Knowledgebase business article search

Enable advanced logging in ESET Endpoint Security (6.x)

Issue

  • Create a log of all connections blocked by the ESET firewall
  • Enable advanced logging of the firewall

Solution

If you do not use ESET Remote Administrator to manage your network

.

I. Activate logging of blocked connection in ESET Remote Administrator

ERA 6.5 User Permissions

This article assumes that your ERA user has the correct access rights and permissions to perform the tasks below.

If you are still using the default Administrator user, or you are unable to perform the tasks below (the option is grayed out), see the following article to create a second administrator user with all access rights (you only need to do this once):

 

View permissions needed for least privilege user access

A user must have the following permissions for their home group:

 

Functionality Read Use Write
Policies

A user must have the following permissions for each affected object:

 

Functionality Read Use Write
Groups & Computers  
Once these permissions are in place, follow the steps below.
  1. Open ESET Remote Administrator Web Console (ERA Web Console) in your web browser and log in.

  2. Click AdminPolicies New Policy.
    To edit an existing policy, select the endpoint policy that you want to modify and click the gear icon Edit.

Figure 1-1
Click the image to view larger in new window

  1. Type a name for the new policy in the Name field.

Figure 1-2
Click the image to view larger in new window

  1. Expand the Settings section and select Endpoint for Windows.
     
  2. Click Tools → Diagnostics.
     
  3. Click the slider bar next to Enable Firewall advanced logging.

Figure 1-3
Click the image to view larger in new window

  1. Expand the Assign section, click Add Computers, select the client for the policy and then click OK.

Figure 1-4
Click the image to view larger in new window

  1. Click Finish. The policy will be applied on the client computer. With logging enabled, repeat the action that is blocked by the firewall and then continue to Part II.

II. Download and run the ESET Log Collector tool

The ESET Log Collector will create the firewall log along with other logs to help ESET technical support resolve your issue quickly.

  1. Download and run the ESET Log Collector tool.
     
  2. Include the log file that the tool produces in your email response to ESET technical support. If you have not already opened a case with ESET technical support, complete a technical support request and submit the file you just saved to ESET technical support for analysis.
     
  3. To stop recording logs of all blocked connections, repeat the steps in the Activate logging of the firewall section and click the slider bar next to Enable firewall advanced logging to disable it in step 6. Click Finish. If advanced logging is not disabled, it will generate a large log file.

Figure 1-5
Click the image to view larger in new window


Using Override mode in ESET Remote Administrator

ESET endpoint version 6.5 products includes an Override mode option. When Override mode is enabled from ERA Web Console, a user on a client machine can change the settings in the installed ESET endpoint product, even if the settings were locked by another policy. After the changes have been configured on the client machine, the configuration can be requested and saved as a new policy that can be then applied on other computers.

Click for more information about Override mode.


Activate logging of blocked connections in ESET Endpoint Security

  1. Open the main program window of your Windows ESET product.

  2. Press the F5 key to access Advanced setup.
     
  3. Click Tools Diagnostics.
     
  4. Click the slider bar next to Enable Firewall advanced logging and then click OK.

Figure 2-1

  1. With logging enabled, repeat the action that is blocked by the firewall and then continue to Part II.

 

II. Download and run the ESET Log Collector tool

The ESET Log Collector will create the firewall log along with other logs to help ESET technical support resolve your issue quickly.

  1. Download and run the ESET Log Collector tool.
     
  2. Include the log file that the tool produces in your email response to ESET technical support. If you have not already opened a case with ESET technical support, complete a technical support request and submit the file you just saved to ESET technical support for analysis.
     
  3. To stop recording logs of all blocked connections, repeat the steps in the Activate logging of the firewall section and click the slider bar next to Enable firewall advanced logging to disable it in step 6. Click Finish
Disable advanced logging when you have finished collecting logs

Make sure you disable advanced logging after you collect the logs you need. It will generate a large log file if you forget to disable it.

 

 



Was this information helpful?