For instructions on how to enable logging, see section "Manually enabling logging in Kaspersky Scan Engine", subsection "Enabling logging in HTTP mode".
Configuring logging
To configure logging, change the parameters in the httpdkavlog.ini logging configuration file (hereinafter referred to as the logging configuration file) located in the %service_dir%/bin
directory. The configuration file consists of several sections.
The [DebugLogging] section
LogLevel
—Specifies the logging level.Possible values:
0
Disables logging. This is the default value.
1
Enables full logging mode. Use this mode for debugging purposes.
In HTTP mode, Kaspersky Scan Engine does not automatically remove log files from previous initializations. If necessary, you can remove these log files manually.
LogFolder
—Specifies the path to a directory where log files are stored. The path can be absolute or relative. A relative path is calculated relative to the directory that contains the kavhttpd
binary file.
The [SyslogLogging] section
The settings below are available only for Linux operating systems.
SyslogEnabled
—Specifies whether the Kaspersky Scan Engine sends syslog messages.Possible values:
0
Disables sending of syslog messages.
1
Enables sending of syslog messages.
SyslogFormat
—Specifies the format of syslog messages. Possible values:
cef
—Specifies the CEF format of syslog messages.raw
—Specifies the RAW format of syslog messages. The raw
value is used when the value specified in this element is not cef
or raw
, or no value is specified in this element, or if the logging configuration file does not contain the SyslogFormat
parameter.SyslogDestination
—Specifies the destination address for syslog messages. Possible values:
%PROTOCOL%%IP%:%PORT%
, where:%PROTOCOL%
is a network protocol (use tcp://
or udp://
for this value). %IP%
is an IPv4 address that receives syslog messages. %PORT%
is a port that receives syslog messages.If you do not specify a protocol as described above, Kaspersky Scan Engine will use the UDP protocol.
localhost
—Indicates that syslog messages are redirected to syslogd
.The directory contains the httpd_kav_syslog.log
file. Log files with syslog messages created by previous sessions are not removed. If the directory contains an old file, Kaspersky Scan Engine writes new information to this file without deleting the old data.
Kaspersky Scan Engine can write debug logs and send syslog messages at the same time or separately.
Sending syslog messages is available starting from Kaspersky Scan Engine version 1.0.1.51.
Structure of the logging configuration file
Following is an example of a logging configuration file:
[DebugLogging] LogLevel=%LEVEL% LogFolder=%FOLDER%
[SyslogLogging] SyslogEnabled=%ENABLED% SyslogFormat=%FORMAT% SyslogDestination=%DESTINATION% |