How do I retrieve the OPSWAT Client logs?

When troubleshooting an issue on devices, we will often ask you for the OPSWAT Client logs from your machine. There are 2 ways to retrieve the Client logs:

  • OPTION 1: Collect the logs on a device directly.

  • OPTION 2: Remotely retrieve the logs. This requires that you have administrator permission on your organization's OPSWAT Central Management account and the device is connecting to the OPSWAT Central Management servers.

OPTION 1: Collect the Client's logs on a device directly

Automatically:

This option is only available for Windows and macOS' persistent Client.

On Windows devices:
If you are using Windows installed client, the process is very simple. Just download this tool, run it, and the log files will automatically be placed in a zip file on your desktop. This zip file may be very large.

On macOS devices:
If you are using the macOS installed client, the process is very simple. Just download this tool, run it, and the log files will automatically be placed in a zip file on your desktop. This zip file may be very large.

Manually:

You can find your logs in the following locations:

Windows:
Installed client:

  • Client logs: %ProgramData%\OPSWAT\Gears\logs\

  • Crash dumps: %ProgramData%\OPSWAT\Gears\logs\reports\

  • SDK logs: %ProgramData%\OPSWAT\Gears\sdk\

  • OPG (verification file) logs: %HOMEPATH%\AppData\Local\OPSWAT\Gears\Logs

On-demand client:

  • Client log: the file gears-ondemand.log should be located in the same folder of the the executable file.

  • Crash dumps: %HOMEPATH%\AppData\Local\CrashDump

Note: If the on-demand client is triggered by Pulse Secure Host Checker, you can find log files at %appdata%\ Pulse Secure \Host Checker\policy_XXX (for example: C:\Users\bob\AppData\Roaming\Pulse Secure\Host Checker\policy_1)

macOS:
Installed client: ~/Library/Logs/Gears/logs and /Library/Logs/Gears/logs
On-demand client: On the desktop* as 'gears-ondemand.log'

Crash dump:~/Library/Logs/DiagnosticReports and /Library/Logs/DiagnosticReports

When running the Mac on-demand client as root, the logs will appear in /var/root/Desktop/gears-ondemand.log and additional malware logs will appear in ~/Library/Logs/Gears/logs/Metascan-Client-V2.log

Android/iOS:
Logs are only stored in memory, but can be sent via email from within the app by selecting the corresponding option on the feedback screen.

OPTION 2: Remotely retrieve the Client 's logs from the OPSWAT Central Management console


Note:
This option requires

  • You have administrator permission on your organization's OPSWAT Central Management account.

  • The device is connected to the OPSWAT Central Management servers.

As an administrator of the OPSWAT Central Management account, you can follow the below steps:

  1. Log into OPSWAT Central Management console.

  2. Go to Inventory > Devices.

  3. Search for a device you would like to get logs of.

    images/download/attachments/36849835/image2019-4-4_15-47-16.png
  4. Select devices and choose the Fetch log action.

  5. When a device is connecting to OPSWAT Central Management cloud, the device will collect log files and submit to OPSWAT Central Management cloud.

  6. To download log file you fetched from OPSWAT Central Management console, go to Device details of the corresponding device and click on Events > Actions.

    images/onlinehelp.opswat.com/metaaccess/images/download/attachments/31826306/image2018-5-21_11-39-29.png

Sending the Logs to Support:

If you have been asked to share the files with support and they are too large to email or attach to the support ticket, please use the Large File submission feature on the OPSWAT support portal: https://portal.opswat.com/en/support/requests/large_file