Viewing events and reports
While the application is running, various events can occur. The events may be informational or may contain important data. For example, the application can use events to notify about a successful application database update, or to inform about an error in the operation of application components that must be eliminated.
The Kaspersky application allows recording information about application events to the following logs:
- The application event log.
By default, the application saves information about events to the database in the /var/opt/kaspersky/kfl/private/storage/events.db database. You can configure the application event log on the command line.
- Operating system log (syslog).
The operating system log is not used by default. You can enable saving events to this log.
You need root privileges to gain access to the application event log.
You can receive information about application events in the following ways:
- In the command line
- If you are using the interface of the Kaspersky application, you can use the pop-up windows in which you can click the Open reports link to navigate to reports of application components and results of scan tasks.
Some events may contain file paths. For output, the file path is treated as a UTF-8 string. If any of the bytes in the path does not comply with the UTF-8 encoding rules, is it replaced with the ? character. Any four-byte sequence that encodes a character code outside the Unicode range (greater than 0x10FFFF) is also replaced with the ? character. Special characters are escaped (replaced) in a certain way.
The following rules apply when escaping characters in file paths inside events in the output of the kfl-control -E --query command:
- '\a', '\b', '\t', '\n', '\v', '\f', '\r' characters are replaced by two characters as follows:
'\a' -> "\\a"
'\b' -> "\\b"
'\t' -> "\\t"
'\n' -> "\\n"
'\v' -> "\\v"
'\f' -> "\\f"
'\r' -> "\\r"
- All other special characters are output without modification.
The following rules apply for escaping characters in file paths inside events in the output of the kfl-control -E --query --json command:
- In accordance with the JSON format, the '\b', '\f', '\n', '\r', '\t', '"', '\\' characters are escaped as follows:
'\b' -> "\\b"
'\f' -> "\\f"
'\n' -> "\\n"
'\r' -> "\\r"
'\t' -> "\\t"
'"' -> "\\\""
'\\' -> "\\\\"
- All other special characters are escaped in accordance with the general JSON rules for escaping special characters ('\a' -> '\u0007').
Rules for escaping characters in file paths in events when sending to syslog:
- In accordance with the JSON format, the '\b', '\f', '\n', '\r', '\t', '"', '\\' characters are escaped as follows:
'\b' -> "\\b"
'\f' -> "\\f"
'\n' -> "\\n"
'\r' -> "\\r"
'\t' -> "\\t"
'"' -> "\\\""
'\\' -> "\\\\"
- All other special characters are escaped in accordance with the general JSON rules for escaping special characters ('\a' -> '\u0007').
The first backslash in the sequence when describing rules is the escape character.
Examples:
|
The application can generate various types of reports on the events that occur while the application is running. Reports contain information about the performance of each Kaspersky component, the results of each task, and the overall operation of the application.
You can view reports in the Kaspersky application interface.
Events and reports may contain the following personal data:
- User name and user ID of operating system users
- Paths to user files
- Web addresses of the update sources
- Detected malicious, phishing, adware web addresses, and web addresses containing legitimate applications that intruders can use to compromise devices or data
- Names and IDs of the devices
- Web addresses of the repositories
- File names, paths to files, and hash-sums of executable application files
- Application category names
In addition, events and reports may contain:
- General application settings values
- Names and settings of command line tasks