How to collect traces files in Kaspersky Security for Virtualization 4.0 Agentless

By default, the File Anti-Virus component of Kaspersky Security for Virtualization 4.0 Agentless writes the information about the trace file into syslog. The trace file is saved to /var/log/ksv.

To enable traces:

1. Open the ksv.cfg configuration file for editing by executing the command:

2. In the [process] section, set the value trace-level = 1000.
3. To save the changes, press F2 on the keyboard.
4. Restart the File Anti-Virus service using the command:

5. Restart the Network Agent on the SVM using the command:

6. Reproduce the issue.
7. Disable local tracing: open ksv.cfg for editing and restore the previous value for trace-level = 600.
8. Restart ksv and klnagent.
9. Send the /var/log folder to Kaspersky Lab technical support.

By default, the Network Threat Detection component of Kaspersky Security for Virtualization 4.0 Agentless writes the log into syslog. The trace file is saved to /var/log/ksv.

To enable traces:

1. Open the ksv.cfg configuration file for editing by executing the command:

2. In the [process] section, set the value trace-level = 1000.
3. To save the changes, press F2 on the keyboard.
4. Restart the Network Threat Detection service using the command:

5. Restart the Network Agent on the SVM using the command:

6. Reproduce the issue.
7. Disable detailed tracing: open ksv.cfg for editing and restore the previous value for trace-level = 600.
8. Restart the ksvns service.
9. Send the /var/log folder to Kaspersky Lab technical support.

1. 1. Open the connector.conf file for editing by executing the command:
      • On the SVM with File Anti-Virus installed:

1. 1. • On the SVM with Network Threat Detection installed:

1. Set the value traceLevel = 1000.
2. To save the changes, press F2 on the keyboard.
3. Restart the Network Agent on the SVM using the command:

5. Reproduce the issue.
6. Disable local tracing: open connector.conf for editing and restore the previous value for trace-level = 500.
7. Restart the klnagent service.
8. Send the /var/log folder to Kaspersky Lab technical support.

In some cases, Kaspersky Lab engineers may request trace files of Network Agent located on the SVM with File Anti-Virus or Network Treat Detection installed.

To get a Network Agent trace file:

1. Open the klnagent file for editing by executing the command:

2. In the klnagent file, replace ${BIN} in the start() function with ${BIN} -tl 4 -tf /var/log/kaspersky/klnagent/klnagent.log.

3. To save the changes, press F2 on the keyboard.
4. Restart the Network Agent on the SVM using the command:

5. Reproduce the issue.
6. Disable tracing: change ${BIN} -tl 4 -tf /var/log/kaspersky/klnagent/klnagent.log in the start() function back to ${BIN} and restart klnagent.
7. Send the /var/log folder to Kaspersky Lab technical support.

In some cases, Kaspersky Lab support engineers may request a Kaspersky Security for Virtualization 4.0 Agentless management plugin trace file to solve the issue.

On the computer with the Administration Console and management plugin installed, do the following:

1. Open the registry editor (regedit.exe).
2. Go to the section:
   • For 64-bit systems: HKEY_LOCAL_MACHINE/SOFTWARE/WOW6432Node/Kaspersky Lab/Components/34/Products/KSV/2.0.0.0/settings/Trace
   • For 32-bit systems: HKEY_LOCAL_MACHINE/SOFTWARE/Kaspersky Lab/Components/34/Products/KSV/2.0.0.0/settings/Trace.
3. Change the values for TraceToFileEnable from <0> to <1> and set the tracing level value in TraceToFileLevel (from 0 to 1000).

4. Reproduce the issue.

A trace file is created in the folder %Program Files%\Kaspersky Lab\Kaspersky Security Center\Plugins\KSV2.plg\ under the name trace.log.

5. Send the file and the description of your issue to Technical Support.
6. When the issue is fixed, delete the trace.log file.
7. Change the values back after you finish collecting traces.

Source : Official Kaspersky Brand
Editor by : BEST Antivirus KBS Team