alesk8ter 0 Posted January 29, 2016 Share Posted January 29, 2016 I have this problem now on a 70 to 80 clients network. Some windows-based clients have this issue (there is Mac users too, but they dont have this issue now). The entire system experiments lag while Eset is building the log file, most of this issue comes from the firewall log, writting epfwlog.dat. In a particular client, the file is about 3GB size. First of all, i have checked what's going on in the network, what does the Eset is stopping that generates a lot of log file, i found IPV6 broadcast (i just disable IPV6 since the network doesnt need it to work properly with the actual applications). Most of all the traffic corresponding to UDP traffic (dropbox, spotify for Mac), there are more random ports broadcasting over UDP, some of 'em corresponding to Server applications I know there are more solutions to this problem, like disable the troubleshotting log from the eset clients, but this log helps me to find other stuffs while monitoring the network and clients's problems. So im wondering if there is a way to send from the Eset Remote Administrator a policy (or where is the option) about the logging on clients, some like erase logs that has 5 days old or more. Clients running Eset endpoint security v5.0.228.1 Eset remote administrator v5.1.34 Thank you! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,273 Posted January 29, 2016 Administrators Share Posted January 29, 2016 That usually happens if logging of blocked communications is enabled. Please make sure it's disabled in the advanced IDS setup as this option serves only for troubleshooting purposes. Link to comment Share on other sites More sharing options...
Solution alesk8ter 0 Posted January 29, 2016 Author Solution Share Posted January 29, 2016 (edited) Thanks for your reply. We're on a corporate enviroment and we must ensure the security on all clients. We have a firewall that brings protection for internet connections, and ESET running on intranet clients. Our firewall can stop attacks incoming from internet, but we rely on or Firewall and Eset to prevent attacks/virus and other threads inside the network, thats why we dont want to disable IDS logging. I was asking for a way to send clients a policy about Logs, store critical warnings and other kind of logs only for a few days, and I found it. It seems that can be configure in the Eset configuration Editor > Windows Desktop v5 > Kernel > Settings > Log Files. There is the log lifetime and level log to be saved (i think this part is were we can control logs on clients). However, I really appreciate the tip and information you bring, its something we have to consider too. Thank you! Edited January 29, 2016 by alesk8ter Link to comment Share on other sites More sharing options...
Recommended Posts