Jump to content

rcocchiararo

Members
  • Posts

    16
  • Joined

  • Last visited

About rcocchiararo

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Argentina
  1. Hi there I have 2 ERAS6 (finally migrated the 2nd one that had to go to a linux machine). Both have mostly servers and desktop computers, but they both also have some notebooks (one has only 4, the other one has 12 or so). Is it possible to set them to update from the ERAS6.2 mirror when they are in the office, and from eset directly when they are outside and have internet access? Some of those computers still have ESET Endpoint Antivirus 5, but most of them are updated to 6.2/6.1, and they all will be updated by years end, so if this happens to only be possible for V6, that wont be an issue in the long run. ps: i have created a mirror with the mirror tool, shared the folders with samba (there are 4 folders, v4, v5, and ep6 that i understand are for the antivirus v4/5/6, and also an "era6" folder, that i do not know for what product). Since i have 4 folders, i had to create dynamic groups for each version of the antivirus, and a policy for each version.
  2. I installed all the components i needed (Server, webconsole, agent, rougue detection). My first issue now, is that i can't run the AD sincronizarion: There is a KB saying to write the username as DOMAN\user (it tells you to use THAT format, then also says to use all caps). If i do that, i get an error saying that "domainusername@domain" was not found in kerberos. If i just use the username, i get: Error loading data: Active directory browsing failed. Check input server parameters and AD availability.: Trace info: SearchLdap: 'ldapsearch' failed with 250 exit code, stderr: ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found Ok, just tried again following all the KB, except using only "username", and it worked. ps: i have another ERAS6 installation in a windows server, that was so much friendly
  3. Using binary mode? Changing from auto to binary in the transfer mode made this happen: -bash: ./Server-Linux-x86_64.sh: /bin/sh^M: bad interpreter: No such file or directory For now, it is installing on debian, i might have to wget each installer on the linux server
  4. I installed everything and also the ODBC was set after installing either it's package or the mysql-community-server. I am gonna try again in debian, the procedure is better laid out.
  5. This is weird. If i copy the installers FROM my linux server to my windows machine, and then copy them back to the linux server (i am using winscp 5.7.5), the original error comes back. Ignoring that, now the installer is complaining about: Error: Admin connection not working. Unable to continue.
  6. magical wget. It seems chrome or jdownloader in windows are not happy to download it.
  7. trying wget now. Am i wrong, or there is no ISO for the linux installers, only windows ?
  8. As i said, permissions are FINE. If it lacks execute permission, you get "permission denied" when running it. I can run it with -v, and it displays the version. The problem comes when it has to extract itself.
  9. Hi there I am trying to install ERAS6.2 under linux, but i can't get past the installer script: I first tried under Debian 8.2, but then noticed that it is not officially supported, so i went to CentOS 7, but the same happened. I tried re-downloading in fear of a corrupt file, but no go. I can extract it under windows tho, it seems to be ok and not corrupted. Permissions are set (both in the file and in the folder). No idea what else to try.
  10. Basically with ERA creating a local mirror, much more data will be downloaded compared to the scenario when clients update regularly via an http proxy server. The difference can be 100-200 MB in favor of updates via an http proxy. That seems false in my setup. I have a server and less than 30 computers. The proxy cache folder is larger than 700mb since installation, and definition downlaods seems AS slow as over the internet. (the proxy is being used, if i turn it off, updates fail straight away). If i make a mirror on any of my computers, and point the rest to it, definition downloads are lightning fast, and the mirror folder is less than 400mb. My guess is that you will have to change policy for clients to stop using proxy if you stop proxy service...they are trying to download updates via proxy which, tries to connect to ESET servers on their behalf and is now down... But in that case, they will, naturally, connect directly to ESET servers. I was just saying the the proxy is indeed in use, but it serves no acceleration purpose, not that i want to set machines to use it, turn it off and have them update anyway. I seem to be alone in this, but the proxy seems useless, setting up a mirror gives me the same fast LAN speeds i had in ERAv5, for definition updates. Setting the proxy does nothing, it is still "wan speed" downloads.
  11. V4/V5/V6/V* wont talk to ERA V6, since V6 talks to the AGENT. You install ERA V6, and then (probably painfully ) deploy the agents. Once installed, ERA V6 can manage V4/V5/V6 of the antivirus. In my experience, the HTTP proxy does nothing to save bandwith or at least, nothing to accelerate downloads. Having an endpoint antivirus in the ERA server, and enabling the mirror there, is much faster. (lan speed downloads vs WAN speed downloads of definitions)
