M.Wajahat 0 Posted August 22, 2017 Share Posted August 22, 2017 Hi, I am using ESET end-point security product and my username is EAV-00186105. I want to view details of malware and threats detected by ESET. These details must at least include :- 1) Threat name 2) Threat source URL 3) Source IP Address 4) Destination IP Address 5) Threat detection time etc. I have read ESET user-guide but there is nothing about logs collection. Kindly give a handy solution. Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 22, 2017 Administrators Share Posted August 22, 2017 If you also use ESET Remote Administrator to manage Endpoints, you should be able to create the appropriate threat reports on a regular basis. Link to comment Share on other sites More sharing options...
M.Wajahat 0 Posted August 22, 2017 Author Share Posted August 22, 2017 (edited) We don't use ESET Remote Administrator. We require threat detection parameters (mentioned in question) so that we could dump these in our central database. I don't know whether these parameters are available in threatlog.dat file because I am unable to convert it into a TXT file. Edited August 22, 2017 by M.Wajahat Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted August 22, 2017 ESET Moderators Share Posted August 22, 2017 You can set the Endpoints to export the logs into a plain text format. It is recommended to use Remote Administrator to manage larger scale deployments. Link to comment Share on other sites More sharing options...
M.Wajahat 0 Posted August 22, 2017 Author Share Posted August 22, 2017 I am getting logs in /var/log/messages but the information is incomplete. For eg: Aug 21 14:57:16 server-xxxx esets_daemon[3898]: summ[0f3a0208]: vdb=34471, agent=icap, name="hxxp://www.eicar.org/download/eicar.com.txt", virus="Eicar test file", action="cleaned by deleting", info="", avstatus="clean (deleted)", hop="discarded" Aug 21 14:57:16 lux-126-02-01 esets_icap[3906]: summ[0f420101]: method="RESPMOD", object="hxxp://www.eicar.org/download/eicar.com.txt", status="clean (deleted)", action="discarded" I want source and destination IP addresses which I am not getting from logs. Link to comment Share on other sites More sharing options...
M.Wajahat 0 Posted August 24, 2017 Author Share Posted August 24, 2017 I am trying to collect useful threat details from ESET logs. Is there any way to get Source and Destination IP addresses of threat in syslog of ESET ? Kindly give any solution. Link to comment Share on other sites More sharing options...
Recommended Posts