Support

Support for business applications

Kaspersky Industrial CyberSecurity for Networks

Performing common tasks

Monitoring events and incidents

Exporting events using the export utility

Kaspersky Industrial CyberSecurity for Networks
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Exporting events using the export utility

March 22, 2024

ID 240894

Get as PDF

In Kaspersky Industrial CyberSecurity for Networks 4.0.1, you can use an event export utility to export events and incidents to XML files. This utility is designed for use on computers running the Astra Linux Special Edition operating system. The file used for running the export-xml utility is included in the distribution kit of Kaspersky Industrial CyberSecurity for Networks 4.0.1.

The event export utility saves files containing information about events and incidents in the specified folder. Information about each event or incident is saved as a separate file whose name indicates the ID of the event or incident. A file contains all available information about an event or incident, including service information from the database (such as information about devices associated with events).

You can use the event export utility to export all events and incidents that were registered during the specified time interval.

The event export utility connects to the application Server through a connector that must be added to the application in advance.

To prepare the application to use the event export utility:

  1. In the application, add the connector that will be used by the event export utility to connect to the application Server. Specify the Generic system type for the connector.
  2. On the computer where the utility will be used, create a folder for saving the exported files. This folder can be a specially created folder for saving files to a network resource.
  3. Copy the file used for running the export-xml utility from the distribution kit of Kaspersky Industrial CyberSecurity for Networks 4.0.1 to the computer.
  4. Go to the folder containing the export-xml file and enter the following command to provide permissions to run the file:

    sudo chmod +x ./export-xml

  5. If the communication data package obtained at step 1 is absent from the computer where the utility will be used, copy this file to the computer (for example, to the folder that contains the export-xml file).

To export event information using the event export utility:

  1. On the computer where the utility will be used, open the operating system console and go to the folder containing the export-xml file.
  2. Enter the following command in the command line:

    ./export-xml -p <connector certificate access password> \
    -c <path to the communication data package> \
    -f <event registration period start date and time> \
    -t <event registration period end date and time> \
    -d <name of folder for saving files> \
    -m <application vendor ID> \
    -i <application instance ID> \
    -z <UTC relative time offset>

    where:

    • <connector certificate access password> is the password that was defined when adding the connector that is used by the event export utility to connect to the application Server (mandatory parameter).
    • <path to communication data package> is the full path and name of the communication data package that was created when adding the connector that is used by the event export utility to connect to the application Server (mandatory parameter).
    • <event registration period start date and time> and <event registration period end date and time> are the start and end date and time of the period of registration of events that will be exported (mandatory parameters). Value format: YYYY-MM-DDThh:mm:ss (for example: 2023-02-23T13:45:21).
    • <name of folder for saving files> is the full path to the folder where exported files will be saved (mandatory parameter).
    • <application vendor ID> is an identifier in the range 0–9,999 representing the application vendor (55 by default).
    • <application instance ID> is an identifier in the range 0–9,999 representing the application instance (1 by default).
    • <UTC relative time offset> is a positive or negative offset relative to UTC time for the defined boundaries of the event registration period expressed in minutes (180 minutes by default, which corresponds to a positive offset of 3 hours).

      Example:

      ./export-xml -p Password1234 -c ./connectorXML.zip -f 2023-02-23T13:45:21 -t 2023-02-23T14:45:21 -d ./output -i 12

    After the utility finishes, verify that the files of exported events are located in the specified folder.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.