Kaspersky Embedded Systems Security for Linux

Obtaining information for Technical Support

After you inform Kaspersky Technical Support specialists about the problem, they may ask you to send a trace file or dump file.

Technical Support specialists may also need additionally information about the operating system and running processes on the device, as well as detailed reports on the operation of application components.

While diagnosing the problem, Technical Support specialists may ask you to change the application settings to:

  • activate functionality to receive advanced diagnostic information;
  • perform more detailed configuration of individual application components that cannot be performed through the standard user interface;
  • change settings for storing received diagnostic information;
  • to configure the capture and storage of network traffic in a file.

Technical Support specialists will tell you all the information required to perform these actions (the sequence of steps, the settings to change, configuration files, scripts, advanced command line capabilities, debugging modules, special utilities, etc.), as well as the body of information received for diagnostic purposes. The received advanced diagnostic information is stored on the user device. This information is not automatically sent to Kaspersky.

The steps listed above should be performed only with the guidance of Technical Support specialists based on instructions they provide. Independently changing application files using means not described in the application documentation or not recommended by Technical Support specialists may lead to poor performance and failures in the application and operating system, reduced protection, as well as inaccessible and corrupted data.

In this section

Application trace files

Configuring application trace settings

Application administration plug-in trace files

About dump files

Enabling or disabling dump logging

Page top
[Topic 265010]

About application trace files

A Kaspersky Embedded Systems Security trace file tracks the step-by-step execution of application commands and lets you find out at which stage the error occurs.

Application trace files are not generated by default. You can enable or disable generation of application trace files and define the level of detail in trace files in the command line via the general application settings and the graphical user interface.

If you have enabled the generation of application trace files, these files are saved in /var/log/kaspersky/kess/. Access to this directory requires root privileges.

Trace files are stored on the device as long as the application is in use, and are deleted permanently when the application is removed. Trace files are not sent to Kaspersky automatically.

Trace files are saved in a human-readable format. It is recommended to protect information from unauthorized access before sending it to Kaspersky.

Application trace file contents

Trace files contain the following general data:

  • Event time.
  • Number of the thread of execution.
  • Application component that caused the event.
  • Degree of event severity (informational event, warning, critical event, error).
  • A description of the event involving command execution by a component of the application and the result of execution of this command.

Trace files may store the following information in addition to general data:

  • The statuses of the application components and their operational data.
  • Data on user activity in the application.
  • Data on the hardware installed on the device.
  • Data about all operating system objects and events, including information about user activity.
  • Data contained in the objects of the operating system (for example, the contents of files that may contain any user personal data).
  • Network traffic data (for example, the contents of the entry fields on a website, which may include bank card information or any other sensitive data).
  • Data received from Kaspersky servers (such as the version of the application databases).
  • Data on consumed CPU resources.
  • Data on consumed RAM resources.
  • Data about file read and write operations by applications.
  • Data on the amount of cached information required for the application to work.

Page top

[Topic 264198]

Configuring application trace settings

If you are managing Kaspersky Embedded Systems Security using Kaspersky Security Center, you can configure trace settings of the application in the Kaspersky Embedded Systems Security policy settings using the Web Console or the Administration Console.

If you are managing the application on the command line, you can configure trace settings of the application in the general application settings.

Editing trace settings in the Web Console

In the Web Console, you can configure application tracing settings in the policy properties (Application settingsGeneral settingsApplication settings, Trace and dump settings section) (see the table below).

Application trace settings

Setting

Description

Path to the trace file directory

Input field for the path to the directory where the trace files are stored.

Default value: /var/log/kaspersky/kess.

If you specify a different directory, make sure that the account under which Kaspersky Embedded Systems Security is running has read/write permissions for this directory. Root privileges are required to access the default trace files directory.

Maximum number of trace files

Input field for the maximum number of application trace files.

Default value: 10.

Maximum trace file size (MB)

Input field for the maximum size of an application trace (in megabytes).

Default value: 500.

To apply trace settings, you must restart the application.

Editing trace settings in the Administration Console

In the Administration Console, you can configure application tracing settings in the policy properties (General settingsApplication settings).

Under Trace and dump settings, click Configure to open a window in which you can edit the trace settings (see the table below).

Application trace settings

Setting

Description

Path to the trace file directory

Input field for the path to the directory where the trace files are stored.

Default value: /var/log/kaspersky/kess.

If you specify a different directory, make sure that the account under which Kaspersky Embedded Systems Security is running has read/write permissions for this directory. Root privileges are required to access the default trace files directory.

Maximum trace file size (MB)

Input field for the maximum size of an application trace (in megabytes).

Default value: 500.

Maximum number of trace files

Input field for the maximum number of application trace files.

Default value: 10.

To apply trace settings, you must restart the application.

Editing trace settings in the command line

In the command line, you can configure application tracing settings using the TraceLevel, TraceFolder, TraceMaxFileCount and TraceMaxFileSize settings in general application settings.

The TraceLevel setting lets you enable or disable application tracing and specify the level of detail in trace files. This setting can take the following values:

  • Detailed – Generate a detailed trace file.
  • MediumDetailed – Generate a trace file that contains informational messages and error messages.
  • NotDetailed – Generate a trace file that contains error messages.
  • None (default value) — Do not generate a trace file.

