SVM trace files

During SVM operation, the following trace files may be created on an SVM:

• Protection Server trace file (ScanServer.log). The name of the file contains the file creation date and time. In addition to general data, this file may contain the following information:
  • Personal data, including the last name, first name and middle name, if such data is included in the path to files on protected virtual machines.
  • The name of the account used to log in to the operating system if the user account name is part of a file name.
  • Your email address or web address containing the name of your account and password if they are contained in the name of the detected object.
  • Settings for connecting SVMs to the Integration Server.
  • Information about connecting Light Agents to SVM: unique SVM identifier, unique identifier and information about the operating system of the virtual machine, on which Light Agent is installed, time intervals during which the Light Agent was connected to the SVM.
• boot_config.log trace file This file records the results of executing commands of the SVM first startup script.
• wdserver.log trace file. This file records information about events that occur during operation of the watchdog service (wdserver). The file contains general data.
• SnmpTool.log trace file This file records information about events that occur during operation of the SNMP service (SnmpTool). The file contains general data.
• Trace file of the Kaspersky Security Center Network Agent. This file records information about events occurring during operation of the Kaspersky Security Center connectivity module. The file contains general data.

boot_config.log and wdserver.log trace files are created automatically.

You can create the ScanServer.log and SnmpTool.log trace files using the ScanServer.conf and SnmpTool.conf configuration files that are located in the /etc/opt/kaspersky/la/ directory on the SVMs. A special script is used to create a Network Agent trace file.

For detailed information on how to create and configure trace files, please contact our Technical Support experts.

All created SVM trace files are located in the folder /var/log/kaspersky/la/.

ScanServer.log trace file can also be created in the Protection Server policy.

To create the ScanServer.log trace file in the Protection Server policy:

1. Open Kaspersky Security Center Administration Console.
2. Enable the display of advanced Protection Server policy properties in the operating system registry.
3. In the Managed devices folder in the console tree, open the folder with the name of the administration group to which the required SVMs belong.
4. In the workspace, select the Policies tab.
5. Select a Protection Server policy in the list of policies and right-click to open the Properties: <Policy name> window.
6. In the policy properties window, select the Advanced settings section in the list on the left.
7. In the right part of the window, in the Trace level drop-down list, select the trace level.

   You are advised to clarify the required trace level with a Technical Support specialist.

8. Click Apply to start the tracing process.

SVM trace files are stored in readable format. It is recommended that you ensure that information is protected against unauthorized access before it is sent to Kaspersky.

SVM trace files are not automatically sent to Kaspersky. Trace files are automatically deleted when uninstalling Kaspersky Security.