Submit a ticketCall us

WebinarFREE IT Monitoring Webcast

Don’t miss out on our webcast, Essential IT Monitoring with SolarWinds ipMonitor, where we will show you how to keep an eye on your IT environment from one centralized, affordable, and lightweight monitoring tool: SolarWinds® ipMonitor®.

Register now.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Integrate ESET NOD32 Antivirus 4 with LEM

Integrate ESET NOD32 Antivirus 4 with LEM

Updated April 26, 2017

Overview

This article provides steps to configure and integrate ESET NOD32 Antivirus 4  logs with LEM.

Environment

  • All LEM versions
  • ESET NOD32 Antivirus 4 with Remote Admin

Prerequisite

  • Installed ESET Remote Administrator
  • Installed NOD32 Antivirus 4

Steps

Note: The user must have ESET Remote Administrator and NOD32 Antivirus 4 installed. The integration will not continue at the endpoint. We are required to use the database installed by the Remote Administrator. 

Connector Configuration

For Access Database, use connectors starting with.NOD32 Access

For SQL Server, use three connectors starting with.NOD32 SQL

Since the database timestamp is in UTC, enable Convert From UTC. Use Daylight Savings is the default setting.

Use the Access DB

The  Access Database reader requires an ODBC connection using a system Data Source Name (DSN). The default DSN created by NOD32 cannot be used with this connector. Create the DSN on the system where the SolarWinds Agent is installed.

 

Note: 64-bit Access drivers do not exist within the ODBC Data Source Administrator. The SQL Server as a driver option is displayed when attempting to run the 64-bit drivers.

Use 32-bit drivers to configure a DSN. The default path is C:\Windows\SysWOW64\odbcad32.exe.

Configure a DSN connection

  1. Click Start > Control Panel > Administrative Tools > Data Sources (ODBC).  
    Note: On a 64-bit system, use the 32-bit ODBC Data Source driver:  C:\Windows\SysWOW64\odbcad32.exe.
  2. Click System DSN tab > Add.
  3. Select Microsoft Access Driver (*.mdb).
  4. In the ODBC Microsoft Access Setup dialog, set the Data Source Name to,ESETRADB and then click Select. This is the default DSN name used in the connector configuration. If the DSN is different, the DSN name must be changed in the connector configuration.
    Note: The ProgramData directory is a hidden folder and cannot be accessed by navigating to it under Directories.
  5. Under Database Name, enter the full default path: C:\ProgramData\ESET\ESET Remote Administrator\Server\database\era.mdb, and then click OK.

NOD32 client connection interval

The NOD32 clients are set by default to connect to the Remote Administrator every 10 minutes. This means that it could take up to 11 minutes before an event is detected, uploaded to the Remote Access (RA) server, inserted to the RA database, detected by the SolarWinds agent and reported to the console. In order for this to be real-time, customers can lessen the interval for the connection to the RA server. This can be done manually at each endpoint or within the Policy on the RA server.

 

Note: ESET announced that decreasing this value can have a severe impact in large networks. It is best to come up with a compromise on the how often these alerts are sent to the RA severe and network impact.


On the client endpoint:

  1. Open the client on the endpoint. Right-click the ESET NOD32 Antivirus icon in the Windows notification area.
  2. Select Setup, and then enter the entire Advanced Setup tree.
  3. In the Setup dialog, select Miscellaneous > Remote Administration.
  4. Decrease the interval time to a target interval, and then click OK.

In the RA server policy:

  1. Open the ESET Remote Administrator Console.
  2. Open the Policy Manager through CTRL+SHIFT+P or Tools > Policy Manager.
  3. Select the policy controlling the clients to be changed.
  4. Click Edit.
  5. Click  ESET Smart Security, ESET NOD32 Antivirus > ESET Kernel > Setup > Remote Administration > Interval between connections to server (min).
  6. On the right pane, set Value to a target interval.
  7. Press CTRL+S to save.
  8. Close the dialog, and then click OK.

Policies on the clients are now updated at next interval.

 

 

Last modified

Tags

Classifications

Public