Retrieve more detailled on-demand scan results via the terminal

[QuestionPerson 0]

Hi,

I'm looking into ESET on-demand scans on Linux, and am trying to figure out how to retrieve the details of an on-demand scan.

Specifically, I have a directory filled with a couple of random files and directories, including two Eicar test files. So far I am using <lslog> with parameters <--scans --with-log-name> to get a scan's log name, followed by <lslog> with parameters <--ods-details> and <--ods-detections>. This yields a scan's basic duration and detection information.

However, I am looking for:

• A list of all files and directories that have been scanned. Right now, the <--ods-details> output merely lists the top folder that I asked ESET to scan. I'm looking for a list of all (sub-)folders and all files that ESET actually did scan.
• Detection details. In this thread the log yields much more detailed information about an encountered threat. I was wondering where/how I might retrieve this information for threats encountered during an on-demand scan.
• More verbose output. Specifically, I was looking at an exported (to xml) config file and found three fields of interest: <Settings/Log/SyslogFacility> (default: 5), <Settings/Log/MinimumLogVerbosity> (default: 8), and <Plugins/ODScand/LogAllEnable> (default: 0). What are these? What values are accepted? How can I set these in order to have ESET yield more verbose logging information? What additional information is available?

[Marcos 5,069]

9 minutes ago, QuestionPerson said:

• A list of all files and directories that have been scanned.

You'd need to enable logging of all scanned files. This is possible only on Windows but it's disabled by default since it would unnecessarily generate extremely big logs when scanning drives or folders with many files inside.

9 minutes ago, QuestionPerson said:

• Detection details. In this thread the log yields much more detailed information about an encountered threat.

All the information is available only in the Detections log, not in on-demand scanner logs.

9 minutes ago, QuestionPerson said:

• More verbose output. Specifically, I was looking at an exported (to xml) config file and found three fields of interest: <Settings/Log/SyslogFacility> (default: 5), <Settings/Log/MinimumLogVerbosity> (default: 8), and <Plugins/ODScand/LogAllEnable> (default: 0). What are these? What values are accepted? How can I set these in order to have ESET yield more verbose logging information? What additional information is available?

In on-demand scanner logs the following information are logged (on Windows):
The scan start time, duration, version of the engine used, the full path to a reported file (in case of detection or error), the name of the detection, the action taken, the total number of scanned files and the total number of clean files. Not sure what other information you'd expect.
 

[QuestionPerson 0]

Thank you for the swift reply, Marcos!

7 minutes ago, Marcos said:

You'd need to enable logging of all scanned files. This is possible only on Windows

How would I enable this on Windows? Can you confirm that, on Linux, there is no entry to be found in an exported xml config file that would enable the listing of all scanned files?

 

10 minutes ago, Marcos said:

Not sure what other information you'd expect.

Right now I'm still learning about ESET and looking for all the information I can retrieve from the logs

As you rightly stated though, the detection log really should have all I need. However, a list of scanned directories and items would still be important to have in my use case.

[Marcos 5,069]

On Windows it can be enabled in the ThreatSense setup for a particular on-demand scan profile. On Linux this option is not available.

 

[QuestionPerson 0]

When exporting the ESET configuration, there is a "LogAllEnable" flag for the on-demand scan (default: 0). Is this the same option? (Does it simply not have any effect when set to "1" on Linux..?)