Kaspersky CyberTrace

Kaspersky CyberTrace Service logging

27 February 2024

ID 171623

This section describes how Kaspersky CyberTrace Service logs its activity.

Enabling logging

By default, logging is disabled. To enable logging, use the kl_feed_service_log.conf file in the bin directory where the binary file of the service is located. Fill in the kl_feed_service_log.conf file as described in this section. A change in the contents of the kl_feed_service_log.conf file results in the new settings being applied, and this process takes several seconds.

Enabling logging decreases the performance of Kaspersky CyberTrace Service. Use logging only if you encounter problems and errors.

Logging and data security

If you enable logging, Kaspersky CyberTrace Service can write to the log files any of the following information, which can be considered private:

  • Initial events (URLs, IP addresses, hashes, and other data) as it is received by Kaspersky CyberTrace Service.
  • The results of matching the initial events against the feeds.

Log files are regular text files. No information written to the log files is encrypted. The log files have standard inherited access rights. We recommend that you assign the directory for storing log files the appropriate rights so that only the administrator can read the log files.

Kaspersky CyberTrace does not send log files or any data contained in them to Kaspersky. For technical support purposes, your Technical Account Manager can ask you to provide log files.

Log files are stored until they are explicitly deleted by a user. If the Append parameter in the logging configuration file is 0, the previous log files are deleted when Kaspersky CyberTrace Service is started. If the Append parameter in the logging configuration file is 1, the information is retained during the full cycle of Kaspersky CyberTrace Service usage.

If you uninstall Kaspersky CyberTrace, these log files will not be deleted if the directory with log files is located outside of the Kaspersky CyberTrace Service installation directory (as specified by the LogsFolder parameter).

For more information about data written to the log files, see subsection "Log file contents" below.

Logging configuration file

The kl_feed_service_log.conf file is an XML file. Its fields are described in the table below.

Parameter

Description

Mandatory / optional

WriteLog

Log level. One of the following values can be used:

  • non—Logging is off.
  • err—Only errors are logged.
  • inf—Errors and information messages are logged.
  • dbg—All messages are logged.
  • any—All messages including service information are logged.

Optional

By default, non.

LogsFolder

The directory where to store log files. Absolute and relative paths can be used.

In Windows, you cannot use the following symbols in the LogsFolder parameter: ?, *, #, $, :, ", <, >, |.

If you use environment variables in the LogsFolder parameter, they will not be resolved, but used as-is.

Optional

By default, the logs subdirectory of the directory that contains the service executable file.

SizeLimit

The maximum size of the log file, in MB. If 0 is specified, the log file size is not limited.

Optional

By default, 0.

Append

Indicates whether old log files must be removed (0) or appended (1). If you specify an empty value, this means that no data is written to the log (equal to specifying <WriteLog>non</WriteLog>).

Optional

By default, 0.

UseSyslog

Indicates whether the system daemon syslog will be used for logging (1) or not (0).

This parameter is not used in Windows.

Optional

By default, 0.

Configuration file example

The following kl_feed_service_log.conf file example enables logging at the dbg logging level. Logs will be stored in the logs subdirectory of the directory where the Kaspersky CyberTrace Service binary file resides.

<Logging>

<WriteLog>dbg</WriteLog>

<LogsFolder>logs</LogsFolder>

<SizeLimit>0</SizeLimit>

<Append>0</Append>

<UseSyslog>0</UseSyslog>

</Logging>

Log files name format

Kaspersky CyberTrace Service writes messages to the files named "kl_feed_service-<pid>-<date_time>.log" or "kl_feed_service-<pid>-<date_time>_<index>.log".

Log file contents

If the err logging level is used, Kaspersky CyberTrace Service writes information about the errors occurring in the product. This level in the log file is labeled as ERR.

If the inf logging level is used, Kaspersky CyberTrace Service writes important information messages about what is happening in the product. This level in the log file is labeled as INF.

If the dbg logging level is used, Kaspersky CyberTrace Service writes detailed debug information about what is happening in the product. This level in the log file is labeled as DBG.

If the warn logging level is used, Kaspersky CyberTrace Service writes information about the warnings in the product. This level in the log file is labeled as WARN.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.