Logging

ESETS provides system daemon logging via syslog. Syslog is a standard for logging program messages and can be used to log system events such as network and security events.

Messages refer to a facility:

auth, authpriv, daemon, cron, ftp, lpr, kern, mail, ..., local0, ..., local7

Messages are assigned a priority/level by the sender of the message:

Error, Warning, Summall, Summ, Partall, Part, Info, Debug

This section describes how to configure and read the logging output of syslog. The ‘syslog_facility’ option (default value ‘daemon’) defines the syslog facility used for logging. To modify syslog settings edit the ESETS configuration file or use the Web interface. Modify the value of the ‘syslog_class’ parameter to change the logging class. We recommend you modify these settings only if you are familiar with syslog. For an example syslog configuration, see below:

syslog_facility = "daemon"
syslog_class = "error:warning:summall"

The name and location of the log file depend on your syslog installation and configuration (e.g. rsyslog, syslog-ng, etc.). Standard filenames for syslog output files are for example ‘syslog’, 'daemon.log', etc. To follow syslog activity, run one of the following commands from the console:

tail -f /var/log/syslog
tail -100 /var/log/syslog | less
cat /var/log/syslog | grep esets | less

Systemd uses a different logging approach. To display activity run one of the following command:

journalctl --since today
journalctl | grep esets | less

If you enable ESET Remote Administration, ERA log entries older than given days by the option ‘racl_logs_lifetime’ will be automatically deleted.