Panagiotis Goudas 0 Posted December 19, 2023 Share Posted December 19, 2023 Hello everyone. I have a question about ESET logs. ESET creates a .dat log file in hosts' PCs. The policy of ESET Protect is to delete logs every 15 days. If I just delete a log file, will ESET create a new one after these 15 days? Is it safe to do so or it will affect ESET console's policy about logs? Thanks in advance for your answer. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted December 19, 2023 Administrators Share Posted December 19, 2023 Unfortunately the question is not clear. ESET logs to several dat files. If you remove the log completely (ie. delete the dat log files in safe mode), the program will create new dat files and continue to write new records there. Link to comment Share on other sites More sharing options...
Panagiotis Goudas 0 Posted December 19, 2023 Author Share Posted December 19, 2023 I think you answered my question Marcos. I wanted to know If I delete this file (dat file), will the program create a new dat file and continue to write records there. I have a policy that deletes logs automatically every 15 days. I have a host that has a big log file and I want to delete it before these 15 days. So this was my question actually. If this action creates a problem in the logging procedure of ESET. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted December 19, 2023 Administrators Share Posted December 19, 2023 The logs can be deleted only in safe mode since they are in use by ekrn.exe otherwise. If a particular log grows quickly, you should find the root cause and perhaps change the setting responsible for the extensive logging (e.g. diagnostic logging severity, enabled logging in firewall rules with informative severity, etc.). Link to comment Share on other sites More sharing options...
Panagiotis Goudas 0 Posted December 19, 2023 Author Share Posted December 19, 2023 OK but even if I try to delete this file in safe mode, it won't really affect ESET logs behaviour? Except from having ESET to create a new log file. Any quick recommendations about how to find the root cause of extensive logging? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted December 19, 2023 Administrators Share Posted December 19, 2023 2 minutes ago, Panagiotis Goudas said: OK but even if I try to delete this file in safe mode, it won't really affect ESET logs behaviour? Except from having ESET to create a new log file. Deleting dat log files in safe mode is safe, it won't have any effect on further logging. 4 minutes ago, Panagiotis Goudas said: Any quick recommendations about how to find the root cause of extensive logging? Please provide logs collected with ESET Log Collector which should help us find the root cause of the extensive logging. Link to comment Share on other sites More sharing options...
Panagiotis Goudas 0 Posted December 19, 2023 Author Share Posted December 19, 2023 Should I just run log collector as shown in the attached image? When we talk about safe mode, we mean windows safe mode right? And one more question please. Thank you very much for your all your answers. Can I check somehow on which day will ESET delete the log files again? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted December 19, 2023 Administrators Share Posted December 19, 2023 1, Yes, it should be possible to collect logs this way. However, sometimes it may be necessary to collect logs directly on a troublesome client as per the instructions at https://support.eset.com/en/kb3466. 2, Yes, I meant Windows safe mode. 3, ESET doesn't delete log files. Only records older than the configured age (90 days by default) are invalidated and subsequently removed by the log maintenance task run by scheduler. Link to comment Share on other sites More sharing options...
Panagiotis Goudas 0 Posted December 20, 2023 Author Share Posted December 20, 2023 Thanks a lot for your answer and your help. In case I want to collect logs remotely through the ESET console, the best way to do it is through Log Collector? What is the difference between Log Collector and Diagnostic Logs? Link to comment Share on other sites More sharing options...
Recommended Posts