Log aggregation

Discussion in 'ESET NOD32 Antivirus' started by aluminex, Jan 11, 2011.

Thread Status:
Not open for further replies.
  1. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    We are in the process of fine tuning our logging environment and are interested in forwarding threat alerts/scanlogs/etc... to a log aggregation system. Is this possible?

    The only option I can find is a log to syslog option but if I am not mistaken these logs are ERA server logs and have nothing to do with the actually clients.
     
  2. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    Hello,

    The default backend to the ESET Remote Administrator is an Access Database. If you directly access the DB you can query whatever information you like.

    As for built in features, the closest thing to what you are asking are provided by the notification manager and the reporting tab of the ERAC.
     
  3. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    So that means "no" right?
     
  4. ThomasC

    ThomasC Former ESET Support Rep

    Joined:
    Sep 8, 2008
    Posts:
    209
    Via a checkbox in the ERAC the answer is no. You could pull the information by other means. Of course that would be up to you. :)
     
  5. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143

    Can you elaborate? We actually aren't using access... we are using a SQL backend. If I understand correctly the logs that I see in each tab in the ERA are all stored under the server folders in flat files. I could pull from the application log but I am pretty sure those logs are only ERA Server logs and not clients.
     
  6. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    You can use the notification manager to send you an e-mail about certain client activity, or you could use your SQL server manager to export the client log info from the database.
     
  7. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143

    I am already doing this which works okay. However, this does not satisfy the requirements of our organization and we our up for a renewal of our maintenance agreement in a few months. We are just looking at all of our options.
     
  8. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    Any other ideas for pulling the data into our log aggregation system. I just want to give you a heads up we have 3000 clients and will not renew our maintenance if we can't get this data. I am just being honest here... don't know if you actually care...
     
  9. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    can you find the Access database that ThomasC mentioned, open it, review, export etc etc
     
  10. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143

    We aren't using access we are using SQL. This is something that will need to be continually sent to our log aggregation system. I have played around with notifications being sent to syslog but it doesn't seem to be working properly.
     
  11. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    So you looked at the access database and established there is nothing there you can use to import/connect/scrip to your SQL db? Or you didn't
     
  12. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143

    You aren't understanding me correctly.... We don't have an access database...
     
  13. rockshox

    rockshox Registered Member

    Joined:
    Oct 23, 2009
    Posts:
    261
    We are also using a SQL database instead of Access. On your SQL Server you will have your ESET database (ESETRADB I think is default). It's actually a pretty simple database with only about 20 or so tables. The two tables it sounds like you are looking for is ScanLog and ThreatLog. Both tables basically store the exact information you see when you are in ERAS.

    If you have a SQL DB Admin I'm am sure he/she can help get the information from those tables and possibly into your log aggregation system. If your log aggregation system is also using SQL that makes it even easier I would think. A job on the SQL server could move the data easily or possibly a trigger on the table itself.
     
Thread Status:
Not open for further replies.