By default, logging in Kaspersky Scan Engine is disabled.
If you want to enable logging, we recommend that you configure logging to a mounted directory as described below.
To enable logging:
%CONFIGURATION_FILES_DIRECTORY%
and %LICENSE_FILE_DIRECTORY%
must be created. For the Kaspersky Scan Engine GUI, %KEY_FILE_DIRECTORY%
is also necessary. All users should have read access to these directories. Unprivileged users should not have write access to these directories.%LOGS_DIRECTORY%
) and for log files with syslog messages (further referred to as %SYSLOGS_DIRECTORY%
). All users should have write access to these directories.%CONFIGURATION_FILES_DIRECTORY%
:Kaspersky Scan Engine sets the logging settings of Kaspersky Anti-Virus Engine specified in the kave.ini file to be the same as those specified in icapdkavlog.conf (for ICAP mode) or httpdkavlog.ini (for HTTP mode).
1
in LogLevel
.%LOGS_DIRECTORY%
, specify ${LOGS_PATH}
in LogFolder
.1
in SyslogEnabled
.%SYSLOGS_DIRECTORY%
, specify ${SYSLOGS_PATH}
in SyslogTarget
.Below is an example of httpdkavlog.ini:
[DebugLogging]
LogLevel=1
LogFolder=${LOGS_PATH}
[SyslogLogging]
SyslogEnabled=1
[SyslogDestination]
SyslogFormat=cef
SyslogTarget=${SYSLOGS_PATH}
SyslogEvents=audit;license;update
If you do not want Kaspersky Scan Engine to write logs to a mounted directory, do not change the LogsFolder
or SyslogTarget
values. By default, if logging is enabled, Kaspersky Scan Engine writes logs to the container.
debug
or dbg
in DebugLogging > Level
.%LOGS_DIRECTORY%
, specify ${LOGS_PATH}
in the folder
attribute of the DebugLogging > File
element.1
in SyslogLogging > SyslogEnabled
.%SYSLOGS_DIRECTORY%
, specify ${SYSLOGS_PATH}
in the destination
attribute of the Syslog
element.Below is an example of icapdkavlog.conf:
<?xml version="1.0"?>
<Logging>
<DebugLogging>
<Level>debug
</Level>
<File size_limit="10" folder="${LOGS_PATH}
" clear_folder="1"/>
</DebugLogging>
<SyslogLogging>
<SyslogEnabled>1
</SyslogEnabled>
<Syslog destination="${SYSLOGS_PATH}
" format="raw">
<LoggedEvent>ScanResultClean</LoggedEvent>
<LoggedEvent>ScanResultDetect</LoggedEvent>
</Syslog>
</SyslogLogging>
</Logging>
If you do not want Kaspersky Scan Engine to write logs to a mounted directory, do not change the DebugLogging > File
or Syslog
elements. By default, if logging is enabled, Kaspersky Scan Engine writes logs to the container.
-v
option to mount the directories from the host computer.Each Kaspersky Scan Engine Docker container writes logs to its own directory in %LOGS_DIRECTORY%
and %SYSLOGS_DIRECTORY%
.
If you configured logging to a mounted directory, we recommend that you use logrotate to reduce space taken by log files on the host computer.
Page top