OPTION 1: Collect the agent's logs on a device directly

Manually:

You can find your logs in the following locations:

Windows:
Installed client:

• Agent logs: %ProgramData%\OPSWAT\Gears\logs\

• Crash dumps: %ProgramData%\OPSWAT\Gears\logs\reports\

• SDK logs: %ProgramData%\OPSWAT\Gears\sdk\

• OPG (verification file) logs: %HOMEPATH%\AppData\Local\OPSWAT\Gears\Logs

On-demand client:

• Agent log: file gears-ondemand.log and it should be located in the same folder of the the executable file.

• Crash dumps: %HOMEPATH%\AppData\Local\CrashDump

Note: if the on-demand agent is triggered by 3rd party vendors,, you can find log files at

• Pulse Secure Host Checker: %appdata%\ Pulse Secure \Host Checker\policy_XXX (for example: C:\Users\bob\AppData\Roaming\Pulse Secure\Host Checker\policy_1)

• VMware Horizon Client: it depends on Horizon Client version you run on your machine, the OPSWAT On-demand Client's executable file and log can be found in either below folder

  • C:\Users\<username>\AppData\Local\VMware\VMware Horizon View Client\Code Cache\<uuid>\

  • C:\Program Files (x86)\VMware\VMware Horizon View Client\Code Cache\<UUID>\

macOS:
Installed client: ~/Library/Logs/Gears/logs and /Library/Logs/Gears/logs
On-demand client:

• If you are running on-demand OPSWAT Client version 10.5.218.0 or ealier: you can find the client log on the desktop, filename: gears-ondemand.log

• If you are running on-demand OPSWAT Client version10.5.222.0 or later: the client log is located at /Users/{username}/Library/Logs/Gears/logs/

Crash dump: ~/Library/Logs/DiagnosticReports and /Library/Logs/DiagnosticReports

*When running the Mac on-demand client as root, the logs will appear in /var/root/Desktop/gears-ondemand.log and additional malware logs will appear in ~/Library/Logs/Gears/logs/Metascan-Client-V2.log

Linux V4: (version 15.x.y.z)

• Agent log: /var/log/opswatclient

Linux V3: (version 14.0.x.y)

• Agent log: /var/log/gears.log

• Error log: /var/log/gears.err

• Configuration: /etc/gears/gears.json

Android/iOS:
Logs are only stored in memory, but can be sent via email from within the app by selecting the option on the feedback screen.

OPTION 2: Remotely retrieve the agent 's logs from the MetaAccess console

Note: this option requires

• you have an administrator permission on your organization's MetaAccess account

• the device is connecting to the Metaccess servers

• only applicable to Windows/macOS persistent agent. You can check out what version we support this command at here

As an administrator of the MetaAccess account, you can follow the below steps:

1. Log into MetaAccess console

2. Go to Inventory > Devices

3. Search for a device you would like to get logs

4. Select devices and choose Fetch Log action

5. When a device is connecting to MetaAccess cloud, the device will collect log files and submit to MetaAccess cloud.

6. To download log file you fetched from MetaAccess console, go to a device details and click on Events > Actions.

Sending the Logs to Support:

If you have been asked to share the files with support and they are too large to email or attach to the support ticket then please use the Large File submission feature on the OPSWAT support portal: https://portal.opswat.com/upload

This article was last updated on 2020-08-07

EA, TT