The TraceFolder settings lets you specify the directory where application trace files are stored. Default value: /var/log/kaspersky/kess. If you specify a different directory, make sure that the account under which Kaspersky Embedded Systems Security is running has read/write permissions for this directory. Root privileges are required to access the default trace files directory.

The TraceMaxFileCount setting lets you specify the maximum number of application trace files. The setting can take values from 1 to 10000. Default value: 10.

The TraceMaxFileSize setting lets you specify the maximum size of an application trace file (in megabytes). The setting can take values from 1 to 1000. Default value: 500.

You can edit the setting using command line options or a configuration file that contains all general application settings.

After changing the values of the TraceFolder, TraceMaxFileCount, or TraceMaxFileSize settings, you need to restart the application.

Page top

[Topic 264015]

Application administration plug-in trace files

Administration plug-in trace files are not sent to Kaspersky automatically.

Trace files are saved in a human-readable format. It is recommended to protect information from unauthorized access before sending it to Kaspersky.

Administration MMC plug-in trace files

If you use the Administration Console to manage Kaspersky Embedded Systems Security, information about events that occur while the administration MMC plug-in is running can be saved to the Kaspersky Embedded Systems Security MMC plug-in trace file on the device where the Administration Server is installed. The file name contains the application version number, file creation date and time, and process identifier (PID). This file contains information about the events that occur during MMC plug-in operation, in particular, about the operation of policies and tasks.

MMC plug-in trace files are not generated by default. You can use registry keys to create the MMC plug-in trace file. Contact Technical Support representatives for detailed information on how to create trace files.

All created trace files of the MMC plug-in are located in the folder specified by the user during registry key configuration.

Administration web plug-in trace files

If you use the Web Console to manage Kaspersky Embedded Systems Security, information about events that occur while the administration web plug-in is running can be written to the web plug-in trace files.

Trace files for the web plug-in are created automatically if logging of Web Console activities is enabled in Web Console Installation Wizard (for more details, refer to the Kaspersky Security Center Help).

Trace files of the web plug-in are stored in the Web Console installation folder in the "logs" subfolder.

Contents of administration plug-in trace files

Trace files contain the following general data:

  • Event time.
  • Number of the thread of execution.
  • Application component that caused the event.
  • Degree of event severity (informational event, warning, critical event, error).
  • A description of the event involving command execution by a component of the application and the result of execution of this command.

In addition to general data, trace files may contain the following information:

  • Personal data, including the last name, first name, and middle name, if such data is part of the path to files.
  • The name of the account used to log in to the operating system if the user account name is part of a file name.
Page top
[Topic 265036]

About dump files

A dump file contains all information about the working memory of Kaspersky Embedded Systems Security processes at the time of dump creation.

Dump files may contain personal data. We recommend making sure the information is protected from unauthorized access before sending it to Kaspersky.

No dump files are generated by default. You can enable or disable dumping in case of application failures.

If you enabled dumping, dump files are saved in /var/opt/kaspersky/kess/common/dumps and /var/opt/kaspersky/kess/common/dumps-user.

Root privileges are required to access dump files.

Dump files are stored on the computer as long as the application is in use, and are deleted permanently when the application is removed. Dump files are not sent to Kaspersky automatically.

Page top

[Topic 264274]

Enabling or disabling dump logging

If you are managing the Kaspersky Embedded Systems Security application through Kaspersky Security Center, you can enable or disable dumping in the Kaspersky Embedded Systems Security policy settings using the Web Console or the Administration Console.

If you use the command line to manage the application, you can enable or disable dumping via the kess.ini configuration file.

The maximum number of dump files is limited.

Depending on the operating system settings, user dump files may not be created. Make sure that the system kernel is configured using sysctl kernel.yama.ptrace_scope=0.

Enabling or disabling dumping in the Web Console

In the Web Console, you can enable or disable logging dump files in the policy properties (Application settingsGeneral settingsApplication settings, Trace and dump settings section) (see the table below).

Dump file settings

Setting

Description

Create a dump file if the application crashes

This check box enables or disables the creation of a dump file when the application crashes.

This check box is cleared by default.

Path to the dump file directory

Input field for the path to the directory where the dump files are stored. The input field is limited to 128 characters.

Default value: /var/opt/kaspersky/kess/common/dumps.

You must restart the application to apply the dump file settings.

Enabling or disabling dumping in the Administration Console

In the Administration Console, you can enable or disable logging dump files in the policy properties (General settingsApplication settings).

Under Trace and dump settings, click Configure to open a window in which you can edit the dump settings (see the table below).

Dump file settings

Setting

Description

Create a dump file if the application crashes

This check box enables or disables the creation of a dump file when the application crashes.

This check box is cleared by default.

Path to the dump file directory

Input field for the path to the directory where the dump files are stored. The input field is limited to 128 characters.

Default value: /var/opt/kaspersky/kess/common/dumps.

You must restart the application to apply the dump file settings.

Enabling or disabling dumping on the command line

To enable or disable dumping in the kess.ini configuration file, do as follows:

  1. Stop Kaspersky Embedded Systems Security.
  2. Open the /var/opt/kaspersky/kess/common/kess.ini file for editing.
  3. Under [General], set the parameter value:
    • CoreDumps=yes: enable dumping in case of a failure.
    • CoreDumps=no: disable dumping.
  4. If you want to change the default directory where dump files are saved, specify the path to the directory in the CoreDumpsPath option.
  5. Start Kaspersky Embedded Systems Security.
Page top
[Topic 264223]