Kaspersky Security 11.x for Windows Server

Adding Log Inspection rules via the Administration Plug-in

May 25, 2022

ID 146702

Perform the following actions to add and configure a new custom Log Inspection rule:

  1. Expand the Managed devices node in the Kaspersky Security Center Administration Console tree.
  2. Select the administration group for which you want to configure application settings.
  3. Perform one of the following actions in the details pane of the selected administration group:
    • To configure application settings for a group of protected devices, select the Policies tab and open the Properties: <Policy name> window.
    • To configure the application for a single protected device, select the Devices tab and open the Application settings window.

      If an active Kaspersky Security Center policy is applied to a device and blocks changes to application settings, then these settings cannot be edited in the Application settings window.

  4. In the System inspection section, click the Settings button in the Log Inspection subsection.

    The Log Inspection window opens.

  5. On the Custom rules tab, select or clear the Apply custom rules for log inspection check box.

    You can control whether the preset rules are applied for Log Inspection. Select the check boxes corresponding to the rules you want to apply for Log Inspection.

  6. To add a new custom rule, click the Add button.

    The Custom log inspection rule window opens.

  7. In the General section specify the following information about the new rule:
    • Rule name
    • Source
  8. In the Triggered events ID section, specify the event IDs that will trigger the rule:
    1. Enter an ID.
    2. Click the Add button.

      The entered event ID is added to the list. You can add an unlimited number of identifiers to each rule.

  9. Click OK.

    The Log Inspection rule is added to the list of rules.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.