settings for connecting SVMs to the Integration Server:
  • User name and password (whether the password is recorded in trace files is controlled by the settings in the ScanServer.conf configuration file).
  • Certificate for establishing the connection.
• Protection settings of the connection between the Light Agent and the Protection Server:
  • Encrypted certificate for establishing a connection.
  • Encrypted private key.
• Headers and bodies of HTTP requests that are sent and received by the Protection Server management plug-in.
• Settings of policies and tasks for the Protection Server.
• Information about plug-in modules being loaded.
• Information about plug-in methods being called.

Access to trace files of management plug-ins is restricted. For full access, you need system administrator or local administrator rights. User accounts have read-only access.

Page top