Local event filters

While a Kaspersky NGFW device is running, a large number of system events is written to the local log. You can configure local filters for system events to specify which data actually needs to be logged on the Kaspersky NGFW device.

To configure local filters:

  1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.

    This opens the Policy tab.

  2. In the System section, select System events.
  3. On the Log filters & storage tab:
    • If you want to filter logged events based on traffic source, select Source.
    • If you want to filter logged events based on traffic destination, select Destination.
    • If you want to filter logged events based on network protocols and ports, select Service.
  4. This opens the filter settings window; in that window, select Custom.

    The default setting is Any, and no local filters are configured.

  5. If you selected Source or Destination, do the following:
    1. On the Addresses tab, select the network objects whose records you want to be logged and click the Enable button above the table, or enable the toggle switch for these network objects in the Status column.
    2. If you want to specify an individual IP address, on the Hosts tab, click the Create button, and in the Value field, enter an IPv4 address.
    3. If you want to specify multiple IP addresses, on the IP ranges tab, click the Create button, and in the From and To fields, enter the beginning and end of the IPv4 address range.
    4. If you want to specify a subnet, on the Subnets tab, click the Create button, and in the Value field, enter a subnet in IPv4 CIDR format (<IP address>/<subnet mask>, for example, 192.168.2.0/24).
  6. If you selected Service, do the following:
    1. Select the services in the table whose records you want to be logged and click the Enable button above the table, or enable the toggle switch for these services in the Status column.
    2. If you want to create a new service, click the Create button in the toolbar and enter the service name, service description, and protocol and port.
  7. In the Logging level section:
    1. Set the logging level for Level for data plane logs.

      The default setting is Warning.

    2. Set the logging level for Level for security plane logs.

      The default setting is Error.

    3. Set the logging level for Level for management plane logs.

      The default setting is Warning.

      Messages with the selected or lower logging level are logged. For example, if you specified the Warning logging level, events with Warning, Error or Critical logging levels are logged in the local log. Messages with a higher logging level are omitted from the log.

      Logging at Debug or Trace logging levels may impact the performance of the Kaspersky NGFW device, as well as its management. We recommend enabling the Debug or Trace logging levels for a limited period of time and only when requested by Kaspersky Technical Support.

  8. Apply the OSMP policy changes by clicking the Commit and push button.

Local filters are configured.

Page top