Tracing settings in Kaspersky Security for Virtualization 5.0 Light Agent
Global Section
This section contains options that are common to many Kaspersky products. They do not need a section prefix.
trace_level = 0
Specifies tracing detalization. The detalization is possible from 0 to 1000 with interval of 100.
Trace level values and descriptions:
- 0: No logging
- 100: "Always". Notifications on running or stopping application components are written to the log file.
- 200: "Critical". Notifications on critical errors that may lead to stopping the application are logged.
- 300: "Error". Notifications on errors that may cause partial malfunctioning of the application are written into the log file.
- 400: "Danger". Warnings on possible critical errors are logged.
- 500: "Warning". Warnings on possible errors are logged,
- 600: "Important". Important information messages are logged.
- 700: "Information". Information messages are written to the log file.
- 800: "Debug". Debug information used by developers is written to the log file.
- 900: "Paranoiac". Detailed debug information used by developers is written to the log file.
- 1000: "Any". The lowest level of traces, all events are logged.
After changing the tracing level, restart ScanServe
systemctl reload la-scanserver
trace_file = /var/log/kaspersky/la/ScanServer.log
Trace file default filename used if syslog is disabled. The real name of trace file will be modified with the date, e.g. ScanServer.20160101T0000.log. The rotation is controlled by the ScanServer.
trace_format = %Y-%m-%dT%X %I %p:
Trace file line format, only used if syslog is disabled. Format specifiers %Y = year, %m = month, %d = day, %H = hour, %M = minute, %S = second, %i = millisecond, %p = trace level, %N = hostname, %P = PID, %I = thread ID, %C = component ID, %D = component instance ID, %X = time.
db_directory = /var/opt/kaspersky/la/ScanServer_db
Configuration database directory. Do not change.
service_settings = ScanServer_settings.kvdb
Default filename of service settings files in the configuration database directory. Do not change.
persistent_storage = ScanServer_storage.kvdb
Default filename of persistent storage files in the configuration database directory. Do not change.
bases_dir = /var/opt/kaspersky/la/bases
Anti-virus bases directory. Do not change.
cache_dir = /var/opt/kaspersky/la/cache
Cache directory, used by the updater.
data_dir = /var/opt/kaspersky/la/data
Data directory, used by the updater. Do not change.
Section [rotation_settings]
This section specifies the conditions that trigger the trace files rotation.
period = 3
How often the trace files are rotated. Tuning.
Rotation period: 1 - monthly, 2 - weekly, 3 - daily, 4 – hourly.
max_file_size = 1073741824
Maximum trace file size, if reached the file is rotated. Tuning.
Maximum file size, bytes, 0 - unlimited, 1073741824 - 1GB.
max_file_count = 15
Maximum number of trace files to keep. When the number is reached, the oldest files are deleted. Tuning.
max files count, 0 – unlimited
new_file_on_start = 1
When the program is started, whether to append to the last trace file or to create a new one.
Write to new file on start, 1 - write to new, 0 - append to the latest.
Section [syslog]
The ScanServer can be configured to use syslog rather than writing to its own trace file.
enabled = 0
1 enable, 0 disable syslog. If disabled traces are sent to trace_file.
program_name = ScanServer
syslog program name.
facility = 176
syslog facility (LOG_LOCAL6 = 176)
format = %I %p:
Syslog line format %Y = year, %m = month, %d = day, %H = hour, %M = minute, %S = second %i = millisecond, %p = trace level, %N = hostname, %P = PID, %I = thread ID %C = component ID, %D = component instance ID, %X = time.
Section [orpc]
The ScanServer listens for requests from Light Agents for service requests (except scan requests) using a remote procedure call mechanism. This section specifies various communication options.
server_port = 11111
Server listening port, not encrypted. Do not change.
server_tls_port = 11112
Server listening port, encrypted via TLS. Do not change.
listen_queue_length = 20
Size of listening queue. Tuning.
max_processor_threads = 75
The maximum number of requests that can be processed simultaneously. If there are no free threads the request goes into the request queue. Tuning.
max_request_queue_length = 10000
The maximum size of the incoming request queue. If there is no space in queue then requests will be ignored. Tuning.
call_timeout = 300000
Timeout for remote procedure calls in milliseconds. Tuning.
uds_path = /var/run/kaspersky/la/orpc
UDS-path to the loval ORPC-server.
