Administration Server critical events
The table below shows the event types of Kaspersky Security Center Administration Server that have the Critical importance level.
For each event that can be generated by an application, you can specify notification settings and storage settings on the Event configuration tab in the application policy. For Administration Server, you can additionally view and configure the event list in the Administration Server properties. If you want to configure notification settings for all the events at once, configure general notification settings in the Administration Server properties.
If you specified the port in the Administration Server properties window in the Administration Console, Kaspersky Security Center publishes its metrics and critical events to be obtained by Prometheus, a system for monitoring and alerting. Prometheus obtains the metrics and critical events, and then generates alerts for each event.
Administration Server critical events
Event type display name | Event type ID | Event type | Description | Default storage term |
---|---|---|---|---|
License limit has been exceeded | 4099 | KLSRV_EV_LICENSE_CHECK_MORE_110 | Once a day Kaspersky Security Center checks whether a license limit is exceeded. Events of this type occur when Administration Server detects that some licensing limits are exceeded by Kaspersky applications installed on client devices and if the number of currently used licensing units covered by a single license exceeds 110% of the total number of units covered by the license. Even when this event occurs, client devices are protected. You can respond to the event in the following ways:
Kaspersky Security Center determines the rules to generate events when a license limit is exceeded. | 180 days |
Virus outbreak | 26 (for File Threat Protection) | GNRL_EV_VIRUS_OUTBREAK | Events of this type occur when the number of malicious objects detected on several managed devices exceeds the threshold within a short period. You can respond to the event in the following ways:
| 180 days |
Virus outbreak | 27 (for Mail Threat Protection) | GNRL_EV_VIRUS_OUTBREAK | Events of this type occur when the number of malicious objects detected on several managed devices exceeds the threshold within a short period. You can respond to the event in the following ways:
| 180 days |
Virus outbreak | 28 (for firewall) | GNRL_EV_VIRUS_OUTBREAK | Events of this type occur when the number of malicious objects detected on several managed devices exceeds the threshold within a short period. You can respond to the event in the following ways:
| 180 days |
Device has become unmanaged | 4111 | KLSRV_HOST_OUT_CONTROL | Events of this type occur if a managed device is visible on the network but has not connected to Administration Server for a specific period. Find out what prevents the proper functioning of Network Agent on the device. Possible causes include network issues and removal of Network Agent from the device. | 180 days |
Device status is Critical | 4113 | KLSRV_HOST_STATUS_CRITICAL | Events of this type occur when a managed device is assigned the Critical status. You can configure the conditions under which the device status is changed to Critical. | 180 days |
The key file has been added to the denylist | 4124 | KLSRV_LICENSE_BLACKLISTED | Events of this type occur when Kaspersky has added the activation code or key file that you use to the denylist. Contact Technical Support for more details. | 180 days |
Limited functionality mode | 4130 | KLSRV_EV_LICENSE_SRV_LIMITED_MODE | Events of this type occur when Kaspersky Security Center starts to operate with basic functionality, without Vulnerability and patch management and without Mobile Device Management features. Following are causes of, and appropriate responses to, the event:
| 180 days |
License expires soon | 4129 | KLSRV_EV_LICENSE_SRV_EXPIRE_SOON | Events of this type occur when the commercial license expiration date is approaching. Once a day Kaspersky Security Center checks whether a license expiration date is approaching. Events of this type are published 30 days, 15 days, 5 days and 1 day before the license expiration date. You cannot change the number of days. If the Administration Server is turned off on the specified day before the license expiration date, the event will not be published until the next day. When the commercial license expires, Kaspersky Security Center provides only basic functionality. You can respond to the event in the following ways:
| 180 days |
Certificate has expired | 4132 | KLSRV_CERTIFICATE_EXPIRED | Events of this type occur when the Administration Server certificate for Mobile Device Management expires. You need to update the expired certificate. | 180 days |
Updates for Kaspersky software modules have been revoked | 4142 | KLSRV_SEAMLESS_UPDATE_REVOKED | Events of this type occur if seamless updates have been revoked (Revoked status is displayed for these updates) by Kaspersky technical specialists; for example, they must be updated to a newer version. The event concerns Kaspersky Security Center patches and does not concern modules of managed Kaspersky applications. The event provides the reason that the seamless updates are not installed. | 180 days |