Jump to content

How to access apt-history logs on CN without the kata-collect-siem-logs tool [KATA/KEDRE]

Recommended Posts

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.


Applicable to versions above 5: 5.0, 5.1, 6.0, 6.0.1, etc.

You can fancy access log-history logs (former apt-history) directly for convenience purposes or if the kata-collect-siem-logs tool is malfunctioning for some reason.

These logs are in gzip, sorted by dates, as files with names in format: /data/volumes/s3proxy/log-history/YYYY-MM-DD-HH-MM-SS, where YYYY-MM-DD-HH-MM-SS is the datetime.

basename -a /data/volumes/s3proxy/log-history/2024*

 To access these logs, use the respective zless; zgrep; zcat tools. For example:

zcat /data/volumes/s3proxy/log-history/2024-01-17-12-05-14
2024-01-17 12:00:59.924639 info apt-history: New IDS alert: {id: 63, importance: High, hidden: False, rule_id: 51310592, excluded rule: False, src:, dest:, bases_version: 202401170033}

Bonus: you can also use these tools to read rotated logs of kataservices in /var/log/kaspersky/services/:

zgrep "FileNotFoundError" /var/log/kaspersky/services/web_backend/web_backend.log.1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now

  • Create New...