Where does ESET log events?? windows event viewer?

Discussion in 'NOD32 version 2 Forum' started by thepip3r, Jun 24, 2009.

Thread Status:
Not open for further replies.
  1. thepip3r

    thepip3r Registered Member

    Joined:
    Jun 24, 2009
    Posts:
    4
    where does ESET log events to on a host machine or on the centralized management server? can it log to a text file or to the windows event viewer? my company is thinking about moving to this AV product but have other log aggregation software that i'd like to log my AV events in. please let me know.

    tia!
     
  2. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    On the client-side, Nod32 keeps its logs in dat files located in C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\. They are binary files and you need the gui open to read them. Clients will forward these logs to a centralized management server (RAS) if they are configured to do so, giving you a single place to see threat alerts, scan logs, and event logs from your systems. The RAS keeps its logs in C:\Documents and Settings\All Users\Application Data\ESET\ESET Remote Administrator\Server\logs in text format that you can read and also has the option to log critical error or critical errors and session errors to the Windows event log. I don't think there is SNMP integration at the moment which would be the easiest way to forward alerts to a log aggregation system. You might be able to cludge something together with either the messanger service or email alerting which is supported at the moment.
     
  3. thepip3r

    thepip3r Registered Member

    Joined:
    Jun 24, 2009
    Posts:
    4
    thnx for the response smacky, do you know if either of these "parsable" logs contain information about infected hosts or are these specifically dedicated to RAS server system events (like functionality, updates, etc)?
     
  4. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello thepip3r,

    Any "event" that occurs to a client is reported to the Server. The console can be configured to send reports on a schedule of your choosing , showing every "event" that's occurred on the ESET network.

    The help files in the program do a good job of explaining how to do this.

    BFG
     
  5. thepip3r

    thepip3r Registered Member

    Joined:
    Jun 24, 2009
    Posts:
    4
    BFG: are the help files somewhere on the website?? if so, i wasn't able to find them. if not, again, i haven't purchased the software yet. i'm trying to evaluate whether or not this will work (ideally) in my environment.

    that's great that you can see anything in the ESET network but my question is more directly related to "how". can these events only be seen from a central proprietary management console or can the events be set up to log to a text file, the Windows Event Viewer, SNMP, etc. if the only option is the proprietary ESET manager software and not one of the aforementioned services (logs)--or some other facility (e.g. syslog), then i'm afraid it will be no good to me.

    and that is the ultimate answer i'm trying to get. where is the reporting for the software (albeit client or server) logged and can that log be parsed by or configured to log to something other than the ESET software (eg, text file, WINDOWS event log, SNMP, syslog, etc)?
     
  6. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello thepip3r,

    The logs can be created as a text file and/or be viewed in the Windows Event Viewer.

    This is what is said in the Help Files regarding logging.

    While running, ERA Server creates a log (Log filename) about its activity which is configurable (Log verbosity). If the Log to text file option is selected, new log files will be created (Rotate when greater than X MB) and deleted on a daily basis (Delete rotated logs older than X days).

    The Log to OS application log option allows information to be copied to the system event viewer log (Windows Control Panel > Administrative Tools > Event viewer).


    Help files are only available via the program.

    BFG
     
  7. thepip3r

    thepip3r Registered Member

    Joined:
    Jun 24, 2009
    Posts:
    4
    So I've been running ERA to the application log for awhile with logging level 2 like the support documentation recommends but i'm getting 0 agent information written into this log. The only Event Source entries I can find that correspond to ERA in my server's application log is the ERA_CONSOLE and ERA_SERVER sources and neither of them are displaying ESET agent information. I'm only seeing ERA server problems and notifications but nothing related to agents and that's specifically what I'm looking for.

    Do I simply need to turn up my verbosity on the ERA server to start seeing client events or (and if so, to what level)?? ..am I missing something else? Please advise...
     
    Last edited: Jul 10, 2009
Thread Status:
Not open for further replies.