When troubleshooting an issue on devices, we will often ask you for the OPSWAT agent logs from your machine. There are 2 ways to retrieve the agent logs:
OPTION 1: Collect the logs on a device directly
OPTION 2: Remotely retrieve the logs. This requires you have an administrator permission on your organization's MetaAccess account and the device is connecting to the MetaAccess servers
OPTION 1: Collect the agent's logs on a device directly
Note: This option is only available for Windows and macOS persistent agent
On Windows devices:
If you are using Windows installed client, the process is very simple. Just download this tool, run it, and the log files will automatically be placed in a zip file on your desktop. This zip file may be very large.
On macOS devices:
If you are using the macOS installed client, the process is very simple. Just download this tool, run it, and the log files will automatically be placed in a zip file on your desktop. This zip file may be very large.
You can find your logs in the following locations:
Agent logs: %ProgramData%\OPSWAT\Gears\logs\
Crash dumps: %ProgramData%\OPSWAT\Gears\logs\reports\
SDK logs: %ProgramData%\OPSWAT\Gears\sdk\
OPG (verification file) logs: %HOMEPATH%\AppData\Local\OPSWAT\Gears\Logs
Agent log: file gears-ondemand.log and it should be located in the same folder of the the executable file.
Crash dumps: %HOMEPATH%\AppData\Local\CrashDump
Note: if the on-demand agent is triggered by Pulse Secure Host Checker, you can find log files at %appdata%\ Pulse Secure \Host Checker\policy_XXX (for example: C:\Users\bob\AppData\Roaming\Pulse Secure\Host Checker\policy_1)
Installed client: ~/Library/Logs/Gears/logs and /Library/Logs/Gears/logs
On-demand client: On the desktop* as 'gears-ondemand.log'
Crash dump: ~/Library/Logs/DiagnosticReports and /Library/Logs/DiagnosticReports
*When running the Mac on-demand client as root, the logs will appear in /var/root/Desktop/gears-ondemand.log and additional malware logs will appear in ~/Library/Logs/Gears/logs/Metascan-Client-V2.log
Agent version 15.4.x.y:
Agent log: /var/log/opswat/metaaccess
Agent version 14.0.x.y
Agent log: /var/log/gears.log
Error log: /var/log/gears.err
Logs are only stored in memory, but can be sent via email from within the app by selecting the option on the feedback screen.
OPTION 2: Remotely retrieve the agent 's logs from the MetaAccess console
Note: this option requires
you have an administrator permission on your organization's MetaAccess account
the device is connecting to the Metaccess servers
As an administrator of the MetaAccess account, you can follow the below steps:
1. Log into MetaAccess console
2. Go to Inventory > Devices
3. Search for a device you would like to get logs
4. Select devices and choose Fetch Log action
5. When a device is connecting to MetaAccess cloud, the device will collect log files and submit to MetaAccess cloud.
6. To download log file you fetched from MetaAccess console, go to a device details and click on Events > Actions.
Sending the Logs to Support:
If you have been asked to share the files with support and they are too large to email or attach to the support ticket then please use the Large File submission feature on the OPSWAT support portal: https://portal.opswat.com/en/support/requests/large_file
This article was last updated on 2019-06-13
(This article was changed to reflect the new name of MetaAccess on 2017-09-27)