jacortijo 0 Posted May 19, 2015 Share Posted May 19, 2015 Hi all, I am involved in a project to integrate ESET logs into a SIEM tool (OSSIM). I installed the ERA Console and I saw that the ESET can be configured to do the logging to the OS... so I did ... I also configured the clients to allow remote administration as I plan to collect all the events in the server and log into the OS, windows 2003. I went to the option Tools --> Server options --> Logging After all the settings, in the console I see the clients but I dont see much event in the windows events...(I set level 5 and above in everything). I run a full scan and two virus were detected... someone could tell me where the events of those infections should be? I checked in the Application events and Security events and nothing appears over there... I am running win2003R2. Which event number are supposed to be for an infection? I only see a few events in the Application events subfolder regarding configuration changes in the console...the events 500 and 503, nothing else about the virus detections... thanks a lot. jose Link to comment Share on other sites More sharing options...
Recommended Posts