Adding Log Inspection rules via the Application Console

Support

Support for business applications

Kaspersky Security 11.x for Windows Server

Log Inspection

Managing Log Inspection rules via the Application Console

Adding Log Inspection rules via the Application Console

June 10, 2022

ID 148432

Save as PDF

To add and configure a new custom Log Inspection rule:

In the Application Console tree, expand the System Inspection node.
Select the Log Inspection child node.
In the results pane of the Log Inspection node, click the Log inspection rules link.
The Log inspection rules window opens.
Select or clear the Apply custom rules for log inspection. The rules configured are not applied until the checkbox is selected check box.
If the check box is selected, Kaspersky Security for Windows Server applies custom Log Inspection rules according to the rule settings. You can add, remove or configure Log Inspection rules.

If the check box is cleared, you cannot add or modify the custom rules. Kaspersky Security for Windows Server applies the default rule settings.

The check box is selected by default. Only the application popup detection rule is active.

You can control whether the predefined rules are applied to the Log Inspection task. Select the check boxes corresponding to the rules you want to apply to Log Inspection.
To create a new custom rule:
1. Enter the name of the new rule.
2. Click the Add button.
  The created rule is added to the general rule list.
To configure any rule:
1. Select a rule from the list.
  In the right area of the window, the Description tab displays general information about the rule.
  
  The description for the new rule is blank.
2. Select the Rule description tab.
In the General section specify the following information about the new rule:
- Rule name
- Log name
  Select a log to use as the source of events for analysis. The following Windows event log logs are available: Application, Security, System.
  
  You can add a new custom log by entering the log name in the Source field.
- Source
  Specify an application to use as the source of events for analysis.
In the Event identifiers section specify the event IDs that will trigger the rule:
1. Enter an event ID.
2. Click the Add button.
  The entered event ID is added to the list. You can add an unlimited number of identifiers to each rule.
Click the Save button.
The configured log inspection rules will be applied.

Kaspersky Security for Windows Server: Prompt detection of all kinds of threats

Launch control and exploit prevention for businesses of all sizes. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.