Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

Data provision

Data of Kaspersky Endpoint Agent for Linux

Data contained in Kaspersky Endpoint Agent for Linux trace files and dumps

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Data contained in Kaspersky Endpoint Agent for Linux trace files and dumps

8 November 2023

ID 247483

Data contained in trace files

Users are responsible for the security of data stored on their computers, in particular for monitoring and restricting access to the data before it is sent to Kaspersky.

Trace files are stored on the computer during the entire period when the application is used and are permanently deleted when the application is removed.

By default, trace files are saved in the /var/log/kaspersky/epagent/ directory. You can view data in trace files. Accessing the default trace file directory requires root permissions.

All trace files contain the following general data:

  • Time when the event occurred.
  • Number of the thread of execution.
  • Application component that initiated the event.
  • Event importance level (information, warning, critical, error).
  • Description of the event that occurred in connection with an application component running a command, and the result of the command.

In addition to general information, trace files can contain the following data:

  • Kaspersky Endpoint Agent component statuses and their working data
  • Information about all operating system objects and events including user activity information
  • Data contained in operating system objects (for example, contents of files that can include personal data of users)
  • Network traffic data (for example, contents of website forms that can include bank card data or other confidential data)
  • Data received from Kaspersky servers (for example, version of the application databases)

Trace data is recorded to the lena2021-01-18T052236.log file. When the file size reaches 10 MB, the file is saved in the /var/log/kaspersky/epagent/ directory. A new file with a timestamp is created to record current data. Up to 10 files with trace data can be stored in the directory. When the size of the last created file reaches 10 MB, the oldest file is deleted.

Trace files of other applications are stored on the computer until the application is removed.

Data contained in dump files

Stored dump files can contain personal data. To monitor and restrict access to data, you must take steps to ensure the security of dump files.

Dump files are generated automatically whenever the application crashes, and are stored on the computer during the entire period when the application is used. Dump files are permanently deleted when the application is removed.

Dump files are stored in the /var/opt/kaspersky/epagent/dumps/ directory.

A dump file contains the entire memory dump of Kaspersky Endpoint Agent for Linux processes for the moment when the dump file is created. The dump file can also contain personal data.

Accessing dump files requires root permissions.

See also

Data in Kaspersky Endpoint Agent for Linux requests to Kaspersky Anti Targeted Attack Platform

Service data of Kaspersky Endpoint Agent for Linux

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.