In ICAP mode, Kaspersky Scan Engine can log its activity. Logging settings are specified in the icapdkavlog.conf configuration file (hereinafter referred to as the logging configuration file), located in the /opt/kaspersky/ScanEngine/bin directory.
You can change the logging settings after the kavicapd service is started.
Elements of the logging configuration file
Logging—The root element of the file.Level—Specifies the logging level. Possible values:
none or non Logging is disabled.
debug or dbgDebug level. At this logging level, Kaspersky Scan Engine logs information that can help identify problems, such as changes in the state of a proxy server connection or return values of Kaspersky Scan Engine functions.
The default value is none.
Target—The parent element for parameters that specify where logs must be written.File—Indicates that logs are written directly to log files. It also specifies the properties of log files. This element has the following attributes:
size_limit—Specifies the maximum possible size of a log file, in megabytes (MB).If the value of this attribute is 0, the log file has no size limit.
The default value is 0.
folder—Specifies the directory where log files are stored.The path can be absolute or relative. The relative path is specified relative to the directory that holds the kavicapd executable file.
The default value is ./logs.
clear_folder—Specifies whether Kaspersky Scan Engine must delete old logs on initialization.If the value of this parameter is 1, yes, true, on, or enabled, Kaspersky Scan Engine deletes old log files. If the value of this parameter is 0, no, false, off, or disabled, Kaspersky Scan Engine does not delete old log files.
The default value is 0.
Generated log files are named as follows: icapdkav_<pid>_<date_time>_<log_number>.log, where <pid> is the PID of the process, <date_time> is local system date in the YYYY-MM-DDhhmmss format, and <log_number> is the number of the log (this parameter is appended to the file name only if the icapdkav_<pid>_<date_time>.log log file already exists).
SyslogLogging is a parent element that contains setting for logs that are redirected to syslogd. SyslogEnabled—Specifies whether the Kaspersky Scan Engine sends syslog messages.Possible values:
0, false, no, off, or disabledDisables sending of syslog messages.
Enables sending of syslog messages.
Syslog specifies settings related to syslog messages. This element has the following attributes:
destination—Specifies the destination address for syslog messages.Possible values:
%PROTOCOL%%IP%:%PORT%, where: %PROTOCOL% is a network protocol (use tcp:// or udp:// for this value). %IP% is an IPv4 address that receives syslog messages. %PORT% is a port that receives syslog messages. If you do not specify a protocol as described above, Kaspersky Scan Engine will use the UDP protocol.
localhost—Indicates that syslog messages are redirected to syslogd.The directory contains the icapdkav_syslog.log file. Log files with syslog messages created by previous sessions are not removed. If the directory contains an old file, Kaspersky Scan Engine writes new information to this file without deleting the old data.
format—Specifies the format of syslog messages.Possible values:
cef—Specifies the cef format of syslog messages. raw—Specifies the raw format of of syslog messages. The raw value is used when the value specified in this element is not cef or raw, or no value is specified in this element, or if the logging configuration file does not contain the SyslogFormat parameter.Kaspersky Scan Engine can write debug logs and send syslog messages at the same time or separately.
Sending syslog messages is available starting from Kaspersky Scan Engine version 1.0.1.51.
Structure of the logging configuration file
Following is an example of a logging configuration file:
<?xml version="1.0"?> <Logging> <DebugLogging> <Level>debug</Level> <File size_limit="10" folder="./logs" clear_folder="1"/> </DebugLogging> <SyslogLogging> <SyslogEnabled>%ENABLED%</SyslogEnabled> <Syslog destination=”%IP:PORT%|localhost|Path” format=”cef|raw”/> </SyslogLogging> </Logging> |