Gathering ESET threat logs

[M.Wajahat 0]

Hi,

I am using ESET end-point security product and my username is EAV-00186105.

I want to view details of malware and threats detected by ESET. These details must at least include :-

1) Threat name

2) Threat source URL

3) Source IP Address

4) Destination IP Address

5) Threat detection time  etc.

 

I have read ESET user-guide but there is nothing about logs collection. Kindly give a handy solution.

Thanks

[Marcos 5,074]

If you also use ESET Remote Administrator to manage Endpoints, you should be able to create the appropriate threat reports on a regular basis.

[M.Wajahat 0]

We don't use ESET Remote Administrator. We require threat detection parameters (mentioned in question) so that we could dump these in our central database. 

I don't know whether these parameters are available in threatlog.dat file because I am unable to convert it into a TXT file.

Edited August 22, 2017 by M.Wajahat

[Peter Randziak 1,130]

You can set the Endpoints to export the logs into a plain text format.

It is  recommended to use Remote Administrator to manage larger scale deployments.

[M.Wajahat 0]

I am getting logs in /var/log/messages but the information is incomplete.

For eg:

Aug 21 14:57:16 server-xxxx esets_daemon[3898]: summ[0f3a0208]: vdb=34471, agent=icap, name="hxxp://www.eicar.org/download/eicar.com.txt", virus="Eicar test file", action="cleaned by deleting", info="", avstatus="clean (deleted)", hop="discarded"
Aug 21 14:57:16 lux-126-02-01 esets_icap[3906]: summ[0f420101]: method="RESPMOD", object="hxxp://www.eicar.org/download/eicar.com.txt", status="clean (deleted)", action="discarded"

 

I want source and destination IP addresses which I am not getting from logs.

[M.Wajahat 0]

I am trying to collect useful threat details from ESET logs.

Is there any way to get Source and Destination IP addresses of threat in syslog of ESET ?

 

Kindly give any solution.