stevemaser 2 Posted September 4, 2014 Share Posted September 4, 2014 I know I can look at Tools --> Log Files to see activity, but are these log files written to a readable file on the Mac somewhere that will show me what the RTFSP detects? If so, where? Thanks! - Steve Link to comment Share on other sites More sharing options...
Most Valued Members planet 232 Posted September 4, 2014 Most Valued Members Share Posted September 4, 2014 Hi Steve, I'm fairly certain that the log files are written to the 'system.log' file, located at '/private/var/log'. To get there, open a new Finder window and on the menu bar click 'Go...' and then 'Go to Folder...'. In the provided text box, enter "/private/var/log/system.log" and press OK. Link to comment Share on other sites More sharing options...
stevemaser 2 Posted September 4, 2014 Author Share Posted September 4, 2014 So, I thought that might be the case, but based on this thread: https://forum.eset.com/topic/2324-how-to-disable-systemlog-logging/ I currently am running things intentionally disabling all logging to /var/log/system.log (because the default logging is *much* too chatty...) But Tools --> Log Files still shows logged events (such as downloading eicar.com), so *that* information is being read from somewhere (maybe not a readable text log file...) to display it. That's what I'm trying to find out -- Logging must be done in multiple locations -- where is the logging done that Tools --> Log Files reads from? - Steve Link to comment Share on other sites More sharing options...
Most Valued Members planet 232 Posted September 4, 2014 Most Valued Members Share Posted September 4, 2014 (edited) Okay, figured it out - the log files (excluding system.log) are stored in either of these paths: /Applications/ESET Cyber Security.app/Contents/var/log /Applications/ESET Cyber Security Pro.app/Contents/var/log Edited September 4, 2014 by planet Link to comment Share on other sites More sharing options...
stevemaser 2 Posted September 5, 2014 Author Share Posted September 5, 2014 Which is the specific log file that correlates with what is visible in Tools --> Log Files, though? Link to comment Share on other sites More sharing options...
Most Valued Members planet 232 Posted September 5, 2014 Most Valued Members Share Posted September 5, 2014 Which is the specific log file that correlates with what is visible in Tools --> Log Files, though? So in Tools > Log Files, there's different logs to select from. This is only my assumption: section within program = file name Detected threats = threatlog.dat Events = eventlog.dat Computer scan = (?)* Parental = parentlog.dat Firewall = firewalllog.dat * In terms of 'computer scan', it would be one or more of the remaining files within the folder that hasn't been mentioned yet. Perhaps someone else might be able to let you know specifically, as I'm only a regular user of the program. Link to comment Share on other sites More sharing options...
stevemaser 2 Posted September 5, 2014 Author Share Posted September 5, 2014 (edited) Yeah, those are not world-readable, unfortunately. It seems like those might be the files, though... But maybe not. I don't see the timestamps on anything change if I download "eicar.com"? We'd probably have to filter against the system.log file... Edited September 5, 2014 by stevemaser Link to comment Share on other sites More sharing options...
Most Valued Members planet 232 Posted September 5, 2014 Most Valued Members Share Posted September 5, 2014 (edited) Yeah, those are not world-readable, unfortunately. I'm sure those are the files, though... We'd probably have to filter against the system.log file... If you're needing to just clear out the system.log file, the solution posted in the topic you linked earlier does do the trick and you can just leave the built-in logs as is? Edit: I noticed the timestamps change for threatlog.dat after downloading "eicar.com". After further testing we found that we needed to use syslog_facility=none not syslog_class=none to disable all ESET logging to the system.log file. Please ensure the previous syslog_class option is commented out or removed from the esets.cfg file. You can do this by running the following command: sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class After that please run the command below to add syslog_facility=none to the global section of the esets.cfg file: sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_facility=none Once completed restart your computer and check to ensure no more ESET log entries are showing up in the system.log file. Edited September 5, 2014 by planet Link to comment Share on other sites More sharing options...
stevemaser 2 Posted September 5, 2014 Author Share Posted September 5, 2014 Our overall goal here is to be able to generate a report on multiple machines to see what viruses are being detected on each of them, but not having to parse a system.log file that would rotate every day (which is still doable, but...) We had hoped we could block of the logging to system.log and read the logs that the *application* is still displaying, but it seems not... Link to comment Share on other sites More sharing options...
Most Valued Members planet 232 Posted September 5, 2014 Most Valued Members Share Posted September 5, 2014 Our overall goal here is to be able to generate a report on multiple machines to see what viruses are being detected on each of them, but not having to parse a system.log file that would rotate every day (which is still doable, but...) We had hoped we could block of the logging to system.log and read the logs that the *application* is still displaying, but it seems not... That makes sense. I wonder if ESET NOD32 Antivirus Business Edition for Mac OS X with ESET Remote Administrator could provide this for you? I'll definitely need to allow someone from ESET or another user respond to this topic now, as it's something I'm not familiar with. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted October 3, 2014 Share Posted October 3, 2014 Multiple macs on a network ? administering and gathering logs ? This was designed for endpoints and ERA. Sorry there is no mac version of era. Link to comment Share on other sites More sharing options...
Recommended Posts