Information in system event log files allows you to trace the process of Kaspersky NGFW software commands execution step by step and to find out the step at which the software runs into an error.
By default, system event log files are created with the Warning or Error logging level, depending on the file type. You can change the logging level of log files using local filters.
If you have enabled the creation of solution trace files, by default, the trace files are saved in the /var/log/journal directory. Access to this directory requires root privileges.
You can open log files using the journalctl utility.
The system event log files contain the following general information:
Time when the event occurred
Number of the thread of execution
Solution component that triggered the event
Severity of the event (informational, warning, critical, error)
Description of the event associated with the execution of the command by the component, and the result of the execution of this command
The following information can be stored in log files in addition to general information:
Statuses of software components and the data they work on
Information about user actions in Kaspersky NGFW
Information about Kaspersky NGFW
Information about all objects and events of the Kaspersky NGFW operating system
Data contained in objects of the operating system of Kaspersky NGFW (for example, the contents of files that may contain personal data of users)
Information about network traffic (for example, the contents of website form fields, which may include bank card details or any other confidential data); such data can only be obtained when the Debug or Trace logging levels are enabled
Data for matching IP addresses with corresponding countries, based on the database maintained by the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)
Data received from the Kaspersky servers (for example, the version of the solution databases)
Kaspersky NGFW CPU usage information
Kaspersky NGFW RAM usage information
Information about the amount of cached information that Kaspersky NGFW needs to work