How to get trace files in Kaspersky Security for Virtualization 5.x Agentless

By default, the File Anti-Virus component writes trace files to syslog.

To enable tracing:

1. Open the ksv.cfg configuration file for editing by executing the command:

mcedit /etc/opt/kaspersky/ksv/ksv.cfg

2. In the [process] section, set the value trace-level = 1000.
3. To save the changes, press F2 on the keyboard.
4. Restart the File Anti-Virus service with the command:

/etc/init.d/ksv restart

5. Restart Network Agent on the SVM using the command:

/etc/init.d/klnagent64 restart

6. Reproduce the issue.
7. Disable detailed tracing: open ksv.cfg for editing and restore the previous value to trace-level = 0.
8. Restart ksv and klnagent.

The trace file is saved to /var/log/ksv.

By default, the Network Threat Detection component writes trace files to syslog.

To enable tracing:

1. Open the ksv.cfg configuration file for editing by executing the command:

mcedit /etc/opt/kaspersky/ksvns/ksv.cfg

2. In the [process] section, set the value trace-level = 1000.
3. To save the changes, press F2 on the keyboard.
4. Restart the Network Threat Detection component:

/etc/init.d/ksvns restart

5. Restart Network Agent on the SVM using the command:

/etc/init.d/klnagent64 restart

6. Reproduce the issue.
7. Disable detailed tracing: open ksv.cfg for editing and restore the previous value trace-level = 0.
8. Restart the ksvns service.

The trace file is saved to /var/log/ksv.

1. 1. Open the connector.conf configuration file for editing by executing the command:
      • On the SVM with File Anti-Virus installed:

mcedit /etc/opt/kaspersky/ksv/connector.conf

1. 1. • On the SVM with Network Threat Detection installed:

mcedit /etc/opt/kaspersky/ksvns/connector.conf

1. Set the value traceLevel = 1000.
2. To save the changes, press F2 on the keyboard.
3. Restart Network Agent on the SVM using the command:

/etc/init.d/klnagent64 restart

5. Reproduce the issue.
6. Disable local tracing: open connector.conf for editing and restore the previous value trace-level = 0.
7. Restart the klnagent service.

The trace file is saved to /var/log.

1. Open the klnagent file for editing by executing the command:

2. In the klnagent file, replace “$”{BIN} in the start() function with ${BIN} -tl 4 -tf /var/log/kaspersky/klnagent/klnagent.log.

3. To save the changes, press F2 on the keyboard.
4. Restart Network Agent on the SVM using the command:

5. Reproduce the issue.
6. Disable tracing: change ${BIN} -tl 4 -tf /var/log/kaspersky/klnagent/klnagent.log in the start() function back to ${BIN} and restart klnagent.

The trace file is saved to /var/log.

On the computer with the Administration Console and management plugin installed, do the following:

1. Open the registry editor (regedit.exe).
2. Go to the section:
   • For 64-bit operating systems: HKEY_LOCAL_MACHINE/SOFTWARE/WOW6432Node/Kaspersky Lab/Components/34/Products/KSV/5.0.0.0/settings/Trace
   • For 32-bit operating systems: HKEY_LOCAL_MACHINE/SOFTWARE/Kaspersky Lab/Components/34/Products/KSV/5.0.0.0/settings/Trace
3. Change the value of TraceToFileEnable to 1 and set the tracing level value in TraceToFileLevel (from 0 to 1000).

4. Reproduce the issue.
5. Change the value of TraceToFileEnable to 0.

A trace file is created in the folder %Program Files%\Kaspersky Lab\Kaspersky Security Center\Plugins\KSV5.plg\ with the name trace.log.

Source : Official Kaspersky Brand
Editor by : BEST Antivirus KBS Team