KWTS: How to change Syslog location [Kaspersky Web Traffic Security]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Description and cautions

Sometimes you may need KWTS to write syslog messages to different log's name or/and path.

We're talking about this setting:

Steps below were performed on Centos 7+ x64 and Ubuntu 20.04/22.04 x64 

KWTS 6.1 NOT ISO

By default it's set to local1, and depending on OS KWTS writes syslog messages to:

1) CentOS > /var/log/messages

2) Ubuntu > /var/log/syslog

Details

So here's how to change default behavior:

• Change value on web interface to, for instance, local0

• Modify /var/opt/kaspersky/kwts/postgresql/postgresql.conf , so it should look like this:

         

• Modify files like this:

         -For CentOS /etc/rsyslog.conf

         -For Ubuntu /etc/rsyslog.d/50-default.conf (actually it could be different name, but this one is default for clean installation of Ubuntu)

• Configure rotation for your /var/log/kwts-syslog.log (name it as you wish)

         -For CentOS /etc/logrotate.d/syslog, you can just append it to current rotation settings

         or configure your own parameters (refer to online documentation)

      -For Ubuntu /etc/logrotate.d/syslog (you can create your own param eters as well)

• Reboot OS and finally check that KWTS writes syslog messages to your new log with cat /var/log/kwts-syslog.log command.