Jump to content

Log Settings


lonsun
 Share

Recommended Posts

Hello,

 

I am trying out Immunet 3.0 AV and for compliance reasons I need to be able to store logs for at least 6 months. I downloaded the free version and could not find any settings for log location, rotation, and retention. Can anyone give me a rundown on how logs are handled in Immunet AV?

 

Thanks,

 

Lon

Link to comment
Share on other sites

Hello Lon, open the GUI, click on History. A File History window will appear. On the top of this window click on View By: All File Events. This will show you all the activity that Immunet has encountered within the past week. These logs are stored at C:\ Program Files\Immunet\history - which is a .DB file. You will not be able to directly access this file while Immunet is running however. I hope this is what you were looking for. As far as changing the length of time the History is stored I have no knowledge on that or even if it's possible. If it is possible perhaps an Administrator or fellow staff member can provide that information for you. Regards, Ritchie...

Link to comment
Share on other sites

Microsoft's Access or Excel software might work at converting the DB file into a readable format. If that doesn't work there is a paid software that I know of called Paradox Converter that can convert DB files. You could make a copy of the DB file and then convert the copy. It's rather expensive though. About 30 bucks. There's also is a demo version to this software with very limited functionality unfortunately.

Link to comment
Share on other sites

Hi Lon,

 

The consumer version of Immunet is not meant to be compliant for enterprises. If you are an enterprise user, I would recommend that you check out our fireAMP offering:

 

http://www.sourcefire.com/security-technologies/advanced-malware-protection/fireamp

 

The fireAMP product which is geared to satisfy business compliance needs, has a lot more functionality compared to the endpoint consumer versions.

 

Hope this helps

Link to comment
Share on other sites

  • 2 weeks later...

That's interesting to know RobT. That brings a question to mind however. If something is quarantined what happens to that file after one month? Is it automatically deleted then, since that would give you plenty of time to determine if it's malware or a FP being the thinking there? That would be my assumption or am I wrong on that?

Link to comment
Share on other sites

  • 7 years later...

I realize this thread is quite old, but this is for anyone else that ends up here.

The current version of Immunet at the time of this writing stores it's history in C:\Program Files\Immunet\history.db

This file is a SQLite3 database file which can be opened with any SQLite3 client with no credentials. In my case this was PowerShell using PSSQLite.

This database file contains one table with the following DDL:

CREATE TABLE history (
  id integer, 
  type integer, 
  disposition integer, 
  flags integer, 
  created_at timestamp, 
  file binary(32), 
  filename varchar(255), 
  source binary(32), 
  sourcename varchar(255), 
  detection varchar(255), 
  loc varchar(255)
);

If you're only interested in detected files like I was, this query should provide what you are looking for:

select * from history where detection <> '';

Other database files which may be potentially useful to you are:

cache.db
event.db
historyex.db
jobs.db
nfm_cache.db
nfm_url_file_map.db

 

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...