stevemaser 2 Posted April 23, 2014 Share Posted April 23, 2014 So, in relation to my previous post about excessive default logging in /var/log/system.log with ESET 6, I was directed to modify: /Applications/ESET\ Cybersecurity.app/Contents/etc/esets.cfg To add these lines: [syslog_class]syslog_class = "error:warning:summ:part" This greatly reduces the number of esets_daemon lines logged to system.log, but it does not eliminate them. From what I can see in an old ESET 4 user guide, there are these logging parameters: ESETS provides system daemon logging via syslog. Syslog is a standard for logging program messages and can be used to log system events such as network and security events. Messages refer to a facility: auth, authpriv, daemon, cron, ftp, lpr, kern, mail, ..., local0, ..., local7 Messages are assigned a priority/level by the sender of the message: Error, Warning, Summall, Summ, Partall, Part, Info, Debug This section describes how to configure and read the logging output of syslog. The ‘syslog_facility’ option (default value ‘daemon’) defines the syslog facility used for logging. To modify syslog settings edit the ESETS configuration file or use the Web interface. Modify the value of the ‘syslog_class’ parameter to change the logging class. We recommend you modify these settings only if you are familiar with syslog. For an example syslog configuration, see below: syslog_facility = "daemon" syslog_class = "error:warning:summall" But none of them actually say how to *disable* system logging. Anybody know the trick? Link to comment Share on other sites More sharing options...
Former ESET Employees AlexJ 9 Posted April 24, 2014 Former ESET Employees Share Posted April 24, 2014 Please try to delete the class you want disabled and let me know if that works. Link to comment Share on other sites More sharing options...
stevemaser 2 Posted April 24, 2014 Author Share Posted April 24, 2014 So, right now, I have the value set to: syslog_class = "" This has *greatly reduced* the logging -- but has not eliminated it. I am still getting these: Apr 24 11:23:11 <myhost> esets_daemon[275]: summ[01130c00]: vdb=18016, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv800016q/C/com.apple.internetaccounts/mds/mdsDirectory.db_", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" Apr 24 11:25:48 <myhost> esets_daemon[275]: summ[01130b00]: vdb=18016, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv800016q/C/com.apple.mail/mds/mdsDirectory.db_", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" host-134:log maser$ This would be better than nothing, but it's not eliminating everything (when it probably should be, right?) Link to comment Share on other sites More sharing options...
ESET Staff JamesR 58 Posted May 2, 2014 ESET Staff Share Posted May 2, 2014 (edited) Hello, [Edited to have the confirmed solution. Kudos to AlexJ for supplying the final solution.] In some testing I and another did today, we beleive we may have found the solution you are looking for. Can you execute the following command from a terminal and then rebooting? Please inform us if this works to filter all the esets entries in your system.log. sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_facility=none You will notice the commands will first add "syslog_facility = none" to the esets.cfg. This tells ESET to no longer log any items to the system.log If for some reason the commands are giving syntax errors, please let me know the following information: - The Mac OS X version - Which ESET CyberSecurity product you are using (CyberSecurity or CyberSecurity Pro) - The version number for your CyberSecurity product (5 or 6). We may need to adjust the folder path depending on your installed ESET product. Again, please reply to this thread to let us know if this resolves the issue. After further testing we found that we needed to use syslog_facility=none not syslog_class=none to disable all ESET logging to the system.log file. You can do this by running the following command: sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_facility=none Once completed restart your computer and check to ensure no more ESET log entries are showing up in the system.log file. Edited May 5, 2014 by JamesR To display correct info for the solution. Link to comment Share on other sites More sharing options...
Most Valued Members planet 232 Posted May 3, 2014 Most Valued Members Share Posted May 3, 2014 (edited) Please inform us if this works to filter all the esets entries in your system.log. Just wanted to say that I tried this out, adjusted the folder path for the Pro version, and restarted - but still getting these entries in system.log... info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted" There were no errors when executing the two commands (after fixing the path for pro). Mac OS X 10.9.2; CyberSecurity Pro 6.0.9.1 Edited June 4, 2014 by planet Link to comment Share on other sites More sharing options...
stevemaser 2 Posted May 5, 2014 Author Share Posted May 5, 2014 Hello, In some testing I and another did today, we beleive we may have found the solution you are looking for. Can you execut the 2 following commands from a terminal and then rebooting? Please inform us if this works to filter all the esets entries in your system.log. sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class=none sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class You will notice the commands will first add "syslog_class = none" to the esets.cfg. The second command will comment out the entry which should effectively stop logging to the system log. If for some reason the commands are giving syntax errors, please let me know the following information: - The Mac OS X version - Which ESET CyberSecurity product you are using (CyberSecurity or CyberSecurity Pro) - The version number for your CyberSecurity product (5 or 6). We may need to adjust the folder path depending on your installed ESET product. Again, please reply to this thread to let us know if this resolves the issue. This made no difference for my testing. I have the same results as above -- where running the two commands adds a: #syslog_class = "none" line to my esets.cfg file I am running 10.9.2 and 6.0.9.1 of the trial version of "Cyber Security" (as seen by what comes up in the "About" screen...) Link to comment Share on other sites More sharing options...
Former ESET Employees Solution AlexJ 9 Posted May 5, 2014 Former ESET Employees Solution Share Posted May 5, 2014 After further testing we found that we needed to use syslog_facility=none not syslog_class=none to disable all ESET logging to the system.log file. Please ensure the previous syslog_class option is commented out or removed from the esets.cfg file. You can do this by running the following command: sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class After that please run the command below to add syslog_facility=none to the global section of the esets.cfg file: sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_facility=none Once completed restart your computer and check to ensure no more ESET log entries are showing up in the system.log file. Link to comment Share on other sites More sharing options...
Most Valued Members planet 232 Posted May 5, 2014 Most Valued Members Share Posted May 5, 2014 After further testing we found that we needed to use syslog_facility=none not syslog_class=none to disable all ESET logging to the system.log file. Once completed restart your computer and check to ensure no more ESET log entries are showing up in the system.log file. Thank you, that now works. Link to comment Share on other sites More sharing options...
stevemaser 2 Posted May 6, 2014 Author Share Posted May 6, 2014 Should this be expected to work on *all* versions of Cyber Security? Or just the current 6.0 version? Or only under 10.9 (vs. 10.8?) Can you clarify? (The reason I ask is that when I tried this under SCEP 4.5 -- which I fully understand is Microsoft's licensing of your product-- the computer will kernel panic after restart (over and over) and I had to comment that line out of "scep.cfg"...) Link to comment Share on other sites More sharing options...
Recommended Posts