Section [orpc_avscan]
The ScanServer listens for scanning requests from the Light Agents via a remote procedure call mechanism. This section specifies various communication options.
listen_queue_length = 20
Size of listening queue. Tuning.
max_processor_threads = 75
The maximum number of requests that can be processed simultaneously. If there are no free threads the request goes into the request queue. Tuning.
max_request_queue_length = 10000
The maximum size of the incoming request queue. If there is no space in queue then requests will be ignored. Tuning.
call_timeout = 300000
Timeout for remote procedure calls in milliseconds. Tuning.
Section [eka.threadpool.ThreadManager]
This section specifies options concerning the thread manager.
maximumThreads = 10000000
Clients, in total, cannot acquire more threads then this number. All requests exceeding this quota would fail immediately.
Section [av_server.AVServer]
This section specifies options concerning the anti-virus server.
port = 9876
Listening port for Light Agent scan requests, unencrypted. Do not change.
tls_port = 9877
Listening port for Light Agent scan requests, encrypted by TLS. Do not change.
Section [watchdog]
The watchdog is a separate program that monitors the ScanServer daemon. If the ScanServer crashes or locks up then the watchdog restarts it.
enabled = 1
1 enable, 0 disable watchdog client.
If changed then the corresponding option in /etc/init.d/la-scanserver must also be changed.
socket = /var/run/kaspersky/la/ScanServerWatchdog.sock
Unix socket for watchdog server/client communication.
ping_timeout = 10000
The time in milliseconds for the watchdog server to wait for a ping from the client. If the watchdog does not hear from the ScanServer within this time then the ScanServer is assumed to have locked up and is restarted. Tuning.
activity_timeout = 20000
The time in milliseconds for the watchdog server to wait for a change in the activity state. If the watchdog does not hear from the ScanServer within this time then the ScanServer is assumed to have locked up and is restarted. Tuning.
kill_timeout = 15000
The time in milliseconds for the watchdog server to wait between sending SIGTERM and SIGKILL. This should be long enough for the service to shutdown normally. Tuning.
ping_interval = 2000
The time in milliseconds between pings. Tuning.
soft_timeout = 86400000
Anti-virus engine: Interval of detection of soft-failures in milliseconds, one day by default. Tuning.
soft_limit = 50
Anti-virus engine: Percent of threads which could be soft-failed, 50% by default. Tuning.
hard_timeout = 60000
Anti-virus engine: Interval of detection of hard-failures in milliseconds, 1 minute by default. Tuning.
hard_limit = 10
Anti-virus engine: Percent of threads which could be hard-failed, 10% by default. Tuning.
thread_test_interval = 30000
Anti-virus engine: Interval of thread test procedure in milliseconds, ignores watchdog.enabled and can’t be disabled, 30 seconds by default. Tuning.
first_start_period = 60
Period in seconds after the watchdog has been started during which we assume first start of ScanServer. After this period we assume ScanServer has been restarted after a crash, and not first start. Tuning.
Section [crash]
The ScanServer has a crash protection mechanism whereby if it repeatedly crashes then the bases are automatically rolled back.
log = /var/opt/kaspersky/la/crash.log
The crash log file.
limit = 5
The maximum number of crashes we allow within the crash window before we force a rollback. Tuning.
window = 300
Duration in seconds of displaying the crash window. Tuning.
rollback_enabled = 1
Enable rollback if too many crashes. 0 - disabled, 1 - enabled.
Section [connector]
The ScanServer uses a program called the “connector” to communicate with the klnagent, and hence to the Security Center.
