Administration Server critical events
The table below shows the events of Kaspersky Security Center Cloud Console Administration Server that have the Critical importance level.
For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.
Administration Server critical events
Event type display name | Event type ID | Event type | Description | Default storage term |
---|---|---|---|---|
License limit has been exceeded | 4099 | KLSRV_EV_LICENSE_CHECK_MORE_110 | Once a day Kaspersky Security Center Cloud Console checks whether a license limit is exceeded. Events of this type occur when Administration Server detects that some licensing limits are exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license exceeds 110% of the total number of units covered by the license. Even when this event occurs, client devices are protected. You can respond to the event in the following ways:
Kaspersky Security Center Cloud Console determines the rules to generate events when a license limit is exceeded. | 180 days |
Virus outbreak | 26 (for File Threat Protection) | GNRL_EV_VIRUS_OUTBREAK | Events of this type occur when the number of malicious objects detected on several managed devices exceeds the threshold within a short period. You can respond to the event in the following ways:
| 180 days |
Virus outbreak | 27 (for Mail Threat Protection) | GNRL_EV_VIRUS_OUTBREAK | Events of this type occur when the number of malicious objects detected on several managed devices exceeds the threshold within a short period. You can respond to the event in the following ways:
| 180 days |
Virus outbreak | 28 (for firewall) | GNRL_EV_VIRUS_OUTBREAK | Events of this type occur when the number of malicious objects detected on several managed devices exceeds the threshold within a short period. You can respond to the event in the following ways:
| 180 days |
Device has become unmanaged | 4111 | KLSRV_HOST_OUT_CONTROL | Events of this type occur if a managed device is visible on the network but has not connected to Administration Server for a specific period. Find out what prevents the proper functioning of Network Agent on the device. Possible causes include network issues and removal of Network Agent from the device. | 180 days |
Device status is Critical | 4113 | KLSRV_HOST_STATUS_CRITICAL | Events of this type occur when a managed device is assigned the Critical status. You can configure the conditions under which the device status is changed to Critical. | 180 days |
Limited functionality mode | 4130 | KLSRV_EV_LICENSE_SRV_LIMITED_MODE | Events of this type occur when Kaspersky Security Center Cloud Console starts to operate with basic functionality, without Vulnerability and patch management and without Mobile Device Management features. Following are causes of, and appropriate responses to, the event:
| 180 days |
License expires soon | 4129 | KLSRV_EV_LICENSE_SRV_EXPIRE_SOON | Events of this type occur when the commercial license expiration date is approaching. Once a day Kaspersky Security Center checks whether a license expiration date is approaching. Events of this type are published 30 days, 15 days, 5 days and 1 day before the license expiration date. This number of days cannot be changed. If the Administration Server is turned off on the specified day before the license expiration date, the event will not be published until the next day. When the commercial license expires, Kaspersky Security Center Cloud Console provides only basic functionality. You can respond to the event in the following ways:
| 180 days |
Certificate has expired | 4132 | KLSRV_CERTIFICATE_EXPIRED | Events of this type occur when the Administration Server certificate for Mobile Device Management expires. You need to update the expired certificate. | 180 days |
Updates for Kaspersky application modules have been revoked | 4142 | KLSRV_SEAMLESS_UPDATE_REVOKED | Events of this type occur if seamless updates have been revoked (Revoked status is displayed for these updates) by Kaspersky technical specialists; for example, they must be updated to a newer version. The event concerns Kaspersky Security Center Cloud Console patches and does not concern modules of Kaspersky managed applications. The event provides the reason that the seamless updates are not installed. | 180 days |
Audit: Export to SIEM failed | 5130 | KLAUD_EV_SIEM_EXPORT_ERROR | Events of this type occur when exporting events to the SIEM system failed due to a connection error with the SIEM system. | 180 days |