Support

Support for business applications

Kaspersky CyberTrace

Troubleshooting

General troubleshooting
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

General troubleshooting

April 11, 2024

ID 171563

This section provides information to help you solve problems that you might encounter when using Kaspersky CyberTrace.

If you have encountered problems while using Kaspersky CyberTrace, ensure that:

  • The CyberTrace service is started.

    Windows: Use the sc query cybertrace command to check the service status from the command line.

    Linux: Use the systemctl status cybertrace.service command to check the service status from the terminal.

  • You have enough free disk space and RAM on the CyberTrace server.
  • The web page https://wlinfo.kaspersky.com is accessible from the CyberTrace server.

    To check accessibility of this web page both for Windows and Linux, use the following command: 
    curl -v --cert /opt/kaspersky/ktfs/dmz/feeds.pem [--proxy user:password@proxy-server.ru:3128] https://wlinfo.kaspersky.com/api/v1.0/feeds

    As a result of this check, you may have a list of available feeds according to the certificate, for example:

    {

    "name": "TI Demo Botnet C&C URL Data Feed",

    "updates":

    {"href": "https://wlinfo.kaspersky.com/api/v1.0/feeds/85/updates"},

    "license":

    {"expires": "2024-02-19T00:00:00"}

    }

    If the result contains an error, send the output of this command to Technical Support.

  • The event source (SIEM) is available from the CyberTrace server.
    • Web UI:

      Select the Settings > Service tab. Under Service sends events to, in the IP address text box, enter the IP address of SIEM; and in the Port text box, enter the port of SIEM.

    • In the kl_feed_service.conf configuration file (check this only if the CyberTrace service cannot run):

      Windows: \Kaspersky Lab\Kaspersky CyberTrace\bin\kl_feed_service.conf

      Linux: opt/kaspersky/ktfs/etc/kl_feed_service.conf

      The following is an example of settings from the configuration file:

    <OutputSettings>

    <ConnectionString>127.0.0.1:9998</ConnectionString>

    </OutputSettings>

    Check the port used by the source to connect to CyberTrace.

    Make sure that the embedded firewall service is configured to receive events from the source to CyberTrace on the correct port.

    Make sure that the embedded firewall service on the SIEM side is configured to receive detects from CyberTrace on the correct port.

If the problem is not solved, contact Technical Support, and attach the following:

  • Configuration file for CyberTrace Windows: \Kaspersky Lab\Kaspersky CyberTrace\bin\kl_feed_service.conf
  • Configuration file for CyberTrace Linux: opt/kaspersky/ktfs/etc/kl_feed_service.conf

    There are two ways of getting the configuration file:

    • If the web interface is available, select Settings>Service>Export configuration files.
    • If the CyberTrace service cannot be started, copy the files from the directories and specify the applicable paths for the different operating systems.
  • CyberTrace log files of the debug level

    For more information, see Logging settings and Kaspersky CyberTrace Service logging.

    You should be aware that you will send Technical Support the debug log files containing full incoming events.

  • Screenshots describing the problem.
  • Results of running the collect.sh script.

    Running the collect.sh script creates a report containing all basic diagnostic information from your computer.

    Before sending the report to Technical Support, remove all confidential information from it.

    For information on how to create a report, see https://support.kaspersky.com/15732.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.