Diagnostic data collection in Kaspersky Anti Targeted Attack Platform 5 and later
Show applications and versions that this article concerns
- Kaspersky Anti Targeted Attack Platform 6.1
- Kaspersky Anti Targeted Attack Platform 6.0
- Kaspersky Anti Targeted Attack Platform 5.1
- Kaspersky Anti Targeted Attack Platform 5.0
Kaspersky Technical Support specialists might ask you to attach a diagnostic report for rapid processing of requests regarding Kaspersky Anti Targeted Attack Platform (hereinafter “KATA”). Before sending the report to Technical Support, please delete confidential information from it.
To create the report:
- Connect to KATA Central Node (hereinafter “KATA CN”) via SSH protocol and sign in using the admin login and password.
- Select Technical Support Mode.
- Click OK.
- Run the command in the console:
sudo -i
- Enter the password for the admin user.
- Run the command in the console:
kata-collect
The command execution may take a while.
- Run the command after creating the report to correct the file names:
for f in /tmp/collect/collect-*:*tar.gz; do sudo mv "$f" "$(echo "$f" | tr ':' '-')" 2>/dev/null; done
- Check the report size using the command below. The size of the report (in MB / GB) will be specified in the 5th column:
ls -lh /tmp/collect
The maximum file size that can be uploaded to Kaspersky CompanyAccount is 4 GB. If the report exceeds the maximum size, split it into several files 4 GB each (or less) using these instructions.
Check and update the diagnostic script for KATA 5.0 and 5.1
Step 1. Check the diagnostic script version
- Connect to KATA CN via SSH protocol and sign in using the admin login and password.
- Select Technical Support Mode.
- Click OK.
- Run the following command in the console:
test -f "/etc/kaspersky/node.json" && ([[ $(grep product_version /etc/kaspersky/node.json | cut -d\" -f 4 | tr -d .- | head -c 3) -le 510 ]] && (echo "3D5A042EF8B6EB51252466C198A38C0E /usr/local/lib/python3.8/dist-packages/collect/helpers/logs_downloader.py" | md5sum --status -c && echo -e "\033[1;32mDiagnostic script is up-to-date\033[0m" || echo -e "\033[1;31mDiagnostic script needs to be updated\033[0m") || echo -e "\033[1;33mKATA is too recent\033[0m") || echo -e "\033[1;33mKATA is too old\033[0m"
- Perform the steps depending on the result:
- Diagnostic script is up-to-date: Updating is not required. Proceed to generating a report.
- Diagnostic script needs to be updated: Proceed to Step 2 to update the diagnostic script.
- KATA is too old: The diagnostic script is not found. Perhaps your KATA version is earlier than 5.0. You can generate a report with diagnostic data using the instructions.
- KATA is too recent: Updating of the diagnostic script is not required for your KATA version. Proceed to generating a report.
Step 2. Update the diagnostic script
- Download the latest version of the diagnostic script.
- Upload the script to the “/home/admin/” folder in KATA CN using a console or graphic SCP/SFTP client according to the instructions.
- In the console, run the following commands in Technical Support Mode:
cd /home/admin
gunzip collect-1.0-py3-none-any.whl.gz
echo "063953d85755f93988da14a352693421 collect-1.0-py3-none-any.whl" | md5sum -c && sudo pip install --force --no-dependencies collect-1.0-py3-none-any.whl
Enter the password for the admin user if prompted while running the command.
- To check if the script has been updated, run the following command once again:
test -f "/etc/kaspersky/node.json" && ([[ $(grep product_version /etc/kaspersky/node.json | cut -d\" -f 4 | tr -d .- | head -c 3) -le 510 ]] && (echo "3D5A042EF8B6EB51252466C198A38C0E /usr/local/lib/python3.8/dist-packages/collect/helpers/logs_downloader.py" | md5sum --status -c && echo -e "\033[1;32mDiagnostic script is up-to-date\033[0m" || echo -e "\033[1;31mDiagnostic script needs to be updated\033[0m") || echo -e "\033[1;33mKATA is too recent\033[0m") || echo -e "\033[1;33mKATA is too old\033[0m"
Upload the updated diagnostic script for KATA 5.0 and 5.1
You can upload the updated diagnostic script to KATA CN using a console or graphical SCP/SFTP client.
