Services tools

This section describes the tools for working with services available in the Resources → Active services section of the KUMA web interface.

Getting service identifier

The service identifier is used to bind parts of the service residing within KUMA and installed in the network infrastructure into a single complex. An identifier is assigned to a service when it is created in KUMA, and is then used when installing the service to the server.

To get the identifier of a service:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the service whose ID you want to obtain, and click Copy ID.

The identifier of the service will be copied to the clipboard. For instance, this ID can be used to install the service on a server.

Restarting the service

To restart the service:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the service and select the necessary option:
   • Reload—perform a hot update of a running service configuration. For example, you can change the field mapping settings or the destination point settings this way.
   • Restart—stop a service and start it again. This option is used to modify the port number or connector type.

     Restarting KUMA agents:

     • KUMA Windows Agent can be restarted as described above only if it is running on a remote computer. If the service on the remote computer is inactive, you will receive an error when trying to restart from KUMA. In that case you must restart KUMA Windows Agent service on the remote Windows machine. For information on restarting Windows services, refer to the documentation specific to the operating system version of your remote Windows computer.
     • KUMA Agent for Linux stops when this option is used. To start the agent again, you must execute the command that was used to start it.
   • Reset certificate—remove certificates that the service uses for internal communication. For example, this option can be used to renew the Core certificate.

     Special considerations for deleting Windows agent certificates:

     • If the agent has the green status and you select Reset certificate, KUMA deletes the current certificate and creates a new one, the agent continues working with the new certificate.
     • If the agent has the red status and you select Reset certificate, KUMA generates an error that the agent is not running. In the agent installation folder %APPDATA%\kaspersky\kuma\<Agent ID>\certificates, manually delete the internal.cert and internal.key files and start the agent manually. When the agent starts, a new certificate is created automatically.

     Special considerations for deleting Linux agent certificates:

     1. Regardless of the agent status, apply the Reset certificate option in the web interface to delete the certificate in the databases.
     2. In the agent installation folder /opt/kaspersky/agent/<Agent ID>/certificates, manually delete the internal.cert and internal.key files.
     3. Since the Reset certificate option stops the agent, to continue its operation, start the agent manually. When the agent starts, a new certificate is created automatically.

Deleting the service

Before deleting the service get its ID. The ID will be required to remove the service for the server.

To remove a service in the KUMA web interface:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the service you want to delete, and click Delete.

   A confirmation window opens.

3. Click OK.

The service has been deleted from KUMA.

To remove a service from the server, run the following command:

sudo /opt/kaspersky/kuma/kuma <collector/correlator/storage> --id <service ID> --uninstall

The service has been deleted from the server.

Partitions window

If the storage service was created and installed, you can view its partitions in the Partitions table.

To open Partitions table:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the relevant storage and click Go to partitions.

The Partitions table opens.

The table has the following columns:

• Tenant—the name of the tenant that owns the stored data.
• Created—partition creation date.
• Space—the name of the space.
• Size—the size of the space.
• Events—the number of stored events.
• Transfer to cold storage—the date when data will be migrated from the ClickHouse clusters to cold storage disks.
• Expires—the date when the partition expires. After this date, the partition and the events it contains are no longer available.

You can delete partitions.

To delete a partition:

1. Open the Partitions table (see above).
2. Open the drop-down list to the left from the required partition.
3. Select Delete.

   A confirmation window opens.

4. Click OK.

The partition has been deleted. Audit event partitions cannot be deleted.

Searching for related events

You can search for events processed by the Correlator or the Collector services.

To search for events related to the Correlator or the Collector service:

1. Log in to the KUMA web interface and open Resources → Active services.
2. Select the check box next to the required correlator or collector and click Go to Events.

   A new browser tab opens with the KUMA Events section open.

3. To find events, click the icon.

   A table with events selected by the search expression ServiceID = <ID of the selected service> will be displayed.

Event search results