  12. Basically with ERA creating a local mirror, much more data will be downloaded compared to the scenario when clients update regularly via an http proxy server. The difference can be 100-200 MB in favor of updates via an http proxy. That seems false in my setup. I have a server and less than 30 computers. The proxy cache folder is larger than 700mb since installation, and definition downlaods seems AS slow as over the internet. (the proxy is being used, if i turn it off, updates fail straight away). If i make a mirror on any of my computers, and point the rest to it, definition downloads are lightning fast, and the mirror folder is less than 400mb.
  13. Why is the apache http proxy installed into "program files" in an x64 server, if it is the 32bits version? Just noticed this when i tried to add the mod_log_config and it would not work (i got the 64 bits version)
  14. ERA v6 does not support creation of a local mirror. The feature was replaced by Apache HTTP Proxy which caches downloaded installers and update files. You may choose not to install it if you plan to use another http proxy or create a mirror using ESET Endpoint Antivirus, ESET Endpoint Security or another v6 ESET product, such as ESET File Security. Let us know what you'd need to help with specifically. The proxy was installed with the bundled installer, and i confirm that the cache folder has files in it (i see a similar structure to what an old squid proxy i had sometime in the past in yet another job). If i shut down the apache proxy, computers can't look for updates. If i enable it.. they can, but they download ULTRA SLOW, like... from the internet. (i have a 25mb connection, but downloading either ESET updates or installers is always slow, no idea why). If i enable the mirror in one of my computers, then updates download lightning fast on the other machines (After setting them to use that update server either manually or with the policy). Either the Apache http proxy is catching the wrong stuff, or something is wrong... i followed every kb, to no avail. I even contacted my old job for support (i am now their customer ), and they could not help. A friend i have that was the main support person there, told me that he had tons of complains for this. For now, i have "burned" a license on the server where i have ERA V6, installing endpoint antivirus there, and enabling the mirror. I've setup the ApacheHttpProxy and found it quite ineficiant. As there is no LOG feature included in the apache config, I manualy added the "mod_log_config" module and added some log rules to get the cache miss and hits: <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access.log" combined CustomLog "logs/proxy-cache-hits.log" common env=cache-hit CustomLog "logs/proxy-cache-missed.log" common env=cache-miss </IfModule> For now I configured two clients to use the ApacheHttpProxy but my "hits" log remains empty and my "miss" fills quickly... There is only 9Mb in the cache after two weeks of usage. The "proxy-cache-missed.log" : 192.168.0.99 - - [17/Aug/2015:07:49:00 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - 192.168.0.99 - - [17/Aug/2015:07:49:01 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600 192.168.0.99 - - [17/Aug/2015:07:49:06 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 - 192.168.0.99 - - [17/Aug/2015:07:49:06 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162 192.168.0.96 - - [17/Aug/2015:08:16:09 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:08:16:11 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600 192.168.0.96 - - [17/Aug/2015:08:16:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:08:16:13 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162 192.168.0.96 - - [17/Aug/2015:09:16:09 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:09:16:16 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9600 192.168.0.96 - - [17/Aug/2015:09:16:18 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:09:16:19 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162 192.168.0.96 - - [17/Aug/2015:10:17:10 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:10:17:10 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9594 192.168.0.96 - - [17/Aug/2015:10:17:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:10:17:13 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162 192.168.0.96 - - [17/Aug/2015:10:17:14 +0100] "HEAD hxxp://update.eset.com/ep6-rel-sta/mod_002_engine_25308/em002_32_n1.nup HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:10:17:14 +0100] "GET hxxp://update.eset.com/ep6-rel-sta/mod_002_engine_25308/em002_32_n1.nup HTTP/1.1" 200 12309 192.168.0.96 - - [17/Aug/2015:10:17:15 +0100] "HEAD hxxp://update.eset.com/ep6-rel-sta/mod_023_pegasus_6675/em023_32_n1.nup HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:10:17:16 +0100] "GET hxxp://update.eset.com/ep6-rel-sta/mod_023_pegasus_6675/em023_32_n1.nup HTTP/1.1" 200 13699 192.168.0.96 - - [17/Aug/2015:11:17:10 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:11:17:11 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/update.ver HTTP/1.1" 200 9594 192.168.0.96 - - [17/Aug/2015:11:17:12 +0100] "HEAD hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 401 - 192.168.0.96 - - [17/Aug/2015:11:17:12 +0100] "GET hxxp://update.eset.com/eset_upd/ep6/pcu/update.ver HTTP/1.1" 404 162 I find it strange to have 404 HTTP header on update.ver, it whould be working all the time... my cache directory us way bigger than the mirror directory (more than 300 mb), but downloads are still slow (i have set up all my pcs to use it)
  15. Please create a new topic for particular issues where we could discuss them and assist you with resolving them. Installation of Agent Live installer via GPO which is a recommended way of installing Agent has always worked like a charm as far as I know. Should i also create a topic about my http proxy seemingly not caching or serving or something?
×
×
  • Create New...