Hi.
We would like to monitor Anti-Virus for Windows Server Enterprise Edition (KAV SEE) issues with our normal monitoring tool, which is SCOM 2007 SP1. Lacking an official Management Pack from Kaspersky, the easiest way for us to do this is to look at the Windows event logs, but we need to know what we should look for.
Has anybody found a list of the different events that can be logged into the "Kaspersky Anti-Virus" Windows event log?
Full Version: KAV FSEE 6.0.2.551 - Windows event log
QUOTE(tdchkov @ 25.08.2008 16:56) 
Hi.
We would like to monitor Anti-Virus for Windows Server Enterprise Edition (KAV SEE) issues with our normal monitoring tool, which is SCOM 2007 SP1. Lacking an official Management Pack from Kaspersky, the easiest way for us to do this is to look at the Windows event logs, but we need to know what we should look for.
Has anybody found a list of the different events that can be logged into the "Kaspersky Anti-Virus" Windows event log?
We would like to monitor Anti-Virus for Windows Server Enterprise Edition (KAV SEE) issues with our normal monitoring tool, which is SCOM 2007 SP1. Lacking an official Management Pack from Kaspersky, the easiest way for us to do this is to look at the Windows event logs, but we need to know what we should look for.
Has anybody found a list of the different events that can be logged into the "Kaspersky Anti-Virus" Windows event log?
Hello,
Please see attached file for different events.
Find all events with MSG_ prefix (MSG_OBJECT_NOT_DISINFECTED_NOT_CURABLE for example). For specific event IDs find strings with "#define MSG_" (like #define MSG_OBJECT_NOT_DISINFECTED_NOT_CURABLE ((DWORD)0x0000003FL)). Number in hex is event ID.
Thank you for the file.
It should be no problem getting the Event ID from that file. However, I am unable to see the severity of each event.
You define the severity as the two highest bits in a 32-bit value.
However, the values you assign to each event only contains the lower 16-bits?
Are all the events logged with the same severity?
It should be no problem getting the Event ID from that file. However, I am unable to see the severity of each event.
You define the severity as the two highest bits in a 32-bit value.
However, the values you assign to each event only contains the lower 16-bits?
Are all the events logged with the same severity?
You can see event severity in "Type" field
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.