Jump to content

Archived

This topic is now archived and is closed to further replies.

stevemaser

How to disable system.log logging?

Recommended Posts

So, in relation to my previous post about excessive default logging in /var/log/system.log with ESET 6, I was directed to modify:

 

/Applications/ESET\ Cybersecurity.app/Contents/etc/esets.cfg

 

To add these lines:

 

[syslog_class]
syslog_class = "error:warning:summ:part"

 

This greatly reduces the number of esets_daemon lines logged to system.log, but it does not eliminate them.

 

From what I can see in an old ESET 4 user guide, there are these logging parameters:

 

ESETS provides system daemon logging via syslog. Syslog is a standard for logging program messages and can be used to log system events such as network and security events.

Messages refer to a facility:

auth, authpriv, daemon, cron, ftp, lpr, kern, mail, ..., local0, ..., local7

Messages are assigned a priority/level by the sender of the message:

Error, Warning, Summall, Summ, Partall, Part, Info, Debug

This section describes how to configure and read the logging output of syslog. The ‘syslog_facility’ option (default value ‘daemon’) defines the syslog facility used for logging. To modify syslog settings edit the ESETS configuration file or use the Web interface. Modify the value of the ‘syslog_class’ parameter to change the logging class. We recommend you modify these settings only if you are familiar with syslog. For an example syslog configuration, see below:

syslog_facility = "daemon" syslog_class = "error:warning:summall" 

 

 

But none of them actually say how to *disable* system logging.

 

Anybody know the trick?

 

Share this post


Link to post
Share on other sites

Please try to delete the class you want disabled and let me know if that works.

Share this post


Link to post
Share on other sites

So, right now, I have the value set to:

 

syslog_class = ""

 

This has *greatly reduced* the logging -- but has not eliminated it.

 

I am still getting these:

 

Apr 24 11:23:11 <myhost> esets_daemon[275]: summ[01130c00]: vdb=18016, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv800016q/C/com.apple.internetaccounts/mds/mdsDirectory.db_", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted"

Apr 24 11:25:48 <myhost> esets_daemon[275]: summ[01130b00]: vdb=18016, agent=fac, name="/private/var/folders/n1/zbkcr0gx585dmtnqh13gnpv800016q/C/com.apple.mail/mds/mdsDirectory.db_", virus="", action="", info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted"

host-134:log maser$ 

 
 
This would be better than nothing, but it's not eliminating everything (when it probably should be, right?)

Share this post


Link to post
Share on other sites

Hello,

 

[Edited to have the confirmed solution. Kudos to AlexJ for supplying the final solution.]

In some testing I and another did today, we beleive we may have found the solution you are looking for. Can you execute the following command from a terminal and then rebooting? Please inform us if this works to filter all the esets entries in your system.log.

 

sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_facility=none

 

You will notice the commands will first add "syslog_facility = none" to the esets.cfg. This tells ESET to no longer log any items to the system.log

 

If for some reason the commands are giving syntax errors, please let me know the following information:

- The Mac OS X version

- Which ESET CyberSecurity product you are using (CyberSecurity or CyberSecurity Pro)

- The version number for your CyberSecurity product (5 or 6).

 

We may need to adjust the folder path depending on your installed ESET product.

 

Again, please reply to this thread to let us know if this resolves the issue.

 

 

After further testing we found that we needed to use syslog_facility=none not syslog_class=none to disable all ESET logging to the system.log file. You can do this by running the following command:

 

 

sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_facility=none

 

Once completed restart your computer and check to ensure no more ESET log entries are showing up in the system.log file.

Share this post


Link to post
Share on other sites

Please inform us if this works to filter all the esets entries in your system.log.

 

Just wanted to say that I tried this out, adjusted the folder path for the Pro version, and restarted - but still getting these entries in system.log...

info="Event occurred on a newly created file.", avstatus="not scanned", hop="accepted"

There were no errors when executing the two commands (after fixing the path for pro). Mac OS X 10.9.2; CyberSecurity Pro 6.0.9.1

 

Share this post


Link to post
Share on other sites

Hello,

 

In some testing I and another did today, we beleive we may have found the solution you are looking for.  Can you execut the 2 following commands from a terminal and then rebooting?  Please inform us if this works to filter all the esets entries in your system.log.

 

sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class=none

sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class

 

You will notice the commands will first add "syslog_class = none" to the esets.cfg.  The second command will comment out the entry which should effectively stop logging to the system log.

 

If for some reason the commands are giving syntax errors, please let me know the following information:

     - The Mac OS X version

     - Which ESET CyberSecurity product you are using (CyberSecurity or CyberSecurity Pro)

     - The version number for your CyberSecurity product (5 or 6).

 

We may need to adjust the folder path depending on your installed ESET product.

 

Again, please reply to this thread to let us know if this resolves the issue.

 

 

This made no difference for my testing.   

 

I have the same results as above -- where running the two commands adds a:

 

#syslog_class = "none"

 

line to my esets.cfg file

 

I am running 10.9.2 and 6.0.9.1 of the trial version of "Cyber Security" (as seen by what comes up in the "About" screen...)

Share this post


Link to post
Share on other sites

After further testing we found that we needed to use syslog_facility=none not syslog_class=none to disable all ESET logging to the system.log file. Please ensure the previous syslog_class option is commented out or removed from the esets.cfg file. You can do this by running the following command:

 

sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class

 

After that please run the command below to add syslog_facility=none to the global section of the esets.cfg file:

 

sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_facility=none

 

Once completed restart your computer and check to ensure no more ESET log entries are showing up in the system.log file.

Share this post


Link to post
Share on other sites

After further testing we found that we needed to use syslog_facility=none not syslog_class=none to disable all ESET logging to the system.log file.

Once completed restart your computer and check to ensure no more ESET log entries are showing up in the system.log file.

 

Thank you, that now works. :D

Share this post


Link to post
Share on other sites

Should this be expected to work on *all* versions of Cyber Security?   Or just the current 6.0 version?  Or only under 10.9 (vs. 10.8?)

 

Can you clarify?

 

(The reason I ask is that when I tried this under SCEP 4.5  -- which I fully understand is Microsoft's licensing of your product-- the computer will kernel panic after restart (over and over) and I had to comment that line out of "scep.cfg"...)

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...