Downloading Kaspersky Anti Targeted Attack Platform logs

If necessary, you can download the system log files of Kaspersky Anti Targeted Attack Platform. To do so, you must get the information about the application's operation using the kata-collect script.

To get the information about the application's operation using the kata-collect script.

1. Sign in to the management console of the server for which you want to get information over SSH or through a terminal.

   If you are using Kaspersky Anti Targeted Attack Platform in distributed solution and multitenancy mode, you need to perform these steps on each Central Node server. If your organization's infrastructure has separately installed Sensor components, you must also follow these steps on servers that have this component. If the application is deployed as a cluster, you must perform these steps on one of the servers with the 'manager' role in Docker swarm. To view the role of a server, use the $ docker node ls command.

   

   Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

   

   Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

2. When the system prompts you, enter the administrator user name and password that were specified while installing the component.

   The application component administrator menu is displayed.

3. In the list of sections of the application administrator menu, select the Technical Support Mode section.
4. Press Enter.

   This opens the Technical Support Mode confirmation window.

5. Confirm that you want to manage the application in Technical Support Mode. To do so, select Yes and press Enter.
6. Run the script by executing the command:

   sudo kata-run.sh kata-collect --output-dir <path>

You can also specify one or multiple parameters for this command (see the table below).

Parameters of the kata-collect utility

Required parameter	Parameter	Description
Yes	--output-dir <path>	Create a directory at the specified path, where <path> is an absolute or relative path of the directory where you want to save the archive with the downloaded data. If no path is specified, the data archive is saved in the /tmp/collect directory by default.
No	--no-prometheus	Skip preparing and dumping the prometheus database. This parameter significantly speeds up the script.
No	--no-siem-logs	Skip downloading the data that is written to the SIEM system.
No	--siem-logs-range-start <YYYY-MM-DD-HH>	Download the data written to the SIEM system starting from this date (inclusive).
No	--siem-logs-range-end <YYYY-MM-DD-HH>	Download the data written to the SIEM system ending with this date (inclusive).

Example: Command to get information about the operation of the application with SIEM system data filtered by date and without the prometheus database: sudo kata-run.sh kata-collect --output-dir <path> --no-prometheus --siem-logs-range-start <YYYY-MM-DD-HH> --siem-logs-range-end <YYYY-MM-DD-HH>

When the script finishes, a collect--<archive download date>.tar.gz archive is saved to the specified directory. This archive contains system log files of the application.

Page top