Kaspersky Embedded Systems Security 3.x

Adding Log Inspection rules via the Application Console

October 21, 2022

ID 148432

To add and configure a new custom Log Inspection rule:

  1. In the Application Console tree, expand the System Inspection node.
  2. Select the Log Inspection child node.
  3. In the details pane of the Log Inspection node, click the Log inspection rules link.

    The Log inspection rules window opens.

  4. Select or clear the Apply custom rules for log inspection. The rules configured are not applied until the checkbox is selected check box.

    You can control whether the predefined rules are applied to the Log Inspection task. Select the check boxes corresponding to the rules you want to apply to Log Inspection.

  5. To create a new custom rule:
    1. Enter the name of the new rule.
    2. Click the Add button.

      The created rule is added to the general rule list.

  6. To configure any rule, take the following steps:
    1. Select a rule from the list.

      In the right area of the window, the Description tab displays general information about the rule.

      The description for the new rule is blank.

    2. Select the Rule description tab.
  7. In the General section specify the following information about the new rule:
    • Rule name
    • Channel
    • Source
  8. In the Source section specify the event IDs that will trigger the rule:
    1. Enter an event ID.
    2. Click the Add button.

      The entered event ID is added to the list. You can add an unlimited number of identifiers to each rule.

  9. Click the Save button.

    The configured log inspection rules will be applied.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.