Administration Server informational events

December 9, 2024

ID 177083

The table below shows the events of Kaspersky Security Center Cloud Console Administration Server that have the Info importance level.

For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.

Administration Server informational events

Event type display name

Event type ID

Event type

Description

Default storage term

Over 90% of the license key is used up

4097

KLSRV_EV_LICENSE_CHECK_90

Events of this type occur when Administration Server detects that some licensing limits are close to being exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license constitute over 90% of the total number of units covered by the license.

Even when a licensing limit is exceeded, client devices are protected.

You can respond to the event in the following ways:

  • Look through the managed devices list. Delete devices that are not in use.
  • Provide a license for more devices (add a valid activation code or a key file to Administration Server).

Kaspersky Security Center Cloud Console determines the rules to generate events when a licensing limit is exceeded.

30 days

New device has been detected

4100

KLSRV_EVENT_HOSTS_NEW_DETECTED

Events of this type occur when new networked devices have been discovered.

30 days

Device has been automatically moved according to a rule

4101

KLSRV_EVENT_HOSTS_NEW_REDIRECTED

Events of this type occur when devices have been assigned to a group according to device moving rules.

30 days

Device has been removed from the group: inactive on the network for a long time

4104

KLSRV_INVISIBLE_HOSTS_REMOVED

Events of this type occur when devices have been automatically removed from a group for inactivity.

30 days

Limit of installations will soon be exceeded (more than 95% is used up) for one of the licensed applications groups

4128

KLSRV_INVLICPROD_EXPIRED_SOON

Events of this type occur when the number of installations for third-party applications included in a licensed applications group reaches 90% of the maximum allowed value specified in the license key properties.

You can respond to the event in the following ways:

  • If the third-party application is not in use on some of the managed devices, delete the application from these devices.
  • If you expect that the number of installations for the third-party application will exceed the allowed maximum in the near future, consider obtaining a third-party license for a greater number of devices in advance.

You can manage license keys of third-party applications using the functionality of licensed applications groups.

30 days

Files have been found to send to Kaspersky for analysis

4131

KLSRV_APS_FILE_APPEARED

 

30 days

FCM Instance ID has changed on this mobile device

4137

KLSRV_GCM_DEVICE_REGID_CHANGED

Events of this type occur when the Firebase Cloud Messaging token has changed on the device.

For information on the FCM token rotation, please refer to the Firebase service documentation.

30 days

Updates have been successfully copied to the specified folder

4122

KLSRV_UPD_REPL_OK

Events of this type occur when the Download updates to the Administration Server repository task finishes copying files to a specified folder.

30 days

Connection to the secondary Administration Server has been established

4115

KLSRV_EV_SLAVE_SRV_CONNECTED

Refer to the following topic for details: Creating a hierarchy of Administration Servers: adding a secondary Administration Server.

30 days

Connection to the primary Administration Server has been established

4117

KLSRV_EV_MASTER_SRV_CONNECTED

 

30 days

Databases have been updated

(In Kaspersky Security Center Cloud Console, this event type is available only for a secondary Administration Server.)

4144

KLSRV_UPD_BASES_UPDATED

Events of this type occur when the Download updates to the Administration Server repository task finishes updating databases.

30 days

KSN Proxy has started. KSN availability check has completed successfully

7718

KSNPROXY_STARTED_CON_CHK_OK

 

30 days

KSN Proxy has stopped

7720

KSNPROXY_STOPPED

 

30 days

Audit: Connection to the Administration Server has been established

4147

KLAUD_EV_SERVERCONNECT

 

30 days

Audit: Object has been modified

4148

KLAUD_EV_OBJECTMODIFY

This event tracks changes in the following objects:

  • Administration group
  • Security group
  • User
  • Package
  • Task
  • Policy
  • Server
  • Virtual Server

30 days

Audit: Object status has changed

4150

KLAUD_EV_TASK_STATE_CHANGED

For example, this event occurs when a task has failed with an error.

30 days

Audit: Group settings have been modified

4149

KLAUD_EV_ADMGROUP_CHANGED

Events of this type occur when a security group has been edited.

30 days

Audit: Encryption keys have been imported or exported from Administration Server

5100

KLAUD_EV_DPEKEYSEXPORT

 

30 days

Audit: Test connection to SIEM server succeeded

5110

KLAUD_EV_SIEM_TEST_SUCCESS

 

30 days

See also:

Administration Server events

');
Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
');
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).