Avast
Ship Avast System logs to logstash
Follow this step by step guide to get 'logs' from your system to Logit.io:
Step 1 - Check log output location
Antivirus Clients Unmanaged
C:\ProgramData\AVAST Software\Avast\log\
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\
Antivirus Clients Managed
C:\Program Files (x86)\AVAST Software\Business Agent\log.txt
C:\Program Files (x86)\AVAST Software\Business Agent\smbpol.db
MacOS X
/var/log/system.log
Component Logs
Avastsvc (core service log): C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log
Antivirus UI log (issues with UI start, popups etc listed here): C:\ProgramData\AVAST Software\Avast\log\AvastUI.log
Antivirus UI javascript content: C:\ProgramData\AVAST Software\Avast\log\HtmlRemoteContent.log
Dumps from Crashed Components: C:\ProgramData\AVAST Software\Avast\log\unp*.mdmp
Self-Defense Module: C:\ProgramData\AVAST Software\Avast\log\selfdef.log
Anti-rootkit protection (driver start/stop): C:\ProgramData\AVAST Software\Avast\log\arpot.log
Anti-rootkit scan: C:\ProgramData\AVAST Software\Avast\log\aswAr*.log
Anti-Spam: C:\ProgramData\AVAST Software\Avast\log\SpamEngine.log
CyberCapture/DeepScreen: C:\ProgramData\AVAST Software\Avast\log\autosandbox.log
Exchange Protection: C:\ProgramData\Avast Software\Avast\log\ExchangeShield.log
Firewall Configuration: C:\ProgramData\AVAST Software\Avast\log\FwServ.log
Mail Shield: C:\ProgramData\AVAST Software\Avast\log\Mail.log
Outlook addin: C:\ProgramData\AVAST Software\Avast\log\asOutExt64.log
Passwords: C:\ProgramData\AVAST Software\Avast\log\Pam.log
Patch Management: C:\ProgramData\Avast Software\PatchTools\History\*.zip
SecureDNS/Real Site: C:\ProgramData\AVAST Software\Avast\log\aswSecDns.log
SecureLine VPN: C:\ProgramData\AVAST Software\SecureLine\log\vpn_engine.log
Web Shield: C:\ProgramData\AVAST Software\Avast\log\StreamFilter.log
Web Shield Debug (debug logging must be enabled): C:\ProgramData\AVAST Software\Avast\log\FilterEngine.log
Network Inspector: C:\ProgramData\AVAST Software\Avast\log\Hns.log
Windows Security Center (registration of Avast to WSC): C:\ProgramData\AVAST Software\Avast\log\wsc.log
Step 3 - Configure Filebeat
Copy and use the Filebeat configuration below.
For use with version 7.x Filebeats.
# ============================== Filebeat inputs ==============================
filebeat.inputs:
- type: log
paths:
- C:\ProgramData\Avast Software\Avast\report\FileSystemShield.txt
fields:
type: avast
fields_under_root: true
encoding: utf-8
ignore_older: 3h
multiline:
type: pattern
pattern: '(\d\d/\d\d/\d\d\d\d)'
negate: true
match: after
- type: log
paths:
- C:\ProgramData\Avast Software\Avast\report\Full Virus Scan.txt
fields:
type: avast
fields_under_root: true
encoding: utf-8
ignore_older: 3h
multiline:
pattern: '^\* Avast Scan Report'
negate: true
match: after
ignore_older: 3h
- type: log
paths:
- C:\ProgramData\Avast Software\Avast\report\aswBoot.txt
fields:
type: avast
fields_under_root: true
encoding: utf-8
ignore_older: 3h
multiline:
pattern: '^\d{2}\/\d{2}\/\d{4} \d{2}:\d{2}\nScan of'
negate: true
match: after
ignore_older: 3h
- type: log
paths:
- C:\ProgramData\Avast Software\Avast\report\WebShield.txt
fields:
type: avast
fields_under_root: true
encoding: utf-8
ignore_older: 3h
multiline:
pattern: '^\*\n\* Avast Real-time Shield Scan Report'
negate: true
match: after
ignore_older: 3h
filebeat.registry.path: 'C:\ProgramData\Filebeat'
# ================================== Outputs ===================================
<div class="sw-warning">
<div>
<img src="/images/source-wizard/warning-triangle.svg">
</div>
<div>
<b>No input available! </b> Your stack is missing the required input for this data source <a href="#" onclick="Intercom('showNewMessage')" class="btn btn-info btn-sm">Talk to support to add the input</a>
</div>
</div>
Step 4 - Start filebeat
Start or restart to apply the configuration changes.
Step 5 - Check Logit.io for your logs
Now you should view your data:
If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.
Step 6 - how to diagnose no data in Stack
If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.