System events

The system event logs automatically record technical information about the internal operation of Kaspersky NGFW devices. This information is arranged chronologically. By default, these records are saved in the /var partition on the hard disk of the Kaspersky NGFW device.

When troubleshooting, you can configure system events to be stored in the RAM of the device. You can also configure the transmission of system events to external systems to control, analyze, and monitor the operation of Kaspersky NGFW.

Administrators can analyze system events to identify and fix technical problems.

A logging level is automatically assigned to each logged event. The following logging levels are used:

• Level 2 – Critical. This level includes critical errors that make the solution or a key component stop working, unavailability of the database or network, hard disk space running out, unavailability of the licensing service.
• Level 3 – Error. This level includes errors that do not make the solution or its components stop working, messages when license limits are reached or exceeded.
• Level 4 – Warning. This level includes events that require the administrator's attention: unexpected behavior of the solution, messages about license limits being approached.
• Level 6 – Info. This level includes informational messages about the operation of the solution, important actions. These messages serve to track the progress of operations.
• Level 7 – Debug. This level includes detailed step-by-step descriptions of events. These messages serve to understand the reasons why the solution is behaving in a certain way.
• Trace. This level includes very detailed step-by-step descriptions of events.

System event are collected by the journald daemon. System event log files are managed in accordance with the logic of journald.

Some types of Linux system events (for the OSMP connection agent, kernel events, and Linux daemons) must be configured using the shell on the Kaspersky NGFW device.

Use shell commands only in accordance with their descriptions in this Kaspersky NGFW Help or when instructed to do so by Kaspersky Technical Support. In other cases, we recommended using the Kaspersky NGFW command line.

System event logs persist across Kaspersky NGFW device restarts. System event log rotation is always enabled and cannot be disabled.

In this section Local event filters Configuring system event storage Configuring a syslog server connection Key events of subsystems in local logs Logging of Kaspersky NGFW plug-in events Format of system event logs

Page top