Jump to content

How to see a client log in SMC 7 ?


Recommended Posts

Hi

on a client pc, I can go into tools log files computer scan and see a history of scans. Is there a way for me to see this log in SMC7?  

In the SMC I've looked through the options under computer> logs> SysInspector, Log Collector and Diagnostics Logs but it doesn't seem to be there and doesn't seem an obvious way to get the client log on the SMC.

Can anyone assist?

thanks in advance

Keith

Link to comment
Share on other sites

  • Administrators

You can add a dashboard "Scan task results in last 30 days" to see results of recent scan run via a task:

image.png

Details about threats found during scans are available in the Threats window among other threats.

Link to comment
Share on other sites

  • ESET Staff

Information collected from the local machines towards ESMC is limited to the "important subset of data". Meaning what was scanned, when it was scanned, number of scanned files, and counts of infected / cleaned files. You can drill down to "threats section" in case 1 or more files were detected as being malicious. 

For what purpose you would like to see the "full scan log" ? 

Link to comment
Share on other sites

Hi

I'm migrating from remote Admin 5.3 to ESMC7. In 5.3 it's very easy, I right click the computer, go to Data for this Client, Scans and it shows me the full history of scans - regardless of whether they were the result of a scheduled scan or initiated by the user, and then I can drill down further and see the scan summary and extras like the list of files that couldn't be checked. It's pretty impressive.

With ESMC7 seems all I can get is any scheduled tasks. And there doesn't seem to be any way to create a custom task that would pull the information from the client. Seems a lot more work for me that I have to remote on to the client to see the scan information. Are you suggesting the scan history does not meet the criteria of "important subset of data" in managing clients? or are you saying that although ESMC 7 is considerably newer it's actually in some ways a less comprehensive product than the old 5.3?

thanks

Keith

Link to comment
Share on other sites

  • ESET Staff

Yes, it´s purposefully a "less comprehensive product" in some ways (but more comprehensive in others) as in general ERA 5 was just collecting all of the logs, that prevented it´s scaling and achieving some more advanced use-cases, full drill down report assembly, etc. 

What might be interesting is, what you do with the data you get? If you get the "full log", what are your follow up actions?  

In ESMC you can have a report "scans in last 30 days" (that you can edit for your configuration, or create a custom report template), place it on a dashboard, and then drill down into the details. It won´t give you all of the details, but you will see when, what, and what was actually detected. We can always extend the information is proven doable and there is a rationale use-case behind it. 

If you want, can you give me more details about your organization, like the amount of computers and your particular role? It´s sequential to the question about "checking scan-logs for files that have not been scanned". I am trying to understand your motivation for what you are doing. 

Thank you,

Michal 

Link to comment
Share on other sites

Hello

I'm the network admin for a small less business, less than 100 staff but spread over 5 offices and 3 time zones with 60/40 ratio of laptops to desktop machines

As you noted,with ESET 5 remote admin the pcs, provide all client logs to the server. This means I can check things like user initiated CD/DVD/USB drive scan logs, and I can see detailed scan results even when the laptop is not currently connected. As to what I get from it, ESET flags things like password encypted files like ZIPs RARs 7ZIPs as scan failures in the scan log. They are not viruses or threats, they are just failures, but as we know password protected files can also be attack vectors for a variety of malware. If I see password protected files in USB scan logs I can contact the staff person and investigate further if needed. Also, if a machine reports a virus, I need to know not just what it was and that it's been cleaned or deleted the more important question is how it got there. The client security logs are a valuable source of information for these processes.

With ESMC 7 I've looked into the "Scans in last 30 days" report but as far as I can tell it only reports on scheduled scan tasks that are driven by the ESMC server. I cant see a way for it to report on local/user initiated scans or scan jobs configured inside profiles. For example if a user plugs in a USB drive they are given the option to run a scan. If there's a way of modifying or creating a custom report template to include these locally initiated scans , I'd be very interested

I understand that as you say for scaling you limit the log information provided to the server and if looking at 1000's of clients it makes sense to limit what is stored on the server, but is there any way in ESMC 7 to turn on full log reporting for a group or even just an individual client?

thanks and regards

Keith

Link to comment
Share on other sites

  • ESET Staff

Thank you for your response @Voyager3

With regards to how to get the data (at least portion of it), I would recommend to duplicate a report template "high severity scans in last 30 days", and remove the severity entry from the filters (edit report template, navigate to "filters" and remove the severity filter set to "red" only). Then you will see all of the details, from all of the scans, regardless whether they have been triggered by task, or something else (including a context-menu scans, or ones triggered by scheduler).  You can easily place it on the dashboard if you want to have this directly available. 

Concerning your last questions, turning it on is not currently possible. I will investigate with the development team, whether this could be theoretically achieved, but even if yes, it would take some time to get it implemented. 

Link to comment
Share on other sites

Hi

thanks for the report suggestion, I can at least see what scans have been run now

I think some sort of ability to copy the complete scan log from a client to the server would be a good thing

thanks again

Keith

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...