Application operation tracing

Application tracing is a detailed record of actions performed by the application and of messages about events that occur during operation of the application. During the tracing process, the application creates a set of files with data about the operation of different application components.

Trace files allow tracing the process of performing application commands step by step and determining the stage of application operation at which an error occurs.

Trace files are stored on the computer as long as the application is in use, and are deleted permanently when the application is removed. You can also delete the trace files manually. To do so, you must disable tracing and stop the application.

Saved trace files may contain confidential data. To control access to data, you must independently ensure the security of trace files.

By default the trace files, except for Authentication Agent trace files, are stored in the folder: %ProgramData%\Kaspersky Lab\KICS.4.5\Traces.

Trace files are named as follows: KICS<4.5_dateXX.XX_timeXX.XX_pidXXX.><trace file type>.log.


You can view data saved in trace files.
All trace files contain the following common data:
Event time
Number of the thread of executionThe Authentication Agent trace file does not contain this information.
Application component that caused the event
Degree of event severity (informational event, warning, critical event, error)
A description of the event involving command execution by a component of the application and the result of execution of this command.
Kaspersky Industrial CyberSecurity for Nodes saves user passwords to a trace file only in encrypted form.
How to enable and configure application tracing in the Kaspersky Security Center Administration Console
In the Kaspersky Security Center Administration Console tree, expand the Managed devices node.
Select the administration group for which you want to configure the task.
Select the Policies tab.
Double-click the policy name you want to configure.
In the policy properties window, go to the Malfunction diagnosis section.
In the Troubleshooting settings block, click the Settings button.The Troubleshooting settings window opens on the Application tracing settings tab.
Select the Enable tracing check box.
If necessary, in the Trace files folder field, specify the full path to the local folder where Kaspersky Industrial CyberSecurity for Nodes will save trace files.The folder must be created in advance and be writable by the SYSTEM account. You cannot specify a network folder, drive, or environment variables.
In the Level of detail drop-down list, select the level of detail of the debug information:Critical means the trace file saves only messages about fatal errors.
Diagnostic means the trace file saves messages about all errors as well as warnings.
Important means the trace file saves messages about all errors, warnings, and additional information.
Normal means the trace file saves messages about all errors, warnings, as well as information about normal operation of the application (default).
Detailed means the trace file saves all information about the operation of the application.
A Technical Support representative determines the detail level required to resolve any potential issues.
The default level of detail is set to Normal.
Specify the Maximum size of trace files (MB).Available values: from 1 to 4095 MB. By default, the maximum size of trace files is 100 MB.
To delete the old trace files when the maximum number of files is reached, select the Remove older trace files check box.
Specify the Maximum number of files for one trace log.Available values: from 1 to 999. By default, the maximum number of files is 5. The field is available if the Remove older trace files check box is selected.
Save your changes.
Restart Kaspersky Industrial CyberSecurity for Nodes.
To stop tracing the application:
In policy properties, in the Troubleshooting settings window, on the Application tracing settings tab, clear the Enable tracing check box.
How to enable and configure application tracing in the Application Console
In the Application Console tree, select the Kaspersky Industrial CyberSecurity for Nodes node and do one of the following:Click the Application properties link in the results pane of the node.
Select Application properties in the node's context menu.
The Application properties window opens.
Select the Malfunction diagnosis tab.
In the Troubleshooting settings block, click the Settings button.The Troubleshooting settings window opens.
Select the tracing settings tab:Application tracing settings. Kaspersky Industrial CyberSecurity for Nodes starts tracing for the application.
Application Console tracing settings. If Application Console and Kaspersky Industrial CyberSecurity for Nodes are installed on different computers, you can start tracing only for the Application Console.
Select the Enable tracing check box.The Trace files folder field, contains the full path to the local folder in which Kaspersky Embedded Systems Security saves trace files by default. You can specify another path.
In the Level of detail drop-down list, select the level of detail of the debug information:Critical means the trace file saves only messages about fatal errors.
Diagnostic means the trace file saves messages about all errors as well as warnings.
Important means the trace file saves messages about all errors, warnings, and additional information.
Normal means the trace file saves messages about all errors, warnings, as well as information about normal operation of the application (default).
Detailed means the trace file saves all information about the operation of the application.
A Technical Support representative determines the detail level required to resolve any potential issues.
The default level of detail is set to Normal.
Specify the Maximum size of trace files (MB).Available values: from 1 to 4095 MB. By default, the maximum size of trace files is 100 MB.
To delete the old trace files when the maximum number of files is reached, select the Remove older trace files check box.
Specify the Maximum number of files for one trace log.Available values: from 1 to 999. By default, the maximum number of files is 5. The field is available if the Remove older trace files check box is selected.
Save your changes.
Restart Kaspersky Industrial CyberSecurity for Nodes.
To stop tracing the application:
In application properties in the Troubleshooting settings window, on the Application tracing settings tab, clear the Enable tracing check box.
How to enable and configure application tracing in the Kaspersky Security Center Web Console
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Industrial CyberSecurity for Nodes policy.The policy properties window opens.
Select the Application settings tab.
Select the Malfunction diagnosis section.
In the Troubleshooting settings block, select the Enable application tracing check box.
If necessary, specify the full path to the local folder where Kaspersky Industrial CyberSecurity for Nodes will save trace files.The folder must be created in advance and be writable by the SYSTEM account. You cannot specify a network folder, drive, or environment variables.
In the Level drop-down list, select the level of detail of the debug information.Critical means the trace file saves only messages about fatal errors.
Diagnostic means the trace file saves messages about all errors as well as warnings.
Important means the trace file saves messages about all errors, warnings, and additional information.
Normal means the trace file saves messages about all errors, warnings, as well as information about normal operation of the application (default).
Detailed means the trace file saves all information about the operation of the application.
A Technical Support representative determines the detail level required to resolve any potential issues.
The default level of detail is set to Normal.
Specify the Maximum size of trace files (MB).Available values: from 1 to 4095 MB. By default, the maximum size of trace files is 100 MB.
To delete the old trace files when the maximum number of files is reached, select the Remove older trace files check box.
Specify the Maximum number of files for one trace log.Available values: from 1 to 999. By default, the maximum number of files is 5. The field is available if the Remove older trace files check box is selected.
Save your changes.
Restart Kaspersky Industrial CyberSecurity for Nodes.
To stop tracing the application:
In the properties of the policy that you are configuring, in the Malfunction diagnosis section, clear the Enable application tracing check box.
How to enable and configure application tracing in the Compact Diagnostic Interface
How to enable and configure application tracing from the command line
Run the command line interpreter (cmd.exe) as an administrator.
Using the cd command, navigate to the folder where the kavshell.exe file is located.For example: cd C:\Program Files (x86)\Kaspersky Lab\Kaspersky Industrial CyberSecurity for Nodes.4.5.0
Run the following command:KAVSHELL TRACE /ON|/OFF /F:<folder for storing trace files> [/LVL:debug|info|warning|error|critical] [/S:<maximum size of the trace file in megabytes>] [/R:<maximum number of trace files before replacing them with new ones>]



See also
Recording memory dumps




	Page top