All Collections
Endpoint Protection
Obtaining Logs from Endpoint Protection on Mac OS
Obtaining Logs from Endpoint Protection on Mac OS

In this guide, we will walk you through the process of obtaining logs from the Defense.com Endpoint Protection Tool on Mac OS

Aidan Munns avatar
Written by Aidan Munns
Updated over a week ago

Overview

If you're experiencing any difficulties with Defense.com Endpoint, we may need some additional information from your computer to assist with troubleshooting.
To make this process easier, you can use the Support Tool. This tool is specifically designed to gather detailed technical information about your affected computer.
By using the Support Tool, you can provide us with the necessary system settings and logs, enabling us to better understand and resolve your issue efficiently.

Open a Terminal window

To begin, open a Terminal window on your system. You can do this by searching for Terminal in the Launchpad or using the shortcut cmd + space, then type Terminal.

Enable logging

In the Terminal window, navigate to the Endpoint Protection Tool's directory by entering the following command:

cd /Library/EndpointProtection/AVP/enterprise
or
โ€‹cd /Library/EndpointProtection/AVP/product/bin

To enable logging, run the following command:

sudo ./GatherBD start

Note: You may be prompted to enter your user password.

Restart the system

Save all your work and run the following command to restart the system:

sudo reboot

This step ensures that the logging process starts fresh after the system restarts.

Reproduce the issue

Once your system has restarted, reproduce the issue you are facing with the Defense.com Endpoint Protection Tool. It is recommended to replicate the problem for 10-15 minutes to capture sufficient log data.

Stop logging

After reproducing the issue, return to the Terminal window and stop the logging process by entering the following command:

sudo ./GatherBD stop

Gather logs into an archive

To gather the logs into an archive, use the following command:

sudo ./GatherBD archive all

Locate the archive file

The archive file, named ProductSupport.zip will be saved in the following location:

/private/var/tmp/

Note: You can access this by opening Finder, use the shortcut shift + cmd + g and then enter the path mentioned above.

Attach the archive

Finally, attach the ProductSupport.zip archive file to your support ticket or send it to your Technical Support Specialist. This will provide them with the necessary logs to assist you further.

Restart the system

Save all your work and run the following command to restart the system:

sudo reboot

This ensures a clean state for further analysis.

By following the steps outlined in this guide, you can collect the necessary logs and provide them to technical support for analysis. Remember to include as much relevant information as possible when submitting your support ticket to expedite the troubleshooting process.

Did this answer your question?