Description
Error looks like this: You can't download trace log.
But there is free space on the disk:
Cause
You will see this error if free disk space less than 10G. KWTS is not in sizing
200 GB of hard drive space, which includes:
25 GB for temporary file storage
25 GB for log file storage
How to solve a problem
Bring disk sizing to minimum hardware requirements
Description
After generating a trace log and then attempting to download it via the KWTS 6.1 web interface, it fails with an error if the trace log is more than 1GB (one gigabyte).
The error is duplicated on different devices in different browsers: Mozilla, Chrome, Edge.
In Mozilla, the download stops with "Failed to download file"
Chrome goes into an endless download attempt, the download is interrupted at 1GB, after which the speed drops to 0kb/s and the download start
Descriptrion
You can see an issue like this:
You can also find log entries like this in diagnostic_info\logs\var\log\kwts-traces.log
Line 1538367: Jan 11 18:12:33 kwts2 KWTS Licenser[1154]: 1241 INF httpcli#011Req 0x7fecd003b9d0 CURL: Could not resolve host: activate.activation-v2.kaspersky.com
Line 1538460: Jan 11 18:12:33 kwts2 KWTS EventLogger[1062]: 1102 DBG APP: void lms::event
Description
You can face an issue like this on Events page in KWTS:
Sometimes the search on the Events page works correctly. Sometimes not.. If you collect har-file (HOW TO) from Events page with reproduced issue you will see an error also in it:
Also you can find an error in diagnostic_info\logs\var\log\kaspersky\kwts\extra\webapi.log:
celery.backends.base.SoftTimeLimitExceeded: SoftTimeLimitExceeded(
Issue:
Some log files in KWTS take up a lot of disk space. Log rotation for these files does not work
For example:
Information
Information about logs sizing and rotation you can find in files in /etc/logrotate.d folder on the KWTS server.
The size of log files should be no more than:
Log file
In what file it described
General information
Kaspersky Web Traffic Security does not have a regular function of integration with external services via the ICAP protocol, however, it can be added by manually changing the configuration files of the built-in proxy server from the technical support mode.
Important: ICAP integration works in synchronous mode - data transfer is suspended until the ICAP server processes the request. This may introduce additional delays in the processing of user traffic, thus reducing
Description and cautions
Here's how to configure export only detects from KWTS to external syslog server, which accepts TCP stream on facility local1.
Details
Create file /etc/rsyslog.d/kwts-detects.conf with contents as per below (replace SERVER:PORT by your external syslog server, @SERVER:PORT if UDP is in use instead of TCP)
$ActionQueueFileName KWTSDetects
Description and cautions
Sometimes you may need KWTS to write syslog messages to different log's name or/and path.
We're talking about this setting:
Steps below were performed on Centos 7+ x64 and Ubuntu 20.04/22.04 x64
KWTS 6.1 NOT ISO
By default it's set to local1, and depending on OS KWTS writes syslog messages to:
1) CentOS > /var/log/messages
2) Ubuntu > /var/log/syslog
Details
So here's how to change default behavi
There are 2 types of installer within:https://www.kaspersky.com/small-to-medium-business-security/downloads/internet-gateway?icid=gl_sup-site_trd_ona_oth__onl_b2b_klsupport_tri-dl____gateway___
Version 6.1.0.4762 | Red Hat Enterprise Linux | Localization package
Version 6.1.0.4762 | Red Hat Enterprise Linux | Distributive
What' the difference between these two packages?
Localization package is something you install additionally after installing distributive (applicati
How to connect to KWTS via SSH or receive the files via SCP?
Below are the examples of using Putty and WinSCP tools.
In the puttygen utility (from the Putty package):
Type of the key to generate: RSA.
Generate the key.
Protect the key with a password (key passphrase).
Save the private key.
Copy the public key from the field "Public key for pasting into OpenSSH authorized_keys file"
In the KWTS web interface:
Paste the copied public ke
To use HAProxy as a load balancer in front of KWTS (iso installation and built-in proxy used) we recommend the following:
HAProxy configuration:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
Introduction
Often problems with Kerberos are difficult to diagnose but they occur if you're deploying KWTS for the first time. There are three functional places in the product where Kerberos authentication can be used:
Proxy authentication
This is needed for users to authenticate on the proxy server automatically without login prompt. If login prompt pops-up, then Kerberos authentication failed.
LDAP authentication
This is needed for KWTS to synchronize LDAP cache wit
