Log files

Log files contain information about important program events that have occurred and provide an overview of detected threats. Logs are essential for system analysis, threat detection and troubleshooting. Logging is performed actively in the background with no user interaction. Information is recorded based on log verbosity settings. It is possible to view text messages and logs directly from the ESET Mail Security environment or export them for viewing elsewhere.


Log files are accessible from the main program window by clicking Log files. Choose the desired log type from the drop-down menu. The following logs are available:

Detected threats - The threat log offers detailed information about infiltrations detected by ESET Mail Security modules. This includes the time of detection, name of infiltration, location, the performed action and the name of the user logged in at the time the infiltration was detected. Double-click any log entry to display its details in a separate window.

Events - All important actions performed by ESET Mail Security are recorded in the event log. The event log contains information about events and errors that have occurred in the program. It is designed to help system administrators and users resolve problems. Often the information found here can help you find a solution for a problem occurring in the program.

Computer scan - All scan results are displayed in this window. Each line corresponds to a single computer control. Double-click any entry to view the details of the respective scan.

HIPS - Contains records of specific rules that are marked for recording. The protocol shows the application that called the operation, the result (whether the rule was permitted or prohibited) and the name of the rule created.

Filtered websites - A list of websites that have been blocked by Web access protection. In these logs you can see the time, URL, user and application that opened a connection to the particular website.

Device control - Contains records of removable media or devices that were connected to the computer. Only devices with a Device control rule will be recorded to the log file. If the rule does not match a connected device, a log entry for a connected device will not be created. Here you can also see details such as device type, serial number, vendor name and media size (if available).

Mail server protection - All messages detected by ESET Mail Security as infiltration or as a spam are recorded here. These logs apply to following protection types: Antispam, Rules and Antivirus. When you double-click an item, a pop-up window will open with Additional information about detected email message, such as IP address, HELO domain, Message ID, Scan type showing the protection layer it was detected on. Also, you can see the result of Antivirus and Antispam scan and the reason why it was detected or whether a Rule was activated.

note_icon_note NOTE

Not all processed messages are being logged into Mail server protection log. However, all of the messages that were actually modified (deleted attachment, custom string added to a message header, etc.) are written into the log.

Mailbox Database scan - Contains the version of the detection engine, date, scanned location, number of scanned objects, number of threats found, number of rule hits and time of completion.

Greylisting - All messages that have been evaluated using the greylisting method are recorded here. Each record contains HELO Domain, IP sender's and recipient's address, Actions statuses (rejected, rejected (not verified) and verified incoming messages).

Hyper-V scan - Contains a list of Hyper-V scan results. Double-click any entry to view the details of the respective scan.

note_icon_note NOTE

In each section, the displayed information can be copied to the clipboard (keyboard shortcut Ctrl + C) by selecting the entry and clicking Copy. The Ctrl and Shift keys can be used to select multiple entries.

Click the switch icon MODULE_INACTIVE Filtering to open the Log filtering window where you can define the filtering criteria.

To view the context menu options below, right-click a specific record:

Show - Shows more detailed information about the selected log in a new window (same as double-click).

Filter same records - This activates log filtering and only shows records of the same type as the one selected.

Filter... - After clicking this option, the Log filtering window will allow you to define filtering criteria for specific log entries.

Enable filter - Activates filter settings. The first time that you filter logs, you must define your filtering criteria. Once filters are set they will remain unchanged until you edit them.

Disable filter - Turns filtering off (same as clicking the switch at the bottom). This option is only available when filtering is turned on.

Copy - Copies information from selected/highlighted record(s) to the clipboard.

Copy all - Copies information of all the records in the window.

Delete - Deletes selected/highlighted record(s) - this action requires administrator privileges.

Delete all - Deletes all the record(s) in the window - this action requires administrator privileges.

Export... - Exports information from a selected/highlighted record(s) into an XML file.

Export all... - Exports all the information in the window into an XML file.

Find... - Opens the Find in log window and lets you define search criteria. Works on content that has already been filtered as an additional means of narrowing results.

Find next - Finds the next occurrence of a previously defined search (above).

Find previous - Finds the previous occurrence of a previously defined search (above).

Delete diagnostic records - Deletes all diagnostic record(s) in the window.

Scroll log - Leave this option enabled to auto scroll old logs and view active logs in the Log files window.