This section explains how to manually configure logging in HTTP mode without using Kaspersky Scan Engine GUI.
See also detailed instructions on enabling logging.
Configuring logging
To configure logging, change the parameters in the httpdkavlog.ini logging configuration file (hereinafter referred to as the logging configuration file) located in the %service_dir%/bin
directory. The configuration file consists of several sections.
DebugLogging section
LogLevel
—Specifies the logging level.Possible values:
0
Disables logging. This is the default value.
1
Enables full logging mode. Use this mode for debugging purposes.
If you enable full logging mode, consider that the log messages will contain sensitive data.
In HTTP mode, Kaspersky Scan Engine does not automatically remove log files from previous initializations. If necessary, you can remove these log files manually.
LogFolder
—Specifies the path to a directory where log files are stored. The path can be absolute or relative. A relative path is calculated relative to the directory that contains the kavhttpd
binary file.
SyslogLogging section
The settings below are available only for Linux operating systems.
SyslogEnabled
—Specifies whether the Kaspersky Scan Engine sends syslog messages.Possible values:
0
Disables sending of syslog messages.
1
Enables sending of syslog messages.
If you enable sending syslog messages, consider that these messages will contain sensitive data, such as personal data as defined by GDPR, configuration data of the product, and licensing information.
SyslogDestination section
This element contains a group of settings that specify the format of the logs. If it is necessary to write logs into different locations, you can specify several SyslogDestination
elements. In this case, the values of the SyslogTarget
subelements must vary.
If SyslogEnabled
(see above) has the value of 1
, you must include at least one SyslogDestination
element.
SyslogFormat
—Specifies the format of syslog messages. Possible values:
cef
—Specifies the cef
format of syslog messages.raw
—Specifies the raw
format of syslog messages. The raw
value is used when the value specified in this element is not cef
or raw
, or no value is specified in this element, or if the logging configuration file does not contain the SyslogFormat
parameter.SyslogTarget
—Specifies the destination address for syslog messages. Possible values:
%PROTOCOL%%IP%:%PORT%
, where:%PROTOCOL%
is a network protocol (use tcp://
or udp://
for this value). %IP%
is an IPv4 address that receives syslog messages. %PORT%
is a port that receives syslog messages.If you do not specify a protocol as described above, Kaspersky Scan Engine will use the UDP protocol.
localhost
—Indicates that syslog messages are redirected to syslogd
./var/log/kaspersky
.The directory contains the httpd_kav_syslog.log
file. Log files with syslog messages created by previous sessions are not removed. If the directory contains an old file, Kaspersky Scan Engine writes new information to this file without deleting the old data.
SyslogEvents
—Specifies events to be logged. It is allowed to specify multiple SyslogEvents
values. Each of these values sets the type of event that will be logged into the location specified in the SyslogTarget
attribute. If you specify several values for one destination, separate them with the semicolon symbol (;
).
Possible values:
Audit
—Specifies system audit events.Init
—Specifies service initialization events. Deinit
—Specifies service deinitialization events and watchdog events. Update
—Specifies antivirus database update and reload events.License
—Specifies license-related events.Engine
—Specifies antivirus engine events. These events may be published frequently.ScanResultClean
—Specifies scan completion events when scanned object considered clean.ScanResultDetect
—Specifies scan completion events when threat was detected.ScanResultOther
—Specifies scan completion events when object was not scanned.If the SyslogDestination
element does not contain the SyslogEvents
child element, all the HTTP events are logged.
If the SyslogDestination
settings are incorrect, logging to the specified destination will be disabled.
When syslog logging is enabled, system audit is enabled as well. If none of the SyslogEvents
elements contains the Audit
event, system audit settings are set as follows: SyslogFormat
is set to raw
, SyslogTarget
is set to localhost
, and SyslogEvents
is set to audit
.
Kaspersky Scan Engine can write debug logs and send syslog messages at the same time or separately.
Structure of the logging configuration file
Following is an example of a logging configuration file:
[DebugLogging] LogLevel=0 LogFolder=logs [SyslogLogging] SyslogEnabled=0 [SyslogDestination] SyslogFormat=raw SyslogTarget=localhost SyslogEvents=audit;init;deinit;update;license;engine [SyslogDestination] SyslogFormat=cef SyslogTarget=/var/log/kaspersky/kse_udp_lic_events SyslogEvents=license;update |