Auditing the application operation
May 15, 2024
ID 91189
Details of the application operation are recorded into Kaspersky Security logs (hereinafter referred to as "logs") and into Microsoft Windows Event Log.
About Windows Event Log
Windows Event Log contains the details of the Kaspersky Security operation that the Kaspersky Security administrator or the security officer can use to monitor the application operation.
Events related to the Kaspersky Security operation are recorded to Windows Event Log by KSHSecurityService (Kaspersky Security service). Each basic events related to the application operation has a respective fixed event code. You can use an event code to find and filter events in a log.
About event logs in Kaspersky Security
Details of the application operation in Kaspersky Security logs are recorded by the application's components and software modules. The application records information to the end of the most recent log. Records of new events are grouped at the top of the list. When the log reaches100 MB in size, the application archives it and creates a new one.
Event logs are created in TXT format and saved to the default folder <Application installation folder>/Logs.
You can define the following settings of Kaspersky Security logs:
- Log storage time;
- Log detail level;
- Location of the folder in which Kaspersky Security stores logs.
You can also enable the logging of event details for the Content Filtering log
Data saved in a log may contain confidential information. For security reasons (for example, to prevent unauthorized access or possible data leaks), you are advised to personally protect files of the application log.