Configuring logging in ICAP mode

In ICAP mode, Kaspersky Scan Engine can log its activity. Logging settings are specified in the icapdkavlog.conf configuration file (hereinafter referred to as the logging configuration file), located in the /opt/kaspersky/ScanEngine/bin directory.

You can change the logging settings after the kavicapd service is started.

Elements of the logging configuration file

Logging—The root element of the file. This element has two child elements: DebugLogging and SyslogLogging.

DebugLogging Section

SyslogLogging Section

Kaspersky Scan Engine can write debug logs and send syslog messages at the same time or separately.

Structure of the logging configuration file

Following is an example of a logging configuration file:

<?xml version="1.0"?>

<Logging>s

<DebugLogging>

<Level>debug</Level>

<File size_limit="10" folder="./logs/scanevents" clear_folder="1"/>

</DebugLogging>

<SyslogLogging>

<SyslogEnabled>1</SyslogEnabled>

<Syslog destination="udp://192.168.1.1" format="cef">

<LoggedEvent>ScanResultClean</LoggedEvent>

<LoggedEvent>ScanResultDetect</LoggedEvent>

</Syslog>

<Syslog destination="localhost" format="raw">

<LoggedEvent>ScanResultOther</LoggedEvent>

</Syslog>

<Syslog destination="/opt/kav/sdk8l3/logs" format="raw">

<LoggedEvent>Engine</LoggedEvent>

</Syslog>

</SyslogLogging>

</Logging>

Page top