Log files

Records are written to the Events log (C:\ProgramData\ESET\ESET Security\Logs) and can be viewed in Log files viewer. Use the switches to enable or disable specific feature:

Log mail transport errors

If this option is enabled and should there be problems on the mail transport layer, error messages are written into Events log.

Log mail transport exceptions

If there are any exceptions on the mail transport layer, details about it are written into Events log.

Produces a significant amount of data because all the logging options are enabled by default. We recommend that you selectively disable logging of the components which are not useful or related to the problem.

Use the switches to enable or disable specific feature. This options also be combined depending on the availability of individual components in the ESET Mail Security.

•Mail transport diagnostic logging

•On-demand database scan diagnostic logging - Writes detailed information into logs, especially when troubleshooting is necessary.

•Cluster diagnostic logging - Cluster logging will be included in general diagnostic logging.

•OneDrive diagnostic logging - OneDrive logging will be included in general diagnostic logging.

•Antispam engine diagnostic logging - When you need to troubleshoot, you will see detailed antispam engine information in the logs. Writes detailed information about the Antispam engine into the log file for diagnostic purposes. The Antispam engine does not use the Events log (warnlog.dat file) and therefore cannot be viewed in the Log files viewer. It writes records directly into a dedicated text file (for example C:\ProgramData\ESET\ESET Mail Security\Logs\antispam.0.log) so that all Antispam engine diagnostic data is kept in one place. This way, performance of ESET Mail Security is not compromised in a case of a huge email traffic.

Define how the logs will be managed. This is important mostly to prevent the disk being used up. Default settings allow for automatic deletion of older logs to save disk space.

Delete records automatically

Log entries older than the specified number of days (below) will get deleted.

Delete records older than (days)

Specify the number of days.

Automatically delete old records if log size exceeded

When log size exceeds Max log size [MB], old log records will be deleted until Reduced log size [MB] is reached.

Back up automatically deleted records

Automatically deleted log records and files will be backed up to the specified directory and optionally compressed as ZIP files.

Back up diagnostic logs

Will back up automatically deleted diagnostic logs. If not enabled, diagnostic log records are not backed up.

Backup folder

Folder where log backups will be stored. You can enable compressed log backups using ZIP.

Optimize log files automatically

When engaged, log files will automatically be defragmented if the fragmentation percentage is higher than value specified in the If the number of unused records exceeds (%) field. Click Optimize to begin defragmenting the log files. All empty log entries are removed to improve performance and log processing speed. This improvement can be observed especially if the logs contain a large number of entries.

Enable text protocol

To enable the storage of logs in another file format separate from Log files:

•Target directory - The directory where log files will be stored (only applies to Text/CSV). Each log section has its own file with a pre-defined filename (for example, virlog.txt for Detected threats section of Log files, if you use plain text file format to store logs).

•Type - If you select the Text file format, logs will be stored in a text file; data will be separated by tabs. The same applies to comma-separated CSV file format. If you choose Event, logs will be stored in the Windows Event log (can be viewed using Event Viewer in Control panel) as opposed to file.

•Delete all log files - Erases all stored logs currently selected in the Type drop-down menu.

Audit Log

Tracks changes in configuration or protection. Since the modification of the product configuration may dramatically affect how the product operates, you might want to track the changes for auditing purposes. You will see log records of changes in Log files > Audit log section.

Export to Windows Applications and Services Logs

Allows you to duplicate records from the Mail server protection log to the Applications and Services Logs. To view the Mail server protection log, open Windows Event Viewer and navigate to Applications and Services Logs > ESET > Security > ExchangeServer > MailProtection. The Application and Services logs are supported on Microsoft Windows Server 2012 or newer.

Export to syslog server

You can have Mail server protection logs duplicated to the Syslog server in Common Event Format (CEF). CEF is a standardized extensible, text-based format, that can be used to facilitate data collection and aggregation for later analysis by an enterprise management system. In this case, you can use it with Security Information and Event Management (SIEM) and log management solutions such as Micro Focus ArcSight. See Syslog event mapping for details on exported event fields and description.

Server address

Enter IP address or server host name. In case of ArcSight, specify server with SmartConnector installed.

Protocol

Select the protocol that will be used, either TCP or UDP protocol.

Port

The default value is 514 for both protocols.

Export to file

Allows for the logs to be exported locally to a file in CEF format. Logging storage capacity is limited, therefore a circular logging is used. Records are written sequentially into the files (from mailserver.0.log to mailserver.9.log). The latest records are stored in mailserver.0.log, once it reaches its size limit, the oldest file mailserver.9.log is deleted and the rest of the log files are renamed in sequence (mailserver.0.log is renamed to mailserver.1.log and so on).

File path

Default path is C:\ProgramData\ESET\ESET Security\Logs. You can change the location if required.