The connector options are as follows:
product_name = SVM
Be careful upon changing the filename and the product version. They use upon connecting to Kaspersky Security Center. If they are not similar on the plugin's side, the product won't be shown in Security Center.
product_display_name = Kaspersky Security for Virtualization 5.0
Product display name (will be shown in Kaspersky Security Center).
product_version = 5.0.x.x
Product version (will be shown in Kaspesky Security Center).
resources_dir = /etc/opt/kaspersky/la/resources/
Product resources directory. Do not change.
lang = en
Product current language (Kaspersky Security Center event localization), specifies the language used for events sent to the Kaspersky Security Center.
ping_ss_interval = 5000
ScanServer checking interval (milliseconds). Configuring.
product_install_date = empty
Product installation date. Caution: strict format: %d.%m.%Y %H:%M:%S. Example: 11.12.2012 23:22:01.
nagent_config_file = /var/opt/kaspersky/klnagent/1103/1.0.0.0/Statistics/AVState/Protection_AdmServer
The Network Agent configuration file directory.
Section [hypervisor]
Hypervisor settings.
storage = /var/opt/kaspersky/la/hypervisor/hvs.db
Settings storage database. Do not change.
update_period = 30
Polling interval, seconds. Configuring.
reconnecton_attempts = 2
Number of connecting attempts
Section [activation]
This section concerns Activation 2.0 settings, i.e. using the Kaspersky Lab license activation service.
certificate = /etc/opt/kaspersky/la/root.cer
Path to root CA certificate to validate activation keys.
cacert = /etc/opt/kaspersky/la/cacert.pem
Certification authority for server TLS certificate verification.
Section [proxy]
Proxy settings, for activation 2.0 i.e. using the Kaspersky Lab license activation service.
enabled = 0
1 — use proxy.
0 — default proxy is used (no proxy or klnagent proxy if available). All proxy options are ignored if proxy.enabled = 0.
host = some.proxy.com
Proxy server address.
port = 8080
Proxy server port.
use_authentication = 1
Using authendification upon connecting via a proxy server. 1 — enable, 0 — disable.
user = guest
Proxy user name.
password = 123
Proxy password.
Section [svmlocator]
The svmlocator is the mechanism whereby Light Agents locate SVMs and decide which to use.
sendInterval = 10000
Time in milliseconds to send multicast packet. Tuning.
port = 9876
Multicast/unicast data port. Do not change.
unicast_subscription_port = 8000
Unicast subscription port. Do not change.
ttl = 10
Multicast time to live (number of hops). Should be as small to keep packets within local network. Tuning.
refreshLocalAddressesInterval = 300
Interval for refreshing list of network interfaces in seconds. Tuning.
Section [cluster]
Security Center Cluster options.
enabled = 0
If cluster is enabled or not, 0 - disabled, 1 - enabled.
name = LightAgent SVM Cluster
Name of the cluster which will be shown in Security Center.
uuid = 01234567-89AB-CDEF-0123-4567890ABCDE
Unique ID of the cluster.
Section [updater]
Updater options.
target = 0
Unique number in range from 1 to 262143. Chosen at random, uniform distribution. Probability that we generate the same number for the same two consecutive installations should be small. Generated value should be persisted and not changed.
If target here is 0 a random value is assigned, otherwise existing value is preserved.
Target is planted in ScanServer_settings.kvdb by on_product_install.sh
For testing with a particular target the value can be preset and then:
rm /var/opt/kaspersky/la/product_installed
/opt/kaspersky/la/bin/on_product_install.sh
backup_path = /var/opt/kaspersky/la/backup
Backup information to support rollback. Do not change.
recovery_path = /var/opt/kaspersky/la/recovery
Path used by the updater to store temporary information while updating. Do not change.
Section [io_memory_cache]
Memory cache.
max_memory_limit = 40
Maximum physical memory usage (in percent). How much of the system memory the ScanServer may use. Tuning.
shrink_age_limit = 300000
Cache item shrink age limit (in milliseconds). Time interval since last sector access during which this sector become protected from shrink operation. Tuning.
Section [dumps]
dir = /var/opt/kaspersky/la/dumps
The directory dumps are written to.
schema = ScanServer_%d_%p_%n.dmp
Setting names :
- %d - date and time (08.27_19.39);
- %p - process id;
- %n - the dump number in the session.
max = 10
Maximum amount of dumps in the storage.
freeMiB = 1024
Allocated disk space, MB.
Section [osslcheck]
file = /opt/kaspersky/la/bin/osslcheck.sh
The path to osslcheck.sh.