Jump to content

Gathering ESET threat logs


M.Wajahat
 Share

Recommended Posts

Hi,

I am using ESET end-point security product and my username is EAV-00186105.

I want to view details of malware and threats detected by ESET. These details must at least include :-

1) Threat name

2) Threat source URL

3) Source IP Address

4) Destination IP Address

5) Threat detection time  etc.

 

I have read ESET user-guide but there is nothing about logs collection. Kindly give a handy solution.

Thanks

Link to comment
Share on other sites

  • Administrators

If you also use ESET Remote Administrator to manage Endpoints, you should be able to create the appropriate threat reports on a regular basis.

Link to comment
Share on other sites

We don't use ESET Remote Administrator. We require threat detection parameters (mentioned in question) so that we could dump these in our central database. 

I don't know whether these parameters are available in threatlog.dat file because I am unable to convert it into a TXT file.

Edited by M.Wajahat
Link to comment
Share on other sites

I am getting logs in /var/log/messages but the information is incomplete.

For eg:

Aug 21 14:57:16 server-xxxx esets_daemon[3898]: summ[0f3a0208]: vdb=34471, agent=icap, name="hxxp://www.eicar.org/download/eicar.com.txt", virus="Eicar test file", action="cleaned by deleting", info="", avstatus="clean (deleted)", hop="discarded"
Aug 21 14:57:16 lux-126-02-01 esets_icap[3906]: summ[0f420101]: method="RESPMOD", object="hxxp://www.eicar.org/download/eicar.com.txt", status="clean (deleted)", action="discarded"

 

I want source and destination IP addresses which I am not getting from logs.

Link to comment
Share on other sites

I am trying to collect useful threat details from ESET logs.

Is there any way to get Source and Destination IP addresses of threat in syslog of ESET ?

 

Kindly give any solution.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...