If a managed endpoint encounters issues with the Endpoint Agent, you may need to collect diagnostic logs for investigation, or to submit them to our Support team for troubleshooting the issue. This article explains how to generate diagnostic logs via the OneView console, and how to manually collect them from an endpoint.
Generate Diagnostic Logs from the OneView console
Logs can be collected from the console for Windows, Mac, Linux, iOS, Android, and ChromeOS devices.
- On the left navigation menu, go to Manage > Endpoints.
- Check the box for one or more endpoints.
- Click the ellipsis icon > Generate Diagnostic Logs. This task may take a few minutes to complete. You can check the task status on the Tasks page.
- When the task is successful, click the name of the endpoint(s) to view the Endpoint Details slide-out.
- At the top-right corner of the Endpoint Details slide-out, click the Diagnostic Logs Available icon , then click Download to download the Diagnostic Logs zip folder to your local machine.
Note: Logs are available to download from the console for 72 hours.
If you cannot generate diagnostic logs within OneView, follow one of the manual collection steps below.
Manually collect Windows endpoint logs
Logs for Windows operating systems can be generated either from the task bar icon or from Windows command line.
Generate logs from task bar icon
- Reproduce the issue so the Endpoint Agent can run and generate new data.
- Locate the endpoint agent icon in the task bar tray.
- Hover over the icon, hold CTRL and right-click. Select Generate Diagnostic Logs.
- A log collection start message displays. Click Ok.
- The log collection process takes a few minutes to run. When it completes, the file starting with EA_ComputerName_Diag_Date.zip saves to the desktop. Send the file to Support.
Generate logs from command line
- Reproduce the issue so the Endpoint Agent can run and generate new data.
- Open Command Prompt as an administrator.
- Run the following command:
- "C:\Program Files\Malwarebytes Endpoint Agent\Useragent\EACmd.exe" -diag
- "C:\Program Files\Malwarebytes Endpoint Agent\Useragent\EACmd.exe" -diag
- The log collection process takes a few minutes to run. When it completes, the file MachineName_Diag_YYYY_MM_DD_HH_MM_SS.zip saves to the desktop. Send the file to Support.
- To specify the output folder, use the following command:
- "C:\Program Files\Malwarebytes Endpoint Agent\Useragent\EACmd.exe" -diag --output=VALUE
- "C:\Program Files\Malwarebytes Endpoint Agent\Useragent\EACmd.exe" -diag --output=VALUE
- To specify the output folder, use the following command:
Unresponsive log collection
If the endpoint agent is unresponsive to generating logs using Windows command line, then follow the steps below:
-
- Reboot the endpoint.
- If the endpoint agent starts, repeat the process to generate logs from task bar icon or using Windows command line.
- Check the Endpoint Agent service by running the following Windows command:
- SC query MBEndpointAgent
- Check the Endpoint Agent service by running the following Windows command:
- Copy the contents of the folders below:
- %PROGRAMDATA%\Malwarebytes Endpoint Agent\logs\*.*
- %PROGRAMDATA%\Malwarebytes\MBAMService\logs\*.*
- %PROGRAMDATA%\Malwarebytes\MBAMService\config\*.*
- %APPDATA%\Local\Temp\MSIxx.log
- Include this folder if running Endpoint Detection and Response
- %PROGRAMDATA%\Malwarebytes Endpoint Agent\Plugins\EDRPlugin\Database\*.*
- Zip the collected information and submit to Support.
Manually collect Mac endpoint logs
Mac Endpoint Agents do not support command line log generation. Follow the steps below to generate logs from the endpoint agent menu bar icon. You can also manually locate the log files.
Generate logs from the menu bar icon
- Reproduce the issue so the Endpoint Agent can run and generate new data.
- Locate the endpoint agent icon in the menu bar.
- Right-click on the endpoint agent icon (or hold the Control key and left-click) and select Generate Diagnostic Logs.
- After the above commands execute, the file starting with Diagnostic_info-?.zip is created and saved to:
- /Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/Diagnostics
- Attach this folder to your email reply to ThreatDown Support.
Manually locate log files
- Press Shift-Command-G and enter these file paths:
- /var/log/com.malwarebytes.EndpointAgent.log
- /var/log/install.log
- Save both files to your desktop.
- If this computer has Endpoint Agent v1.1 or older installed, enter this path:
- '/Library/Application Support/Malwarebytes/NebulaAgent'
- '/Library/Application Support/Malwarebytes/NebulaAgent'
- Double-click the Data folder.
- Save the settings.dat file to your desktop.
- Press Return.
- Send the logs you saved to your desktop to Support as an email attachment.
Manually collect Linux logs
Logs for Linux operating systems can be generated through Command Line Interface.
Generate logs from command line
- Reproduce the issue so the Endpoint Agent can run and generate new data.
- Enter the command in your Linux Command Line Interface
- mblinux diag
- The log collection process takes a few minutes to run. When it completes, the file MBDiagnostics.tar.gz will be located in your same directory.
- Send the file to Support.
Collect log files manually from the following locations:
- /var/log/mbdaemon.log
- /var/log/mblinux.log
- /var/log/com.malwarebytes.edr.log
- /var/lib/dkms/mbedr_drv/1.x.xx/build/make.log
Manually collect iOS, Android, and ChromeOS logs
Logs for mobile endpoints can be collected from the help screen.
- Launch the Mobile Security for Business app on the mobile device.
- In the top-right, tap the Help icon.
- Tap Export diagnostic data.
- Select a location to export the logs and provide it to support.
Enable debug logging
You can enable debug logging on the Endpoint Agent to collect diagnostic logs. Windows, Mac, and Linux endpoints support debug logging, which is enabled either from the Windows tray icon, Mac menu bar icon, or the command line.
For more information, see Enable debug logging on the Endpoint Agent.