If Kaspersky Scan Engine is configured to write syslog messages in RAW format, the log records about events appear as follows:
<%PRIORITY%>1 %TIMESTAMP% %HTTP_SERVICE_IP% KasperskyHTTPService %HTTP_SERVICE_PID% %MESSAGE_ID% - BOM %MESSAGE%\n
A record has the following fields:
%PRIORITY%Severity level of the event. Possible values:
163This value is specified for errors.
165This value is specified if the scan result is something other than CLEAN.
166This value is specified for service events or if the scan result is CLEAN.
%TIMESTAMP%Date and time of the event in the Coordinated Universal Time (UTC) time zone.
%HTTP_SERVICE_IP%IP address that Kaspersky Scan Engine uses to receive scan requests from clients. If Kaspersky Scan Engine receives scan requests over a UNIX socket, the field contains the host name of the computer that Kaspersky Scan Engine runs on.
%HTTP_SERVICE_PID%PID of Kaspersky Scan Engine.
%MESSAGE_ID%Class of the event. Possible values:
AUDIT_MESSAGEAudit event.
SERVICE_MESSAGEService event.
ERROR_MESSAGEError.
SCAN_RESULT_CLEAN_MESSAGEScanned object is considered clean.
SCAN_RESULT_DETECT_MESSAGEThreat was detected.
SCAN_RESULT_OTHER_MESSAGEObject was not scanned.
%MESSAGE%Description of the event. For example, the text of an error message.