Jump to content

Archived

This topic is now archived and is closed to further replies.

stevemaser

Where Are The Log Files For Eset Located On A Mac?

Recommended Posts

I know I can look at Tools --> Log Files to see activity, but are these log files written to a readable file on the Mac somewhere that will show me what the RTFSP detects?

 

If so, where?

 

Thanks!

 

- Steve

Share this post


Link to post
Share on other sites

Hi Steve,

 

I'm fairly certain that the log files are written to the 'system.log' file, located at '/private/var/log'.

 

To get there, open a new Finder window and on the menu bar click 'Go...' and then 'Go to Folder...'.

In the provided text box, enter "/private/var/log/system.log" and press OK.

Share this post


Link to post
Share on other sites

So, I thought that might be the case, but based on this thread:

 

https://forum.eset.com/topic/2324-how-to-disable-systemlog-logging/

 

I currently am running things intentionally disabling all logging to /var/log/system.log (because the default logging is *much* too chatty...)

 

But Tools --> Log Files still shows logged events (such as downloading eicar.com), so *that* information is being read from somewhere (maybe not a readable text log file...) to display it.

 

That's what I'm trying to find out -- Logging must be done in multiple locations -- where is the logging done that Tools --> Log Files reads from?

 

- Steve

Share this post


Link to post
Share on other sites

Okay, figured it out - the log files (excluding system.log) are stored in either of these paths:

/Applications/ESET Cyber Security.app/Contents/var/log
/Applications/ESET Cyber Security Pro.app/Contents/var/log

:ph34r:

Share this post


Link to post
Share on other sites

Which is the specific log file that correlates with what is visible in Tools --> Log Files, though?

Share this post


Link to post
Share on other sites

Which is the specific log file that correlates with what is visible in Tools --> Log Files, though?

 

So in Tools > Log Files, there's different logs to select from.

This is only my assumption:

 

section within program = file name

Detected threats = threatlog.dat

Events = eventlog.dat

Computer scan = (?)*

Parental = parentlog.dat

Firewall = firewalllog.dat

 

* In terms of 'computer scan', it would be one or more of the remaining files within the folder that hasn't been mentioned yet.

Perhaps someone else might be able to let you know specifically, as I'm only a regular user of the program.

Share this post


Link to post
Share on other sites

Yeah, those are not world-readable, unfortunately.   It seems like those might be the files, though...

 

But maybe not.  I don't see the timestamps on anything change if I download "eicar.com"?

 

We'd probably have to filter against the system.log file...

Share this post


Link to post
Share on other sites

Yeah, those are not world-readable, unfortunately.   I'm sure those are the files, though...

 

We'd probably have to filter against the system.log file...

 

If you're needing to just clear out the system.log file, the solution posted in the topic you linked earlier does do the trick and you can just leave the built-in logs as is?

 

Edit: I noticed the timestamps change for threatlog.dat after downloading "eicar.com".

 

After further testing we found that we needed to use syslog_facility=none not syslog_class=none to disable all ESET logging to the system.log file. Please ensure the previous syslog_class option is commented out or removed from the esets.cfg file. You can do this by running the following command:

 

sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_class

 

After that please run the command below to add syslog_facility=none to the global section of the esets.cfg file:

 

sudo /Applications/ESET\ Cyber\ Security.app/Contents/MacOS/esets_set --section global --set syslog_facility=none

 

Once completed restart your computer and check to ensure no more ESET log entries are showing up in the system.log file.

Share this post


Link to post
Share on other sites

Our overall goal here is to be able to generate a report on multiple machines to see what viruses are being detected on each of them, but not having to parse a system.log file that would rotate every day (which is still doable, but...)

 

We had hoped we could block of the logging to system.log and read the logs that the *application* is still displaying, but it seems not...

Share this post


Link to post
Share on other sites

Our overall goal here is to be able to generate a report on multiple machines to see what viruses are being detected on each of them, but not having to parse a system.log file that would rotate every day (which is still doable, but...)

 

We had hoped we could block of the logging to system.log and read the logs that the *application* is still displaying, but it seems not...

 

That makes sense. I wonder if ESET NOD32 Antivirus Business Edition for Mac OS X with ESET Remote Administrator could provide this for you?

I'll definitely need to allow someone from ESET or another user respond to this topic now, as it's something I'm not familiar with.

Share this post


Link to post
Share on other sites

Multiple macs on a network ? administering and gathering logs ?

This was designed for endpoints and ERA.

Sorry there is no mac version of era.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...