Managing Kaspersky Thin Client logs

This section provides information about working with Kaspersky Thin Client logs.

About Kaspersky Thin Client logs

Kaspersky Thin Client maintains two types of logs:

• Event log. This log saves all
  events

  An entry containing records of changes made to the state or configuration of a thin client, or errors that require the attention of a system administrator.

  registered by Kaspersky Thin Client components. You can view the event log in the Kaspersky Thin Client interface, and forward it to a log server.
• Audit log. This log stores data on the certificates uploaded to Kaspersky Thin Client, and contains information on instances when Kaspersky Security Center was used to enable or disable management of thin clients. The audit log cannot be viewed in the Kaspersky Thin Client interface. You can forward the audit log file to a log server.

The Kaspersky Thin Client event log contains the following information:

• Date and time when the event occurred.
• Name of the Kaspersky Thin Client component that registered the event.
• Event severity. The following values are possible:
  • Trace is all possible messages and warnings that occur during application operation.
  • Debug is debug messages and all informational and important messages, and all warnings and messages about common and critical errors.
  • Info is informational messages, important messages and all warnings, and messages about common and critical errors.
  • Warn is all warnings and messages about ordinary and critical errors.
  • Error is messages about errors and critical errors in application operation.
  • Fatal is messages about critical errors in application operation.
• Debug information in <File>:<Line Number>,<Function> format, where:
  • File means file name.
  • Line Number means number of the line in the file.
  • Function means debug information.
• Process ID and thread ID.
• Product version ID.

The Kaspersky Thin Client audit log contains the following information:

• Upload date and time of the certificate for connecting Kaspersky Thin Client to Kaspersky Security Center.
• Address of the Kaspersky Security Center Administration Server (IP address and/or domain server name).
• Kaspersky Security Center Administration Server port number.
• List of certificate attributes: issuer name, subject name, certificate fingerprint, validity start date and time, validity end date and time, thin client ID.
• Information about incidents when management of Kaspersky Thin Client via the Kaspersky Security Center Web Console was enabled or disabled.

Forwarding of event and audit logs

You can view the Kaspersky Thin Client event log through the Kaspersky Thin Client interface under Tools → Event log. You can also forward the event log to a log server. The audit log is automatically sent to the server together with the event log.

To forward Kaspersky Thin Client audit and event logs to a log server, a log server must first be deployed in your enterprise infrastructure. For detailed information on server deployment, please refer to the Administrator's Guide for this server.

The maximum file sizes for the event log and audit log are 150 MB and 512 MB, respectively. When the file size of event or audit logs reaches its corresponding limit, Kaspersky Thin Client deletes the existing logs and starts to record new ones. Each time event and audit logs are updated, the current version of Kaspersky Thin Client is recorded at the beginning of the log.

To forward Kaspersky Thin Client audit and event logs:

1. In the Kaspersky Thin Client control panel, click and select Tools in the menu that opens.
2. In the window that opens, select the Event log section (see the figure below).

   

   Tools. Event log section

   This displays information about registered events of Kaspersky Thin Client.

3. In the Event log forwarding address field, enter the address of the destination server that should receive audit and event logs, and click the Send button.

   If Kaspersky Thin Client is a member of an administration group and is centrally controlled through the Web Console, and the Enforced function is enabled, the Event log forwarding address field will contain the value set by the Kaspersky Security Center administrator that cannot be changed.

   We recommend verifying the correct address of the destination server to which you are sending logs. If the wrong address is indicated, logs could be sent to unauthorized third parties. If this is the case, the confidentiality of the data they contain could be compromised.

4. In the window that opens, confirm that you want to forward audit and event logs.

   If Kaspersky Thin Client is not in an administration group and you are forwarding audit and event logs to a log server for the first time, check the settings of the certificate being added in the opened Adding certificate window and click the Add certificate button. The certificate will be added to the system certificate store of Kaspersky Thin Client and will be used for subsequent connections.

Kaspersky Thin Client audit and event logs will be forwarded to the specified server.