Logmanager documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Logmanager documentation
  2. /
  3. Log source devices configuration
  4. /
  5. ESET Remote Administrator

ESET Remote Administrator

Introduction

ESET Remote Administrator (ERA) is a server-side application for remote control of ESET security solutions on client stations. As standard, Syslog type logging is supported. After the installation, ERA is initially set to log only server statuses into it’s own database. The following guide outlines the setup of logging on the Syslog interface of the Logmanager, followed by client stations information transmission.

Logging configuration to Syslog

Advanced server settings

Advanced server settings

Firstly, set the IP address and port details on the syslog Logmanager. From menu, select Tools ‣ Server options, bookmark Advanced ‣ Edit Advanced Settings.

Syslog configuration

Syslog configuration

Set the Syslog server name as the network server name (or IP address), and the syslog server port.

Recorded/logged information settings

After saving the changes, set the type of logged information. It is recommended to set it as outlined in the following figure. If you are likely to have higher levels of traffic (> 100 client stations), it is recommended to watch the system load via ERA and potentially set a lower level of logged information.

Type of logged information

Type of logged information

Logging configuration

Logging configuration

Next, ensure logging is set up for all types of events. In Server options click on Log Collecting Parameters… and at all types select All. Again, if higher traffic levels are likely to be experienced, it is advisable to lower the level of logged information.

Log collecting parameters

Log collecting parameters

Resending client logs to the Logmanager

Next, in order to send logs from client stations to the Logmanager, ERA settings have to be entered for every event individually. In the following image is an example summary for virus infections - Threat Log. Click on the checkbox (middle right) Forwarding and then on […].

Forwarding of syslog messages from clients

Forwarding of syslog messages from clients

A menu will pop up as it is in the next image. Here, select the maximum level of logging in the selection Log level.

Maximum level of logging

Maximum level of logging

Repeat this procedure on all event types - Firewall log, event log…

Logging of Spam marked messages in e-mail client

ESET includes a SPAM filter as standard. If selected, spam is marked in incoming mail. If this information is required, logging should be allowed. Every client station has a group of settings(policy) assigned, which will determine how the ESET software will act on the client station. These groups are defined in menu Tools ‣ Policy Manager. Here it is possible to view used policies via menu used policy ‣ view policy. Now in the settings tree select: Antispam protection score logging: Write all messages:

Logging spam marked messages in email clients

Logging spam marked messages in email clients

Sending virus scans to the Logmanager

If a virus scan is conducted on a client station, ERA has this information stored, but it will not be sent to Syslog interface automatically.

It is necessary to change rules via menu Tools ‣ Notification Manager. Create a rule as it is in the following image:

Logging of conducted virus scans

Logging of conducted virus scans