About operating system audit events
The table below describes operating system audit events registered by Kaspersky IoT Secure Gateway 1000.
Operating system audit events
Event name | Event text | Severity | Subject ID |
---|---|---|---|
Audit: Audit subsystem start | Audit subsystem is running | Informational | System: Audit |
Audit: Audit subsystem test message | The test message was successfully recorded during audit subsystem diagnostics | Informational | System: Audit |
admin: Log export | The log is exported | Informational | Administrator |
admin: Log export error | Failed to export the log | Warning | Administrator |
Audit: Audit log overwrite | Audit log is overwritten due to full storage | Informational | System: Audit |
Audit: Audit log is running out of space | The audit log will be overwritten after | Warning | System: Audit |
KscController: Rebooting the device | The device is being rebooted | Informational | System: KscController |
KscController: Uploading the application certificate | Application certificate is uploaded to the certificate storage | Informational | System: KscController |
Launcher: Attempting to launch an incompatible version of the application | An attempt to launch the application version incompatible with the system was detected | Warning | System: Launcher |
Launcher: Attempting to launch a blocked application | An attempt to run a blocked application is detected | Warning | System: Launcher |
Launcher: Launching an application | The application | Informational | System: Launcher |
Launcher: Error launching an application | Failed to start the application | Warning | System: Launcher |
Launcher: Untrusted application | Failed to verify the integrity of the application | Critical | System: Launcher |
Launcher: Stopping an application | The application | Informational | System: Launcher |
Launcher: Application has failed | The application | Warning | System: Launcher |
Launcher: Changing application autorun | The list of applications for autorun is changed | Informational | System: Launcher |
Launcher: Error changing application autorun | Failed to change the list of applications for autorun | Warning | System: Launcher |
Launcher: Enabling the non-immune mode | The device is running in non-immune mode; immunity is not guaranteed | Warning | System: Launcher |
Launcher: Enabling the developer mode | The device is running in developer mode | Warning | System: Launcher |
Launcher: Attempting to download a new version of the application | An attempt to download a new version of an installed application is detected. | Critical | System: Launcher |
Orchestrator: Downloading the application | Download of the application | Informational | System: Orchestrator |
Orchestrator: Successful application download | The application | Informational | System: Orchestrator |
Orchestrator: Successful application installation | The application | Informational | System: Orchestrator |
Orchestrator: Uninstalling the application | Uninstallation of the application | Informational | System: Orchestrator |
Orchestrator: Successful application uninstallation |
| Informational | System: Orchestrator |
Orchestrator: Application download error | Failed to download the application | Warning | System: Orchestrator |
Orchestrator: Application signature verification error | Failed to verify authenticity of the | Critical | System: Orchestrator |
Orchestrator: Application installation error | Failed to install the application | Warning | System: Orchestrator |
Orchestrator: Application installation error | Failed to install the application | Warning | System: Orchestrator |
Orchestrator: Application uninstallation error | Failed to uninstall the application | Warning | System: Orchestrator |
TrafficController: Enabling a network cluster | The network cluster is enabled and its settings are configured | Warning | System: TrafficController |
TrafficController: Disabling a network cluster | The network cluster is disabled | Warning | System: TrafficController |
EmergencyManager: Enabling the Emergency support mode | A critical operating system error is detected. Emergency support mode is enabled: | Critical | System: EmergencyManager |
EmergencyManager: Limiting the operating system functions | Operating system functions ( | Critical | System: EmergencyManager |
BlobContainer: Component blocked from starting | Starting | Critical | System: BlobContainer |
Updater: System update | Full system update is started | Informational | System: Updater |
Updater: Verifying updates | Downloaded updates are verified and ready to install | Informational | System: Updater |
Updater: Downloading updates | Updates downloaded successfully | Informational | System: Updater |
Updater: System update successful | System update completed successfully | Informational | System: Updater |
Updater: No update required | No update required. The latest system version is installed | Informational | System: Updater |
Updater: System update error | Error | Critical | System: Updater |
Updater: Error downloading updates | Failed to download updates | Informational | System: Updater |
Updater: Error rebooting the device | Failed to restart the device while installing updates | Critical | System: Updater |
Updater: Invalid updates | Downloaded updates are invalid and cannot be installed | Warning | System: Updater |
admin: Date and time change | System date and time were changed manually | Informational | Administrator |
KscController: Time synchronization with the source | System time is synchronized with Kaspersky Security Center | Informational | System: KscController |
admin: Account credentials expiry user: Account credentials expiry | User name and password expire in | Informational | Administrator or user |
admin: Certificate expiry user: Certificate expiry | User certificate expires in | Informational | Administrator or user |
admin: User account credentials expired user: User account credentials expired | User name and password expired, refresh the account credentials | Warning | Administrator or user |
admin: User certificate expired user: User certificate expired | User certificate has expired | Warning | Administrator or user |
Authenticator: User blocked | User blocked due to exceeding the number of failed login attempts | Critical | System: Authenticator |
WebServer: Connection session lock | Connection session blocked due to inactivity | Informational | System: WebServer |
admin: Modified lockout duration after failed password entry attempts user: Modified lockout duration after failed password entry attempts | Lockout duration after failed password attempts changed. New value: | Informational | Administrator or user |
admin: Modified user idle time before locking user: Modified user idle time before locking | User idle time before locking changed, new value: | Informational | Administrator or user |
admin: Modified maximum number of failed login attempts user: Modified maximum number of failed login attempts | Maximum number of failed login attempts changed. New value: | Informational | Administrator or user |
admin: Change credentials user: Change credentials | The administrator password for initial login is changed | Informational | Administrator or user |
admin: Change credentials user: Change credentials | Password for user | Informational | Administrator or user |
admin: Change credentials user: Change credentials | Certificate for user | Informational | Administrator or user |
admin: Change credentials user: Change credentials |
| Informational | Administrator or user |
admin: Creating a user account | User account created for | Informational | Administrator |
admin: Error creating user account | User account for | Warning | Administrator |
admin: Deleting a user account | User account for | Informational | Administrator |
admin: User authentication user: User authentication |
| Informational | Administrator or user |
Authenticator: User authentication error | User | Warning | System: Authenticator |
Authenticator: User authentication error | User | Warning | System: Authenticator |
Authenticator: User authentication error | User | Warning | System: Authenticator |
admin: Restoring the system configuration | Status of the operating system configuration restoring from the backup: | Informational | Administrator |
admin: Backing up the system configuration | Status of the backup creation from the operating system configuration: | Informational | Administrator |
admin: Generation of the integrity check report | Generation of the integrity check report started: | Informational | Administrator |
IntegrityService: Integrity check status | Integrity check status: | Informational | System: IntegrityService |
IntegrityService: Object integrity violation |
| Critical | System: IntegrityService |
admin: Operating system self-testing start | Operating system self-testing started | Informational | Administrator |
SelfTestManager: Operating system error during self-testing | Operating system error during self-testing detected: | Critical | System: SelfTestManager |
SelfTestManager: Operating system self-testing result | Operating system self-testing result: completed successfully | Informational | System: SelfTestManager |
SelfTestManager: Operating system self-testing result | Operating system self-testing result: errors detected | Informational | System: SelfTestManager |
SelfTestManager: Operating system self-testing result | Operating system self-testing result: canceled manually | Informational | System: SelfTestManager |