[ESET Endpoint Security interface to syslog]

Hi Peter,

Thanks for the reply, I'm very happy to hear that this works!

Could I trouble you for some details? I found the following in the exporter ESET .xml configuration:

    <ITEM NAME="Log">
     <NODE NAME="SyslogFacility" TYPE="number" VALUE="5" />
     <NODE NAME="MinimumLogVerbosity" TYPE="number" VALUE="8" />
    </ITEM>

How would I set/change these values to - for example - see the results of the latest on-demand scan?

Also, how/where would I be able to see the syslog messages? My machine is running rsyslog and it's probably very easy to do, but I never used it before o_O

And, finally: Does the syslog logging depend on having an activated license? (I'm waiting for mine as we speak and want to make sure I'm not looking for something that won't work until ESET is activated.)

Cheers,

Fabian

[ESET Endpoint Security interface to syslog]

On Linux: I was wondering whether ESET Endpoint Security logs event messages to syslog, and if it does not do so by default, whether it is possible to configure it to use syslog?

[Retrieve more detailled on-demand scan results via the terminal]

When exporting the ESET configuration, there is a "LogAllEnable" flag for the on-demand scan (default: 0). Is this the same option? (Does it simply not have any effect when set to "1" on Linux..?)

[Retrieve more detailled on-demand scan results via the terminal]

Thank you for the swift reply, Marcos!

7 minutes ago, Marcos said:

You'd need to enable logging of all scanned files. This is possible only on Windows

How would I enable this on Windows? Can you confirm that, on Linux, there is no entry to be found in an exported xml config file that would enable the listing of all scanned files?

 

10 minutes ago, Marcos said:

Not sure what other information you'd expect.

Right now I'm still learning about ESET and looking for all the information I can retrieve from the logs

As you rightly stated though, the detection log really should have all I need. However, a list of scanned directories and items would still be important to have in my use case.

[Retrieve more detailled on-demand scan results via the terminal]

Hi,

I'm looking into ESET on-demand scans on Linux, and am trying to figure out how to retrieve the details of an on-demand scan.

Specifically, I have a directory filled with a couple of random files and directories, including two Eicar test files. So far I am using <lslog> with parameters <--scans --with-log-name> to get a scan's log name, followed by <lslog> with parameters <--ods-details> and <--ods-detections>. This yields a scan's basic duration and detection information.

However, I am looking for:

• A list of all files and directories that have been scanned. Right now, the <--ods-details> output merely lists the top folder that I asked ESET to scan. I'm looking for a list of all (sub-)folders and all files that ESET actually did scan.
• Detection details. In this thread the log yields much more detailed information about an encountered threat. I was wondering where/how I might retrieve this information for threats encountered during an on-demand scan.
• More verbose output. Specifically, I was looking at an exported (to xml) config file and found three fields of interest: <Settings/Log/SyslogFacility> (default: 5), <Settings/Log/MinimumLogVerbosity> (default: 8), and <Plugins/ODScand/LogAllEnable> (default: 0). What are these? What values are accepted? How can I set these in order to have ESET yield more verbose logging information? What additional information is available?