Literature says that SAV writes detection entries to both sav.txt and to syslog.
Does the syslog entry contain all the information that is in the sav.txt entry?
This thread was automatically locked due to age.
Literature says that SAV writes detection entries to both sav.txt and to syslog.
Does the syslog entry contain all the information that is in the sav.txt entry?
Hi John,
Are you referring to Linux Endpoint?
Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Yes - RHE 7.
Endpoint only - no Central.
I'm not sure what sav.txt is or where you are getting that information from?
SAV writes log entries to savd.log (accessed by savlog) and to syslog (if enabled in the configuration).
All threat detections are written to both, but some on-demand scan errors are not logged to syslog.
Thanks Doug.
sav.txt is identified in many posts and Sophos pdfs as the log file for SAV and HIPS, so I was unaware that savd.log exists [also?].
(I am researching Sophos products, and so I don't yet have a running copy to use to answer my questions.)
However, you answered my real question, which is that I can get away with archiving only syslog (for now).
You mean like:
https://community.sophos.com/kb/en-us/43391
?
That is talking about Windows, not Linux. Also HIPS is Windows only.
Very possibly - I was searching with Linux as a filter, but I was following any hits that looked promising. I'm not surprised if I got confused by Windows-related posts that never mentioned Windows...
Thanks for the clarification.