Log files location and management

[acenrs12379]

Hi everyone,

My first post here. I've been reading these forums for years now, and they've always been a great source of help and reference, but it's finally time to jump in and join the party! This time I need some assistance, but I hope to be able to offer assistance down the road as well.

Simply put, how does one change the location of the logs created by the various program modules? Is it as simple as changing the "AppDataDir" value in the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info" to point to the desired directory and restarting the server? Is there a way to change the location and migrate existing log files gracefully (without stopping ESET services, manually moving the directory, changing the registry key, and restarting the services)? Specifically, I would like to do this on my installation of ESET Mail Security, but I imagine the same procedure could be used for Smart Security, Antivirus, and others. I am currently running version 4.3.10016.0. This seems like such a simple task - dare I say even one that could be taken care of during the initial installation wizard - but I can find it documented anywhere. In provisioning my latest server, I created a dedicated partition for ESET logs, and so far it is sitting unused.

Also, is there any way to make ESET logs VSS-aware, a la Exchange transaction logs, so that I can automatically have them truncated upon successful backup? It seems that I can either keep them small/short, or delete them if they start growing, but deleting them requires parsing the entire log in the integrated log viewer, which can become a lengthy and intensive process as the logs get larger. This is probably a long shot, since the logs are stored in individual database files (warnlog.dat, virlog.dat, etc.) and I'm guessing the database engine and/or log format might need to be different.

Thanks for any and all insight in advance!

Dan

[SmackyTheFrog]

You could always replace the folder the logs are being kept in with an NTFS mount point to the new volume you created for the logs. You wouldn't need to mess around with the application config and the change would be transparent to the software. You're going to need downtime on the service to do this, but I don't see a way around that at the moment.

I'm not personally running mail security so I'm extrapolating off my experience with other products, but generally I think you should be leaving the out of box defaults as much as you can. Those registry keys are monitored and locked by the self-defense feature so you'll be fighting that, and from what I can tell only the root of the applications working folder is specified so changing that registry value will repoint not just your logs but update data, application configuration profiles, and the installer package cache.

As for log cleanup, look in the advanced setup for the individual product. There are options to prune out log entries that are older than so many days/months automatically which should help you curb growth.