Format of system event logs

When a Kaspersky NGFW device is started, information about the version of the product and each of its updatable component is logged.

A system event consists of the following fields:

• Timestamp
• Host name
• Process name [PID]
• Subsystem message text:
  • Thread ID
  • Severity
  • Subsystem (multiple subsystems are separated by a slash character /)
  • Text

All fields are separated by spaces. Fields in the subsystem message text are enclosed in [ ] characters, except for the last field, "Text". The "Process name" field is also enclosed in [ ] if it does not refer to Kaspersky NGFW processes.

Example: Nov 08 16:40:40 NGFW vpp[226]: [226] [info] [ngfw/test] 323: message

Page top