Logging

By default, logging in Kaspersky Scan Engine is disabled.

If you want to enable logging, we recommend that you configure logging to a mounted directory as described below.

To enable logging:

  1. Make sure that you create all necessary files and directories on the host computer when preparing the environment. Specifically, %CONFIGURATION_FILES_DIRECTORY% and %LICENSE_FILE_DIRECTORY% must be created. For the Kaspersky Scan Engine GUI, %KEY_FILE_DIRECTORY% is also necessary. All users should have read access to these directories. Unprivileged users should not have write access to these directories.
  2. On the host computer, create the directories for the debug log files (further referred to as %LOGS_DIRECTORY%) and for log files with syslog messages (further referred to as %SYSLOGS_DIRECTORY%). All users should have write access to these directories.
  3. From the Kaspersky Scan Engine distribution kit, copy one of the following files to %CONFIGURATION_FILES_DIRECTORY%:
    • For HTTP mode: httpdkavlog.ini
    • For ICAP mode: icapdkavlog.conf

    Kaspersky Scan Engine sets the logging settings of Kaspersky Anti-Virus Engine specified in the kave.ini file to be the same as those specified in icapdkavlog.conf (for ICAP mode) or httpdkavlog.ini (for HTTP mode).

  4. Make the following changes in httpdkavlog.ini (for HTTP mode only):
    • To enable debug logging, specify 1 in LogLevel.
    • For Kaspersky Scan Engine to write logs to %LOGS_DIRECTORY%, specify ${LOGS_PATH} in LogFolder.
    • To enable Syslog logging, specify 1 in SyslogEnabled.
    • For Kaspersky Scan Engine to write syslog messages to the files in %SYSLOGS_DIRECTORY%, specify ${SYSLOGS_PATH} in SyslogTarget.

      Below is an example of httpdkavlog.ini:

      [DebugLogging]

      LogLevel=1

      LogFolder=${LOGS_PATH}

      [SyslogLogging]

      SyslogEnabled=1

      [SyslogDestination]

      SyslogFormat=cef

      SyslogTarget=${SYSLOGS_PATH}

      SyslogEvents=audit;license;update

      If you do not want Kaspersky Scan Engine to write logs to a mounted directory, do not change the LogsFolder or SyslogTarget values. By default, if logging is enabled, Kaspersky Scan Engine writes logs to the container.

  5. Make the following changes in icapdkavlog.conf (for ICAP mode only):
    • To enable debug logging, specify debug or dbg in DebugLogging > Level.
    • For Kaspersky Scan Engine to write logs to %LOGS_DIRECTORY%, specify ${LOGS_PATH} in the folder attribute of the DebugLogging > File element.
    • To enable Syslog logging, specify 1 in SyslogLogging > SyslogEnabled.
    • For Kaspersky Scan Engine to write syslog messages to the files in %SYSLOGS_DIRECTORY%, specify ${SYSLOGS_PATH} in the destination attribute of the Syslog element.

      Below is an example of icapdkavlog.conf:

      <?xml version="1.0"?>

      <Logging>

      <DebugLogging>

      <Level>debug</Level>

      <File size_limit="10" folder="${LOGS_PATH}" clear_folder="1"/>

      </DebugLogging>

      <SyslogLogging>

      <SyslogEnabled>1</SyslogEnabled>

      <Syslog destination="${SYSLOGS_PATH}" format="raw">

      <LoggedEvent>ScanResultClean</LoggedEvent>

      <LoggedEvent>ScanResultDetect</LoggedEvent>

      </Syslog>

      </SyslogLogging>

      </Logging>

      If you do not want Kaspersky Scan Engine to write logs to a mounted directory, do not change the DebugLogging > File or Syslog elements. By default, if logging is enabled, Kaspersky Scan Engine writes logs to the container.

  6. When running Kaspersky Scan Engine Docker containers, make sure to specify the -v option to mount the directories from the host computer.

    Each Kaspersky Scan Engine Docker container writes logs to its own directory in %LOGS_DIRECTORY% and %SYSLOGS_DIRECTORY%.

If you configured logging to a mounted directory, we recommend that you use logrotate to reduce space taken by log files on the host computer.

Page top