If Kaspersky Scan Engine is configured to write syslog messages in RAW format, the log records about events appear as follows:
<%PRIORITY%>1 %TIMESTAMP% %HTTP_SERVICE_IP% KasperskyHTTPService %HTTP_SERVICE_PID% %MESSAGE_ID% [KL_HTTPD@23668 md5="%SCANNED_FILE_MD5_HASH%"] BOM %MESSAGE%\n
A record has the following fields:
%PRIORITY%
Severity level of the event. Possible values:
163
This value is specified for errors.
165
This value is specified if the scan result is something other than CLEAN
.
166
This value is specified for service events or if the scan result is CLEAN
.
%TIMESTAMP%
Date and time of the event in the Coordinated Universal Time (UTC) time zone.
%HTTP_SERVICE_IP%
IP address that Kaspersky Scan Engine uses to receive scan requests from clients. If Kaspersky Scan Engine receives scan requests over a UNIX socket, the field contains the host name of the computer that Kaspersky Scan Engine runs on.
%HTTP_SERVICE_PID%
PID of Kaspersky Scan Engine.
%MESSAGE_ID%
Class of the event. Possible values:
SERVICE_MESSAGE
Service event.
ERROR_MESSAGE
Error.
SCAN_RESULT_MESSAGE
Scan result.
%SCANNED_FILE_MD5_HASH%
MD5 hash of the object that was passed for scanning to Kaspersky Scan Engine. This field appears only when Kaspersky Scan Engine returns the scan result.
%MESSAGE%
Description of the event. For example, the text of an error message.