Uploading the diagnostic script using a console PSCP client
- Open the command line on a local computer.
- Change the directory to the folder where the executable PSCP file is located (C:\Program Files\PuTTY by default) using the command:
cd C:\Program Files\PuTTY
- Run the following command to upload the script:
pscp.exe <name_of_the_local_file_to_be_uploaded> admin@<IP-address_KATA_CN>:/home/admin/
Example of the correct command:
pscp.exe "C:\Users\Administrator\Desktop\collect-1.0-py3-none-any.whl.gz" admin@192.168.1.10:/home/admin
Uploading the diagnostic script using a graphical WinSCP client
- Open WinSCP.
- Enter the KATA CN address and your credentials. Click Login.
- Go to the /home/admin/ folder in the right frame.
- In the left frame, select the local file which should be uploaded and click Upload.
Split the report into several files
- Run the following command to learn the report name:
ls -lh /tmp/collect
- Run the commands below to split the report into multiple files:
cd /tmp/collect
REPORT=<report_name>
sudo split $REPORT $REPORT. -b 4G -a 3 --numeric-suffixes=1 --verbose && sudo rm -f $REPORT
Example of the correct commands:
cd /tmp/collect
REPORT=collect-1.srv.node1.node.dyn.kata-2023-09-17T14-30-00.308212.tar.gz
sudo split $REPORT $REPORT. -b 4G -a 3 --numeric-suffixes=1 --verbose && sudo rm -f $REPORT
The split report will consist of several files: <report_name>.001 <report_name>.002 <report_name>.003 Etc.
Download the diagnostic report
You can download the report using a console or graphical SCP/SFTP client, for example, PSCP or WinSCP.
Download the report via a console PSCP client
- Open the command line on a local computer.
- Change the directory to the folder where the executable PSCP file is located (C:\Program Files\PuTTY by default) using the command:
cd C:\Program Files\PuTTY
- Run the following command to download the report the report:
- If the report is not split:
pscp.exe admin@<IP address_KATA_CN>:/tmp/collect/<report_name> <path_to_the_local_folder_where_the_report_should_be_saved>
- If the report is split:
pscp.exe admin@<IP address_KATA_CN>:/tmp/collect/<report_name>.* <path_to_the_local_folder_where_the_report_should_be_saved>
To see the list of available reports, run the command through PuTTY:
ls /tmp/collect
To find the name of a split report, run the command through PuTTY:
ls /tmp/collect | grep -E [0-9]{3}$ | grep -o collect.*tar.gz | sort -u
Example of the command for the report which is not split:
pscp.exe admin@192.168.1.10:/tmp/collect/collect-1.srv.node1.node.dyn.kata-2023-09-17T14-30-00.308212.tar.gz "C:\Users\Administrator\Desktop"
Example of the command for the split report:
pscp.exe admin@192.168.1.10:/tmp/collect/collect-1.srv.node1.node.dyn.kata-2023-09-17T14-30-00.308212.tar.gz.* "C:\Users\Administrator\Desktop"
Download the report via the graphical WinSCP client
- Open WinSCP.
- Enter the KATA CN address and your credentials. Click Login.
- In the left frame, select the folder where you want to save the report.
- In the right frame, go to the /tmp/collect folder and select the report file. If the reported is split, select multiple files: <report_name>.001 <report_name>.002 <report_name>.003 Etc.
- Click Download.
Remove the diagnostic report
- Connect to KATA CN via SSH protocol and sign in using the admin login and password.
- Select Technical Support Mode.
- Click OK.
- Run the following commands in the console to see the list of reports:
cd /tmp/collect
ls
- Run one of the commands depending on what you want to delete:
- If you want to delete one report:
sudo rm -vf <report_name>
- If you want to delete all the files of one split report:
sudo rm -vf <report_name>.*
- If you want to delete all the reports in the folder:
sudo rm -vf collect-*tar.gz*
- If you want to delete one report: