Jump to content

Jean M

  • Content Count

  • Joined

  • Last visited

  • Days Won


Jean M last won the day on November 7 2019

Jean M had the most liked content!

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi Martin, Forgot to add that information, this is a MacOS computer. Thanks!
  2. Hi Martin, Indeed, since one of the cases was my own computer, I assumed it would show my user as logged, however, ESET SMC is not showing any user logged in the computer. Is this some bug? Thanks
  3. Hi, I'm generating a report with the following columns: Logged users . User name Computer . Computer name Static group . Static group name However, when the "logged users" column is used, I can see a small decrease of computers showing in the report. Does anyone have a clue why? Thanks Jean M.
  4. What about the computer UUID? I found that it is required by some API calls but I cannot find one that returns the computers along with their UUID. If anyone knows how to get this information please share.
  5. Hi, I've enabled syslog in ESET SMC (v7.1) and I'm able to see logs generated in syslog daemon. The configuration is the following: However, the message of syslog contains non-printable characters at beginning and end: # xxd /var/log/eset/RemoteAdministrator/Server/ERAServer.log 00000000: efbb bf7b 2265 7665 6e74 5f74 7970 6522 ...{"event_type" 00000010: 3a22 4175 6469 745f 4576 656e 7422 2c22 :"Audit_Event"," 00000020: 6970 7634 223a 2231 302e 3235 302e 312e ipv4":"10.100.0. ... 00000160: 7222 3a22 222c 2272 6573 756c 7422 3a22 r":"","result":" 00000170: 5375 6363
  6. Hi, Is it possible to get computer information like logged user (as shown when we open computer details in Web Console) from the ESET API? I'm able to get the listing of computers with Era.Common.NetworkMessage.ConsoleApi.Groups.RpcExportComputersRequest but this only returns a listing of computer names. Thanks, Jean M
  7. Thanks itman, I was just looking in 70, 71 version documentation, I couldn't find that same page for the latest version. Nevertheless that helps already! Thanks.
  8. Hi, We'd like to experiment using this Rogue Detector server and we'd need to know more information for making the deployment correct. There's little documentation on this server in the documentation, other than the diagram showing it needs to be on the network. Does anyone know if: - Is server monitoring DHCP requests? and anything else? - Will it listen to all interfaces or it's configurable? Thanks! Jean M
  9. I wonder if the SMC Server provides an endpoint for agent connection why not use it for that functionality instead of using an ESET's own infrastructure? Is there any log information about wake-up related events in the agent? Thanks
  10. Hi, Is this necessary in ESET agents for ESET SMC to work? I've read in the documentation that it allows client tasks to be executed as soon as possible, can someone confirm if this is truly necessary or if it can be disabled? Is there a place where we can see the information sent to or contacts done to EPNS? The idea of having an on-prem solution was that it didn't had to rely on third party services. Thanks for any feedback!
  11. Could someone confirm what are the syslog JSON logged Audit Events? if it's just login and logout and if there's a way to log more than that.
  12. Hi Martin, We're looking for actions executed by the native users in ESET SMC, being one of the most important the Client Tasks, of type Run Command. But, overall other actions would be useful also, for auditing purposes. The way the information is shown in the documentation it made me think these syslog audit events would match what we would get by Audit Reports. Thanks!
  13. Hi, I'm trying to process ESET SMC Server in a SIEM system and it seems that it provides a good feature of sending JSON Audit Events to a syslog server. What I needed to know is what audit events are logged, because I'm only receiving login and logout events in syslog: 2020-02-05T17:20:43.724Z ip-10-xxx.xxx ERAServer[2286] <U+FEFF>{"event_type":"Audit_Event","ipv4":"10.xxx","hostname":"ip-10-XXX","source_uuid":"976e2311-41fa-4e38-88ad-5af43c63bab6","occured":"05-Feb-2020 17:20:43","severity":"Information","domain":"Native user","action":"Login attempt","target":"USERNAME","deta
  14. Hi, We're using the older version, v7.0 yet. Thanks!
  15. Hi! In Ubuntu Bionic the OpenSSL version is >= 1.1.x (https://packages.ubuntu.com/bionic/openssl), and as documented, SMC Agent doesn't support this version. I was wondering if anyone have an idea on how to install the SMC Agent in this OS (or others that use by default a newer version of OpenSSL)? I know it is possible to install an older version of OpenSSL using manual compilation at least, but I was looking for cleaner ways of doing this. If I ask in distribution forums I'm afraid they will say it is old and not supported... 😐 Any idea is welcome. Thanks!
  • Create New...