M.Wajahat 0 Posted August 22, 2017 Posted August 22, 2017 Hi, I am using ESET end-point security product and my username is EAV-00186105. I want to view details of malware and threats detected by ESET. These details must at least include :- 1) Threat name 2) Threat source URL 3) Source IP Address 4) Destination IP Address 5) Threat detection time etc. I have read ESET user-guide but there is nothing about logs collection. Kindly give a handy solution. Thanks
Administrators Marcos 5,451 Posted August 22, 2017 Administrators Posted August 22, 2017 If you also use ESET Remote Administrator to manage Endpoints, you should be able to create the appropriate threat reports on a regular basis.
M.Wajahat 0 Posted August 22, 2017 Author Posted August 22, 2017 (edited) We don't use ESET Remote Administrator. We require threat detection parameters (mentioned in question) so that we could dump these in our central database. I don't know whether these parameters are available in threatlog.dat file because I am unable to convert it into a TXT file. Edited August 22, 2017 by M.Wajahat
ESET Moderators Peter Randziak 1,181 Posted August 22, 2017 ESET Moderators Posted August 22, 2017 You can set the Endpoints to export the logs into a plain text format. It is recommended to use Remote Administrator to manage larger scale deployments.
M.Wajahat 0 Posted August 22, 2017 Author Posted August 22, 2017 I am getting logs in /var/log/messages but the information is incomplete. For eg: Aug 21 14:57:16 server-xxxx esets_daemon[3898]: summ[0f3a0208]: vdb=34471, agent=icap, name="hxxp://www.eicar.org/download/eicar.com.txt", virus="Eicar test file", action="cleaned by deleting", info="", avstatus="clean (deleted)", hop="discarded" Aug 21 14:57:16 lux-126-02-01 esets_icap[3906]: summ[0f420101]: method="RESPMOD", object="hxxp://www.eicar.org/download/eicar.com.txt", status="clean (deleted)", action="discarded" I want source and destination IP addresses which I am not getting from logs.
M.Wajahat 0 Posted August 24, 2017 Author Posted August 24, 2017 I am trying to collect useful threat details from ESET logs. Is there any way to get Source and Destination IP addresses of threat in syslog of ESET ? Kindly give any solution.
Recommended Posts