bitterandstout 0 Posted February 21, 2018 Posted February 21, 2018 when running esets_scan is it possible to send the scanlog to the console on the Remote Administrator? We're running on linux. Ver 6.5 ERA
Administrators Marcos 5,725 Posted February 21, 2018 Administrators Posted February 21, 2018 That shouldn't be possible. Only records with warning or critical severity are transferred to ERA.
bitterandstout 0 Posted February 21, 2018 Author Posted February 21, 2018 thanks Marcos, fair enough, wouldn't want to clutter things. So How is that configured, if I run esets_scan with --scanlog and it finds malware or a trojan, I don't see anything showing up in ERA. We're obviously pretty new to ESET. And are testing our configuration. Here is the command line I used: /opt/eset/esets/sbin/esets_scan --scanlog 1:Administrator --clean-mode=none --quarantine --log-all
Administrators Marcos 5,725 Posted February 21, 2018 Administrators Posted February 21, 2018 I would recommend contacting customer care. At least on Windows the on-demand scanner reports any found threats to ERA so I'd expect the Linux version to behave in a similar fashion.
ESET Staff MichalJ 434 Posted February 21, 2018 ESET Staff Posted February 21, 2018 Is ERA agent installed on the system? Do you use ERA 6.5? Is Linux product configured to connect to era server on “localhost” with port set to “2225”?
bitterandstout 0 Posted February 21, 2018 Author Posted February 21, 2018 yes were using We're Running ERA 6.5 and the agent (4.5.7) is installed. And yes the product is configured to to connect to ERA on localhost & port 2225.
ESET Staff MichalJ 434 Posted February 22, 2018 ESET Staff Posted February 22, 2018 Was this running normally before, or this is a fresh install, that has those issues? Is the product correctly reported as installed, and connecting inside the ERA webconsole?
ESET Staff MartinK 384 Posted February 22, 2018 ESET Staff Posted February 22, 2018 I have checked it with latest product (is there any reason you are not using 4.5.9.0?) and it seems to work. both threat and scan were reported in ERA. Quarantine content was also updated.
bitterandstout 0 Posted February 22, 2018 Author Posted February 22, 2018 Thanks Martin, The agent was upgraded yesterday to 4.5.9.0. WRT to normal running, I'd say no. After the upgrade I ran a full scan before leaving the office, sadly from the Remote Administrator Console it shows that scan is still running now. The log file on the server shows an error shortly after the scan was started: Feb 21 15:25:52 puppet2 esets_sci[30622]: warning[779e0000]: Cannot read from socket: Connection reset by peer Feb 21 15:25:52 puppet2 esets_sci[30622]: error[779e0000]: Cannot scan: Daemon closed connection
bitterandstout 0 Posted February 22, 2018 Author Posted February 22, 2018 (edited) Something is definitely wrong on this machine, I've a scan running that was started ~40 minutes ago with the same result "connection reset by peer" (syslog output) and it still shows as running in ERA, nothing written to syslog for 30 minutes. I think I'll open a case. Edited February 22, 2018 by bitterandstout
Recommended Posts