Jump to content

large log files on clients


Go to solution Solved by alesk8ter,

Recommended Posts

I have this problem now on a 70 to 80 clients network. Some windows-based clients have this issue (there is Mac users too, but they dont have this issue now). The entire system experiments lag while Eset is building the log file, most of this issue comes from the firewall log, writting epfwlog.dat. In a particular client, the file is about 3GB size. First of all, i have checked what's going on in the network, what does the Eset is stopping that generates a lot of log file, i found IPV6 broadcast (i just disable IPV6 since the network doesnt need it to work properly with the actual applications). Most of all the traffic corresponding to UDP traffic (dropbox, spotify for Mac), there are more random ports broadcasting over UDP, some of 'em corresponding to Server applications

 

I know there are more solutions to this problem, like disable the troubleshotting log from the eset clients, but this log helps me to find other stuffs while monitoring the network and clients's problems. So im wondering if there is a way to send from the Eset Remote Administrator a policy (or where is the option) about the logging on clients, some like erase logs that has 5 days old or more.

 

Clients running Eset endpoint security v5.0.228.1

Eset remote administrator v5.1.34

 

Thank you!

Link to comment
Share on other sites

  • Administrators

That usually happens if logging of blocked communications is enabled. Please make sure it's disabled in the advanced IDS setup as this option serves only for troubleshooting purposes.

Link to comment
Share on other sites

  • Solution

Thanks for your reply. We're on a corporate enviroment and we must ensure the security on all clients. We have a firewall that brings protection for internet connections, and ESET running on intranet clients. Our firewall can stop attacks incoming from internet, but we rely on or Firewall and Eset to prevent attacks/virus and other threads inside the network, thats why we dont want to disable IDS logging.

 

I was asking for a way to send clients a policy about Logs, store critical warnings and other kind of logs only for a few days, and I found it. It seems that can be configure in the Eset configuration Editor > Windows Desktop v5 > Kernel > Settings > Log Files. There is the log lifetime and level  log to be saved (i think this part is were we can control logs on clients). However, I really appreciate the tip and information you bring, its something we have to consider too.

 

Thank you!

Edited by alesk8ter
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...