Hello Scriptwriting team,
thank you again for the script that you created previously, it works well.
If not already available (support stated that there was not one available) can you write a script that will retrieve the Comodo Client Security Event logs from an endpoint.
The logs I am referring to are the Event logs that can be Exported as .htm files.
These logs are useful when finding the Parent-child calling process details of files that are being blocked by HIPS, Firewall or Containment rules, for example.
The HIPS events are not uploaded to the Itarian MSP portal.
We know it is possible to remotely connect to the client device, start the Comodo Client Security application and retrieve these logs but this involves disruption to the user.
It would be great if we could retrieve these logs, without disruption to the user.
Also it would be good to have an option to clear the logs, so that when they are next retrieved the only events in the logs are recent events. This is handy when diagnosing an issue.
Could a comma-separated list of the parameter(s) be passed that would specify, which log(s) to retrieve, for example, HIPS, Firewall would retrieve the HIPS events and the Firewall events?
I could suggest some other parameters the could be useful.
ALL - would get all logs.
CLEANUP - would have the same action as the Cleanup Logfile action that is available in the Comodo Client Security app. If this option appears as the first action, then clear the logs and allow a second (Numeric character ) that specifies a delay in seconds before the specified logs are retrieved. If this parameter appears last in the list of options then get the specified logs and then clear them.
Regards Ian
Hi @Ian_Clarke,
Thanks for your script request. We have asked our script developers to analyze your request and provide input.
Kind Regards,
PremJK
Hi PremJK,
I hope you are well. How do I find out if the Devteam did anything regarding my request for a script to retrieve the Comodo Client Security Events logs from and endpoint without interrupting the end user?
Regards Ian
Hi @Ian_Clarke,
Sorry for the delayed response. Our script developers are working on the solution to retrieve logs from the database. We will share the script here once ready.
Thanks for understanding.
Kind Regards,
PremJK
Hi PremJK, thank you for the good news, Regards Ian
Hello PremKKumar, can I ask again if the script developers have made any progress with a script to retrieve the Client Event Logs from a device? My original spec was complicated with options. I would be happy at this stage to just have a script that retrieved all event logs. Options to select specific logs, and to clear the logs could come later. Regards Ian
Hi @Ian_Clarke,
Sorry, we are trying but unfortunately, we are not able to find a method to get logs through the script. Please give us a little more time.
Kind Regards,
PremJK
Hi PremJK, thanks for the update.
Hello PremJK,
just following up on this request for a script to retrieve the Comodo security Event logs from a device.
You stated that “we are not able to find a method to get logs through the script. Please give us a little more time.”
Does you mean it was not possible at all to get the event logs, or they need more time to find out how to do it.
This would be a VERY useful script of MSP’s. I means they can get this information without having to interrupt the end user.
The two logs are HIPS and FIrewalll. Containment is already uploaded to the portal, so it is a lower priority. It would be good to have the containment logs, because they have more detail,
but HIPS and FIREWALL would be fantastic to have.
Have a safe and happy festive season.
Regards Ian Clarke ( Comodo Australia and New Zeakand)
Hi @Ian_Clarke,
Currently, it’s possible to get logs. our script team is investigating it. Will update you on the script link soon.
Wish you the same Safe and Happy Festive Season too.
Kind Regards,
PremJK
Hello PremJkumar,
Happy new year.
Thank you the script. Unfortunately the Script does not download correctly as a json script. When it is imported only one line is imported.
The download as .py file works, but it is not possible to import a .py file into the Itarian Portal.
Can the script developers also please correct the spelling mistake. They spell “Containment” as “CONTAIMENT” throughout the script. This may create issues as it is used as a parameter and Containment may be spelt correctly by the user, and will not match the parameter.
Regards Ian
Hello PremJkumar,
I copied and pasted the script into Itarian. I have run the script and it worked successfully first time.
Thank you, thank you.
I will do some further testing and let you know the result.
Please pass on my thanks to the script development team.
Regards Ian
Hi @Ian_Clarke,
Thanks for trying and taking the time to report the issue. We have fixed the spelling mistake and JSON file download error.
Please test the script and let us know if you need any changes.
Kind Regards,
PremJK
Thank you PremJkumar, I can confirm the JSON script download works, I will test and get back to you with the results and any suggestions.
Regards Ian
Hello PremJkumar,
I have done some testing of the script to retrieve the event logs.
It does retrieve the logs, but only onto the machine from where the logs were generated. The requirement is that a Comodo MSP can retrieve the logs back to the machine he is accessing the portal from. That way they do not have to interrupt the user. to retrieve the files. Also can we add the time to the zip file name?. I expect the MSP will run this more than once in a day when determining which rules need to be created. Regards Ian
Hi @Ian_Clarke,
The requirement is that a Comodo MSP can retrieve the logs back to the machine he is accessing the portal from. That way they do not have to interrupt the user. to retrieve the files.
Many times the logs are in high size which can’t be attached in the mail, so we planned to upload in an SFTP server so that there won’t be any issues due to size.
Also can we add the time to the zip file name?. I expect the MSP will run this more than once in a day when determining which rules need to be created.
This can be done, I will ask the script developer to update the script.
Kind Regards,
PremJK
Hello PremJK,
a few months ago the scripts team wrote the script to retrieve the HIP, Containment and Firewall events logs from a device and upload them these logs to a server.
The script does extract the logs, and put them into a .zip file, but the upload directs the .zip file to a server at Comodo.
We really would like the .zip file to be sent to the sftp server that the MSP, can access.
Can one of the team please show me where do I need to modify this script to send the .zip file to a specified sftp service at some specified location.
I have attached the script that was created.
Thank you.
Regards Ian Clarke
Brisbane Australia.
script-to-get-containment-hips-and-firewall-log-and-upload-in-sftp-server-as-html-or-csv-file.json (12.9 KB)
Hi @Ian_Clarke,
We have updated the script in the backend which will explain where and how to mention the SFTP connection to upload the file
https://scripts.itarian.com/frontend/web/topic/script-to-get-containment-hips-and-firewall-log-and-upload-in-sftp-server-as-html-or-csv-file
Please provide the values in the function “sftp_transfer” like this sftp://username:password@Hostname
Please let us know if you need any assistance.
Kind Regards,
PremJK
Hi PremJkumar,
this is probably a silly question. What language is used to write the Itarian/Comodo Procedure scripts?
Regards Ian