Administration Server informational events
The table below shows the events of Kaspersky Security Center Administration Server that have the Info importance level.
For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.
Administration Server informational events
Event type display name | Event type ID | Event type | Description | Default storage term |
|---|---|---|---|---|
Over 90% of the license key is used up | 4097 | KLSRV_EV_LICENSE_CHECK_90 | Events of this type occur when Administration Server detects that some licensing limits are close to being exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license constitute over 90% of the total number of units covered by the license. Even when a licensing limit is exceeded, client devices are protected. You can respond to the event in the following ways:
Kaspersky Security Center Linux determines the rules to generate events when a licensing limit is exceeded. | 30 days |
New device has been detected | 4100 | KLSRV_EVENT_HOSTS_NEW_DETECTED | Events of this type occur when new networked devices have been discovered. | 30 days |
Device has been automatically added to the group | 4101 | KLSRV_EVENT_HOSTS_NEW_REDIRECTED | Events of this type occur when devices have been assigned to a group according to device moving rules. | 30 days |
Device has been removed from the group: inactive on the network for a long time | 4104 | KLSRV_INVISIBLE_HOSTS_REMOVED | Events of this type occur when devices have been automatically removed from a group for inactivity. | 30 days |
Limit of installations will soon be exceeded (more than 95% is used up) for one of the licensed applications groups | 4128 | KLSRV_INVLICPROD_EXPIRED_SOON | Events of this type occur when the number of installations for third-party applications included in a licensed applications group reaches 90% of the maximum allowed value specified in the license key properties. You can respond to the event in the following ways:
You can manage license keys of third-party applications using the functionality of licensed applications groups. | 30 days |
FCM Instance ID has changed on this mobile device | 4137 | KLSRV_GCM_DEVICE_REGID_CHANGED | Events of this type occur when the Firebase Cloud Messaging token has changed on the device. For information on the FCM token rotation, please refer to the Firebase service documentation. | 30 days |
Updates have been successfully copied to the specified folder | 4122 | KLSRV_UPD_REPL_OK | Events of this type occur when the Download updates to the Administration Server repository task finishes copying files to a specified folder. | 30 days |
Connection to the secondary Administration Server has been established | 4115 | KLSRV_EV_SLAVE_SRV_CONNECTED | Refer to the following topic for details: Creating a hierarchy of Administration Servers: adding a secondary Administration Server. | 30 days |
Connection to the primary Administration Server has been established | 4117 | KLSRV_EV_MASTER_SRV_CONNECTED |
| 30 days |
Databases have been updated | 4144 | KLSRV_UPD_BASES_UPDATED | Events of this type occur when the Download updates to the Administration Server repository task finishes updating databases. | 30 days |
Audit: Connection to the Administration Server has been established | 4147 | KLAUD_EV_SERVERCONNECT |
| 30 days |
Audit: Object has been modified | 4148 | KLAUD_EV_OBJECTMODIFY | This event tracks changes in the following objects:
| 30 days |
Audit: Object status has changed | 4150 | KLAUD_EV_TASK_STATE_CHANGED | For example, this event occurs when a task has failed with an error. | 30 days |
Audit: Group settings have been modified | 4149 | KLAUD_EV_ADMGROUP_CHANGED | Events of this type occur when a security group has been edited. | 30 days |
Audit: Connection to Administration Server has been terminated | 4151 | KLAUD_EV_SERVERDISCONNECT |
| 30 days |
Audit: Object properties have been modified | 4152 | KLAUD_EV_OBJECTPROPMODIFIED | This event tracks changes in the following properties:
| 30 days |
Audit: User permissions have been modified | 4153 | KLAUD_EV_OBJECTACLMODIFIED |
| 30 days |
Audit: Encryption keys have been imported or exported from Administration Server | 5100 | KLAUD_EV_DPEKEYSEXPORT | For example, this event occurs during migration. | 30 days |
Audit: Test connection to SIEM server succeeded | 5110 | KLAUD_EV_SIEM_TEST_SUCCESS | Events of this type occur when a test connection test to the SIEM server succeeded. | 30 days |
Files have been found to send to Kaspersky for analysis | 4131 | KLSRV_APS_FILE_APPEARED |
| 30 days |
