Kaspersky Thin Client maintains two types of logs:
Event log. This log saves all events registered by Kaspersky Thin Client components. You can view the event log in the Kaspersky Thin Client interface, and forward it to a log server.
An entry containing records of changes made to the state or configuration of a thin client, or errors that require the attention of a system administrator.
Audit log. This log stores important events in thin client operation, such as interaction with certificates to connect to Kaspersky Security Center, information about the Administration Server and connections or disconnections from it, and factory resets of the device. The audit log cannot be viewed in the Kaspersky Thin Client interface. You can forward the audit log file to a log server.
The Kaspersky Thin Client event log contains the following information:
Date and time when the event occurred.
Name of the Kaspersky Thin Client component that registered the event.
Event severity. The following values are possible:
Trace is all possible messages and warnings that occur during application operation.
Debug is debug messages and all informational and important messages, and all warnings and messages about common and critical errors.
Info is informational messages, important messages and all warnings, and messages about common and critical errors.
Warn is all warnings and messages about ordinary and critical errors.
Error is messages about errors and critical errors in application operation.
Fatal is messages about critical errors in application operation.
Debug information in <File>:<Line Number>,<Function> format, where:
File is a file name.
Line Number is a number of the line in the file.
Function is debug information.
Process ID and thread ID.
Product version ID.
The Kaspersky Thin Client audit log contains the following events and event details:
Adding, replacing, and switching certificates for connecting to Kaspersky Security Center in the Kaspersky Thin Client interface:
Date and time of the event
IP address and/or domain name of the Kaspersky Security Center Administration Server
Kaspersky Security Center Administration Server port number
Thin client ID
List of certificate attributes: issuer name, subject name, certificate fingerprint, validity start date and time, validity end date and time
Enabling (manually and automatically) and disabling management of Kaspersky Thin Client via Kaspersky Security Center:
Date and time of the event
IP address and/or domain name of the Kaspersky Security Center Administration Server
Kaspersky Security Center Administration Server port number
Thin client ID
Factory reset of Kaspersky Thin Client:
Date and time of the event
Thin client ID
Accepting a remote connection to the thin client:
Date and time of the event
IP address and/or domain name of the user who connected to the thin client
Name of the user who connected to the thin client
Creating a new audit log file in case of log rotation:
Date and time of the event
Thin client ID
Kaspersky Thin Client version
Saving and deleting the user password for auto-connection to a remote environment:
Date and time of the event
User name for connecting to the remote environment