Endpoint Management
V2407
Search this version
Endpoint Management
Endpoint Management
OPSWAT Central Management
MetaDefender IT-OT Access - Endpoint Management
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
How do I retrieve MetaDefender Endpoint logs?
AI Tools
Summarize Page
Copy Markdown
Open in ChatGPT
Open in Claude
OPTION 1: Collect the logs directly from the MetaDefender Endpoint device
Automatic Collection
Windows (Persistent MetaDefender Endpoint)
- Download OPSWAT’s Log Collector tool, Here.
- Run the downloaded file.
- The zipped log file, which may be very large, will automatically be placed on your desktop, to be forwarded to the OPSWAT team.
macOS (Persistent MetaDefender Endpoint)
- Download OPSWAT’s Log Collector tool, Here.
- Run the downloaded file.
- The zipped log file, which may be very large, will automatically be placed on your desktop, to be forwarded to the OPSWAT team.
Manual Collection
Windows (Persistent MetaDefender Endpoint)
- Go to the relevant location/s below to collect the required log/s:
Client logs:
- Type %ProgramData% into the path bar and hit Enter.
- Then add \OPSWAT\Gears\logs\ to complete the path.
Crash dumps:
- Type %ProgramData% into the path bar and hit Enter.
- Then add \OPSWAT\Gears\logs\reports to complete the path.
SDK logs:
- Type %ProgramData% into the path bar and hit Enter.
- Then add \OPSWAT\Gears\sdk to complete the path.
OPG (verification file) logs:
- Type %HOMEPATH% into the path bar and hit Enter.
- Then add _ _\Appdata\Local\OPSWAT\Gears\Logs to complete the path.
- Copy the required log/s, to be compressed (if necessary) and forwarded to the OPSWAT team.
Windows (On-Demand MetaDefender Endpoint)
- Go to the relevant location/s below to collect the required log/s:
Client logs:
- Go to the folder where the MetaDefender Endpoint executable file is stored.
- Then locate the file named gears-ondemand.log
Crash dumps:
- Type %HOMEPATH% into the path bar and hit Enter.
- Then add \AppData\Local\CrashDump to complete the path.
If On-demand MetaDefender Endpoint is triggered by third-party vendors, go to the relevant location/s below to collect the required log/s:
Pulse Secure Host Checker:
- Type %AppData% into the path bar and hit Enter.
- Then add \Pulse Secure\Host Checker\policy_XXX to complete the path. (so, for example: C:\Users\bob\AppData\Roaming\Pulse Secure\Host Checker\policy_1)
VMWare Horizon Client:
- Depending on which Horizon Client version you run, both the On-Demand MetaDefender Endpoint executable file and the log file can be found in one of the locations below:
- C:\Users<username>\AppData\Local\VMware Horizon View Client\Code Cache<uuid>\
- C:\Program Files (x86)\VMWare\VMware Horizon View Client\Code Cache<uuid>\
- Depending on which Horizon Client version you run, both the On-Demand MetaDefender Endpoint executable file and the log file can be found in one of the locations below:
- Copy the required log/s, to be compressed (if necessary) and forwarded to the OPSWAT team.
macOS (Persistent MetaDefender Endpoint)
- Open Finder and go to /Library/Logs/Gears/logs, as illustrated in the screenshot below.
- Copy the required log/s, to be compressed (if necessary) and forwarded to the OPSWAT team.
macOS (On-Demand MetaDefender Endpoint)
- Go to the relevant location/s below to collect the required log/s:
Client logs:
- For MetaDefender Endpoint version 10.5.218.0 or earlier, go to /Desktop/gears-ondemand.log
- For MetaDefender Endpoint version 10.5.222.0 or later, go to /Users/{username}/Library/Logs/Gears/logs
Crash dumps:
- Open Finder and go to /Library/Logs/DiagnosticReports
When running the macOS On-Demand MetaDefender Endpoint as Root, go to the location/s below to collect the required log/s:
MetaDefender Endpoint logs:
- Go to /var/root/Desktop/gears-ondemand.log
Additional malware logs:
- Go to /Library/Logs/Gears/logs/Metascan-Client-V2.log
- Copy the required log/s, to be compressed (if necessary) and forwarded to the OPSWAT team.
Linux V4 (Version 15.x.y.z)
- Go to the location below to collect the required log:
- Client logs:
- Go to /var/log/opswatclient
- Copy the required log, to be compressed (if necessary) and forwarded to the OPSWAT team.
Linux V3 (Version 14.0.x.y)
- Go to the relevant location/s below to collect the required log/s:
Client logs:
- Go to /var/log/gears/log
Error logs:
- Go to /var/log/gears.err
Configuration logs:
- Go to /etc/gears/gears.json
- Copy the required log/s, to be compressed (if necessary) and forwarded to the OPSWAT team.
Android/iOS
On mobile devices, logs are only stored in the memory, but can be emailed directly from the OPSWAT Mobile App by selecting the Submit Feedback option.
OPTION 2: Retrieve the logs remotely via the MetaDefender IT-OT Access Console
As MetaDefender IT-OT Access account administrator, follow the steps below:
- Log into the MetaDefender IT-OT Access Console and navigate to Inventory>Devices.
- Use the Search field to locate the relevant MetaDefender Endpoint device.
- Click on the chosen device, then access the Select Action drop-down menu in the top right-hand corner of the screen, directly under your username.
- Select the Fetch log option, as illustrated in the screenshot below.
- To view the log you fetched: Go to Inventory>Devices>Relevant Device>Events>Device Logs, as illustrated below.
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Last updated on
Was this page helpful?
Next to read:
How do I solve Missing OS Patch issues on MetaDefender Endpoint/MetaDefender IT-OT Access managed Linux devices?null
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message
On This Page