Get a DemoStart Free TrialSign In

Avast

Ship Avast System logs to logstash

Follow this step by step guide to get 'logs' from your system to Logit.io:

Step 1 - Check log output location

Antivirus Clients Unmanaged

C:\ProgramData\AVAST Software\Avast\log\
C:\ProgramData\AVAST Software\Persistent Data\Avast\Logs\

Antivirus Clients Managed

C:\Program Files (x86)\AVAST Software\Business Agent\log.txt
C:\Program Files (x86)\AVAST Software\Business Agent\smbpol.db

MacOS X

/var/log/system.log

Component Logs

Avastsvc (core service log): C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log
Antivirus UI log (issues with UI start, popups etc listed here): C:\ProgramData\AVAST Software\Avast\log\AvastUI.log
Antivirus UI javascript content: C:\ProgramData\AVAST Software\Avast\log\HtmlRemoteContent.log
Dumps from Crashed Components: C:\ProgramData\AVAST Software\Avast\log\unp*.mdmp
Self-Defense Module: C:\ProgramData\AVAST Software\Avast\log\selfdef.log
Anti-rootkit protection (driver start/stop): C:\ProgramData\AVAST Software\Avast\log\arpot.log
Anti-rootkit scan: C:\ProgramData\AVAST Software\Avast\log\aswAr*.log
Anti-Spam: C:\ProgramData\AVAST Software\Avast\log\SpamEngine.log
CyberCapture/DeepScreen: C:\ProgramData\AVAST Software\Avast\log\autosandbox.log
Exchange Protection: C:\ProgramData\Avast Software\Avast\log\ExchangeShield.log
Firewall Configuration: C:\ProgramData\AVAST Software\Avast\log\FwServ.log
Mail Shield: C:\ProgramData\AVAST Software\Avast\log\Mail.log
Outlook addin: C:\ProgramData\AVAST Software\Avast\log\asOutExt64.log
Passwords: C:\ProgramData\AVAST Software\Avast\log\Pam.log
Patch Management: C:\ProgramData\Avast Software\PatchTools\History\*.zip
SecureDNS/Real Site: C:\ProgramData\AVAST Software\Avast\log\aswSecDns.log
SecureLine VPN: C:\ProgramData\AVAST Software\SecureLine\log\vpn_engine.log
Web Shield: C:\ProgramData\AVAST Software\Avast\log\StreamFilter.log
Web Shield Debug (debug logging must be enabled): C:\ProgramData\AVAST Software\Avast\log\FilterEngine.log
Network Inspector: C:\ProgramData\AVAST Software\Avast\log\Hns.log
Windows Security Center (registration of Avast to WSC): C:\ProgramData\AVAST Software\Avast\log\wsc.log

Step 2 - Install Filebeat

To get started first follow the steps below:

  • Install
  • Root access
  • Verify the required port is open

Older versions can be found here 7, 6, 5

Step 3 - Configure Filebeat

Copy and use the Filebeat configuration below.

For use with version 7.x Filebeats.
# ============================== Filebeat inputs ==============================
filebeat.inputs:

- type: log
  paths:
    - C:\ProgramData\Avast Software\Avast\report\FileSystemShield.txt
  fields:
   type: avast
 fields_under_root: true
 encoding: utf-8
 ignore_older: 3h
 multiline:
   type: pattern 
   pattern: '(\d\d/\d\d/\d\d\d\d)' 
   negate: true 
   match: after

- type: log
  paths:
    - C:\ProgramData\Avast Software\Avast\report\Full Virus Scan.txt
  fields:
    type: avast
  fields_under_root: true
  encoding: utf-8
  ignore_older: 3h
  multiline:
   pattern: '^\* Avast Scan Report'
   negate: true
   match: after
  ignore_older: 3h

- type: log
  paths:
    - C:\ProgramData\Avast Software\Avast\report\aswBoot.txt
  fields:
   type: avast
  fields_under_root: true
  encoding: utf-8
  ignore_older: 3h
  multiline:
   pattern: '^\d{2}\/\d{2}\/\d{4} \d{2}:\d{2}\nScan of'
   negate: true
   match: after
  ignore_older: 3h

- type: log
  paths:
    - C:\ProgramData\Avast Software\Avast\report\WebShield.txt
  fields:
    type: avast
  fields_under_root: true
  encoding: utf-8
  ignore_older: 3h
  multiline:
   pattern: '^\*\n\* Avast Real-time Shield Scan Report'
   negate: true
   match: after
  ignore_older: 3h

filebeat.registry.path: 'C:\ProgramData\Filebeat'

# ================================== Outputs ===================================
<div class="sw-warning">
    <div>
        <img src="/images/source-wizard/warning-triangle.svg">
    </div>
    <div>
       <b>No input available! </b> Your stack is missing the required input for this data source <a href="#" onclick="Intercom('showNewMessage')" class="btn btn-info btn-sm">Talk to support to add the input</a>
    </div>
</div> 

Step 4 - Start filebeat

Start or restart to apply the configuration changes.

Step 5 - Check Logit.io for your logs

Now you should view your data:

View my data

If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.

Step 6 - how to diagnose no data in Stack

If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.

Return to Search
Sign Up

© 2023 Logit.io Ltd, All rights reserved.