If Kaspersky Scan Engine is configured to write syslog messages in RAW format, the log records about events appear as follows:
<%PRIORITY%>1 %TIMESTAMP% %HTTP_SERVICE_IP% KasperskyHTTPService %HTTP_SERVICE_PID% %MESSAGE_ID% - BOM %MESSAGE%\n
A record has the following fields:
%PRIORITY%
Severity level of the event. Possible values:
163
This value is specified for errors.
165
This value is specified if the scan result is something other than CLEAN
.
166
This value is specified for service events or if the scan result is CLEAN
.
%TIMESTAMP%
Date and time of the event in the Coordinated Universal Time (UTC) time zone.
%HTTP_SERVICE_IP%
IP address that Kaspersky Scan Engine uses to receive scan requests from clients. If Kaspersky Scan Engine receives scan requests over a UNIX socket, the field contains the host name of the computer that Kaspersky Scan Engine runs on.
%HTTP_SERVICE_PID%
PID of Kaspersky Scan Engine.
%MESSAGE_ID%
Class of the event. Possible values:
AUDIT_MESSAGE
Audit event.
SERVICE_MESSAGE
Service event.
ERROR_MESSAGE
Error.
SCAN_RESULT_CLEAN_MESSAGE
Scanned object is considered clean.
SCAN_RESULT_DETECT_MESSAGE
Threat was detected.
SCAN_RESULT_OTHER_MESSAGE
Object was not scanned.
%MESSAGE%
Description of the event. For example, the text of an error message.