vs2018sv 0 Posted July 28, 2020 Posted July 28, 2020 Hello, Is anyone aware of a way I can set my ESET Cloud endpoints to log all web control events. I am looking for a way to log all web events on my remote machines. Thank you
Most Valued Members Nightowl 206 Posted July 28, 2020 Most Valued Members Posted July 28, 2020 3 minutes ago, vs2018sv said: Hello, Is anyone aware of a way I can set my ESET Cloud endpoints to log all web control events. I am looking for a way to log all web events on my remote machines. Thank you It will log to you what files has been scanned in these websites whether it's clean or not, I believe what you want is a log of what the endpoints are entering into.
itman 1,804 Posted July 28, 2020 Posted July 28, 2020 This should be possible using Eset Remote Administrator. Refer to this: https://support.eset.com/en/kb6043-log-all-activity-blocked-by-web-control-rules-in-eset-remote-administrator-6x Although the article addresses blocked activity, appears it can also be configured for allowed activity.
vs2018sv 0 Posted July 28, 2020 Author Posted July 28, 2020 I followed the steps in the link above, but I am not getting any logging. What I am trying to do is log every site visited on a endpoint rather is is allowed or blocked. I want 100% of the browser traffic logged. I do get logging for blocked sites, but not for allowed. Snip of the rule I made and applied to the top of the rules list.
Administrators Marcos 5,458 Posted July 28, 2020 Administrators Posted July 28, 2020 The logging severity must be changed to Warning if you want Web Control records to be transmitted to ESMC. However, the higher number of visited urls be reported to ESMC, the more likely the ESMC server will stop responding due to being inundated with tons of Web Control data. Isabelle Andrade 1
vs2018sv 0 Posted July 28, 2020 Author Posted July 28, 2020 I changed the logging to warning and I am still not getting any logs on my endpoint telling me the sites I was visiting. I only see blocks still. It sounds like what I am trying to do... log all web traffic - is not supported can can cause issues with our ESET Cloud server. Can I put in a feature request? Searching this topic, I see several other's with very similar requests. Thanks
itman 1,804 Posted July 28, 2020 Posted July 28, 2020 (edited) Also monitoring and analysis of employee Internet use really requires specialized software. This article references a few: https://www.information-age.com/monitor-users-internet-activity-123468034/ Another approach is to restrict employee web site access such as blocking access to pornographic web sites and the like. Edited July 28, 2020 by itman
Administrators Marcos 5,458 Posted July 28, 2020 Administrators Posted July 28, 2020 Works for me: However, I'd like to stress again that opening a single website may generate dozens of records so reporting all urls from all machines can cause a big burden on the ESMC server and database and may render them unresponsive.
itman 1,804 Posted July 28, 2020 Posted July 28, 2020 Also refer to the following: [KB6957] Create and edit Web control rules in ESET business products using ESET Security Management Center (7.x) https://support.eset.com/en/kb6957-create-and-edit-web-control-rules-in-eset-business-products-using-eset-security-management-center-7x
vs2018sv 0 Posted July 28, 2020 Author Posted July 28, 2020 Marcos, Looks like I was able to get ESET to log all by going into web access protection > URL Address management > List of allowed Addresses and adding a new rule with * for the website. Visiting cnn.com generates over 200 "Filtered Websites" logs (They do not appear under web control logs). Do you know if it is possible to clear just the filtered website logs daily? Thanks
Administrators Marcos 5,458 Posted July 28, 2020 Administrators Posted July 28, 2020 It's not possible. I would not recommend using URL management to allow all addresses via * but instead create a Web Control group with all categories selected and "warning" logging severity set. Then create a custom report in ESMC using desired data from the Web Control category:
vs2018sv 0 Posted July 28, 2020 Author Posted July 28, 2020 Got it! Thank you! So the fact that this will eventually slow down the server and we have no way to clear the logs at a specific time frame on the server seems like a problem. Can I put in a feature request asking that ESET get this feature added to the software? Thank you
Administrators Marcos 5,458 Posted July 28, 2020 Administrators Posted July 28, 2020 You can clear logs on a daily basis but that's not recommended: Even if you were able to delete Web Control logs on clients on a daily basis , it would not mitigate the load on ESMC. Moreover, the enormous number of records generated on clients would make it impossible to get some useful data. However, I would encourage you to report any potentially good idea you may have to your local ESET partner who can then report it further to ESET and thus influence decisions about future improvements.
Recommended Posts