Jean M
-
Posts
44 -
Joined
-
Days Won
1
Posts posted by Jean M
-
-
Hi,
I've a computer which has a Client Task Execution in "Planned" state. However:
1. The computer is online and ESET SMC hows the correct "Last connected"
2. There are no triggers set for this task in a future time.
Why is the task showing as "Planned" state? This column was what we used to know if a task was already executed or not, I'm not sure if there's other way to know.
Thanks,
Jean MPS: using ESET SMC v8 and agent version 8.0.3209.0.
-
Hi Martin,
Forgot to add that information, this is a MacOS computer.
Thanks!
-
Hi Martin,
Indeed, since one of the cases was my own computer, I assumed it would show my user as logged, however, ESET SMC is not showing any user logged in the computer.
Is this some bug?
Thanks
-
Hi,
I'm generating a report with the following columns:
- Logged users . User name
- Computer . Computer name
- Static group . Static group name
However, when the "logged users" column is used, I can see a small decrease of computers showing in the report. Does anyone have a clue why?ThanksJean M. -
What about the computer UUID? I found that it is required by some API calls but I cannot find one that returns the computers along with their UUID. If anyone knows how to get this information please share.
-
Hi,
I've enabled syslog in ESET SMC (v7.1) and I'm able to see logs generated in syslog daemon. The configuration is the following:
However, the message of syslog contains non-printable characters at beginning and end:
# xxd /var/log/eset/RemoteAdministrator/Server/ERAServer.log 00000000: efbb bf7b 2265 7665 6e74 5f74 7970 6522 ...{"event_type" 00000010: 3a22 4175 6469 745f 4576 656e 7422 2c22 :"Audit_Event"," 00000020: 6970 7634 223a 2231 302e 3235 302e 312e ipv4":"10.100.0. ... 00000160: 7222 3a22 222c 2272 6573 756c 7422 3a22 r":"","result":" 00000170: 5375 6363 6573 7322 7d23 3031 3523 3031 Success"}#015#01 00000180: 320a 2.I know that the last two were escaped to #015 and #012 by the syslog daemon (rsylogd) automatically.
Does anyone know if this is expected? I tried both formats BSD and Syslog and they seem to give the same result.
Thanks!
-
Hi,
Is it possible to get computer information like logged user (as shown when we open computer details in Web Console) from the ESET API?
I'm able to get the listing of computers with Era.Common.NetworkMessage.ConsoleApi.Groups.RpcExportComputersRequest but this only returns a listing of computer names.
Thanks,
Jean M -
Thanks itman,
I was just looking in 70, 71 version documentation, I couldn't find that same page for the latest version.
Nevertheless that helps already!
Thanks.
-
Hi,
We'd like to experiment using this Rogue Detector server and we'd need to know more information for making the deployment correct.
There's little documentation on this server in the documentation, other than the diagram showing it needs to be on the network.
Does anyone know if:
- Is server monitoring DHCP requests? and anything else?
- Will it listen to all interfaces or it's configurable?
Thanks!
Jean M -
I wonder if the SMC Server provides an endpoint for agent connection why not use it for that functionality instead of using an ESET's own infrastructure?
Is there any log information about wake-up related events in the agent?
Thanks
-
Hi,
Is this necessary in ESET agents for ESET SMC to work? I've read in the documentation that it allows client tasks to be executed as soon as possible, can someone confirm if this is truly necessary or if it can be disabled?
Is there a place where we can see the information sent to or contacts done to EPNS?
The idea of having an on-prem solution was that it didn't had to rely on third party services.
Thanks for any feedback!
-
Could someone confirm what are the syslog JSON logged Audit Events? if it's just login and logout and if there's a way to log more than that.
-
Hi Martin,
We're looking for actions executed by the native users in ESET SMC, being one of the most important the Client Tasks, of type Run Command. But, overall other actions would be useful also, for auditing purposes. The way the information is shown in the documentation it made me think these syslog audit events would match what we would get by Audit Reports.
Thanks!
-
Hi,
I'm trying to process ESET SMC Server in a SIEM system and it seems that it provides a good feature of sending JSON Audit Events to a syslog server. What I needed to know is what audit events are logged, because I'm only receiving login and logout events in syslog:
2020-02-05T17:20:43.724Z ip-10-xxx.xxx ERAServer[2286] <U+FEFF>{"event_type":"Audit_Event","ipv4":"10.xxx","hostname":"ip-10-XXX","source_uuid":"976e2311-41fa-4e38-88ad-5af43c63bab6","occured":"05-Feb-2020 17:20:43","severity":"Information","domain":"Native user","action":"Login attempt","target":"USERNAME","detail":"Authenticating native user 'USERNAME'.","user":"","result":"Success"}#015#012
Thanks!
-
Hi,
We're using the older version, v7.0 yet.
Thanks!
-
Hi!
In Ubuntu Bionic the OpenSSL version is >= 1.1.x (https://packages.ubuntu.com/bionic/openssl), and as documented, SMC Agent doesn't support this version.
I was wondering if anyone have an idea on how to install the SMC Agent in this OS (or others that use by default a newer version of OpenSSL)?
I know it is possible to install an older version of OpenSSL using manual compilation at least, but I was looking for cleaner ways of doing this.If I ask in distribution forums I'm afraid they will say it is old and not supported... 😐
Any idea is welcome.
Thanks!
-
-
That is a bit limiting, but yes, looking around in the forum we see a workaround (from you) it seems to be working!
Thanks.
-
Well, that seem to work, thanks!
In that case wouldn't all other addresses also be blocked? If I open some HTTPS URL it works.
-
-
Hi,
I've created a policy to block a sample URL domain, however it seems to have the negative effect of blocking any HTTP access (permitting only HTTPS).
While reading through the documentation it was not clear to me what setting is related to this behavior?
Does anyone know?
Thanks!
-
Hi,
I've a blacklisted URL for testing purposes in SMC Policy and it was applied in the computer as we can see from the image.
This was working previously (correctly blocking access to the site even through a terminal curl command), however, now it is failing. Any idea why?
Thanks
-
I was looking for other ways of getting this information (knowing what commands were run by a certain user of SMC Console), do you have any suggestion?
The audit provides runTask logs and change task logs, but no information on the command. Looking at specific computer details, we see a list of events but for the run task we can only see the most recent command assigned to the task.
Thanks.
-
From this guide:
https://help.eset.com/esmc_install/70/en-US/migration_assistant.html?clean_installation_same_ip.html
I don't see any reference to DB configuration, do we use the same login/db as the old server?
I'm assuming no information is lost in the DB when we start using the new server?
Thanks.
ESET PROTECT Components Upgrade Task - Agent Update OK, AV Not
in ESET PROTECT On-prem (Remote Management)
Posted
Hi,
We're upgrading all AVs and SMC Agent but I have doubts on AV upgrade:
1. If I select to not "automatically reboot" is it expected to install the AV if the user eventually reboots the system? I'm asking because by experience, this doesn't seem to be working, wondering if there's something wrong in configuration.
2. If I select "automatic reboot" will the user be prompted and allowed to delay the reboot?
Thanks,
Jean M