Jump to content

Retrieve more detailled on-demand scan results via the terminal


Recommended Posts

Hi,

I'm looking into ESET on-demand scans on Linux, and am trying to figure out how to retrieve the details of an on-demand scan.

Specifically, I have a directory filled with a couple of random files and directories, including two Eicar test files. So far I am using <lslog> with parameters <--scans --with-log-name> to get a scan's log name, followed by <lslog> with parameters <--ods-details> and <--ods-detections>. This yields a scan's basic duration and detection information.

However, I am looking for:

  • A list of all files and directories that have been scanned. Right now, the <--ods-details> output merely lists the top folder that I asked ESET to scan. I'm looking for a list of all (sub-)folders and all files that ESET actually did scan.
  • Detection details. In this thread the log yields much more detailed information about an encountered threat. I was wondering where/how I might retrieve this information for threats encountered during an on-demand scan.
  • More verbose output. Specifically, I was looking at an exported (to xml) config file and found three fields of interest: <Settings/Log/SyslogFacility> (default: 5), <Settings/Log/MinimumLogVerbosity> (default: 8), and <Plugins/ODScand/LogAllEnable> (default: 0). What are these? What values are accepted? How can I set these in order to have ESET yield more verbose logging information? What additional information is available?
Link to comment
Share on other sites

  • Administrators
9 minutes ago, QuestionPerson said:
  • A list of all files and directories that have been scanned.

You'd need to enable logging of all scanned files. This is possible only on Windows but it's disabled by default since it would unnecessarily generate extremely big logs when scanning drives or folders with many files inside.

9 minutes ago, QuestionPerson said:
  • Detection details. In this thread the log yields much more detailed information about an encountered threat.

All the information is available only in the Detections log, not in on-demand scanner logs.

9 minutes ago, QuestionPerson said:
  • More verbose output. Specifically, I was looking at an exported (to xml) config file and found three fields of interest: <Settings/Log/SyslogFacility> (default: 5), <Settings/Log/MinimumLogVerbosity> (default: 8), and <Plugins/ODScand/LogAllEnable> (default: 0). What are these? What values are accepted? How can I set these in order to have ESET yield more verbose logging information? What additional information is available?

In on-demand scanner logs the following information are logged (on Windows):
The scan start time, duration, version of the engine used, the full path to a reported file (in case of detection or error), the name of the detection, the action taken, the total number of scanned files and the total number of clean files. Not sure what other information you'd expect.
 

Link to comment
Share on other sites

Thank you for the swift reply, Marcos!

7 minutes ago, Marcos said:

You'd need to enable logging of all scanned files. This is possible only on Windows

How would I enable this on Windows? Can you confirm that, on Linux, there is no entry to be found in an exported xml config file that would enable the listing of all scanned files?

 

10 minutes ago, Marcos said:

Not sure what other information you'd expect.

Right now I'm still learning about ESET and looking for all the information I can retrieve from the logs :)

As you rightly stated though, the detection log really should have all I need. However, a list of scanned directories and items would still be important to have in my use case.

Link to comment
Share on other sites

  • Administrators

On Windows it can be enabled in the ThreatSense setup for a particular on-demand scan profile. On Linux this option is not available.

image.png

 

Link to comment
Share on other sites

When exporting the ESET configuration, there is a "LogAllEnable" flag for the on-demand scan (default: 0). Is this the same option? (Does it simply not have any effect when set to "1" on Linux..?)

eset_log_all.png

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...