ESET Online Help

Search English
Select the topic

ESET Log Collector Command line

The Command line interface is a feature that enables you to use ESET Log Collector without the GUI. For example, on Server Core or Nano Server installation, also if you require or simply want to use command line instead of the GUI. There is also an extra command line only function available that converts the ESET binary log file to an XML format or to a text file.

Command line help - Run start /wait ESETLogCollector.exe /? to display the syntax help. It also lists available targets (artifacts) that can be collected. Contents of the list depend on the detected type of ESET security product installed on the system you are running ESET Log Collector on. Only relevant artifacts are available.

note

We recommend you use start /wait prefix when executing any command because the ESET Log Collector is primarily a GUI tool, The Windows command line interpreter (shell) does not wait for the executable to terminate and instead returns immediately and displays a new prompt. When you use start /wait prefix, you will make the Windows shell wait for ESET Log Collector's termination.

If you are running ESET Log Collector for the first time, ESET Log Collector requires the End User License Agreement (EULA) to be accepted. To accept EULA, run the first command with /accepteula parameter. Any subsequent commands will run without the need of the /accepteula parameter. If you choose not to accept the terms in the End User License Agreement (EULA) and do not use the /accepteula parameter, your command will not be executed. Also, the /accepteula parameter must be specified as the first parameter, for example: start /wait ESETLogCollector.exe /accepteula /age:90 /otype:fbin /targets:prodcnf,qinfo,warn,threat,ondem collected_eset_logs.zip

Usage:

[start /wait] ESETLogCollector.exe [options] <out_zip_file> - Collects logs according to specified options and creates output archive file in a ZIP format.

[start /wait] ESETLogCollector.exe /Bin2XML [/All] [/UTC] <eset_binary_log> <output_xml_file> - Converts collected ESET binary log file (.dat) to an XML file.

[start /wait] ESETLogCollector.exe /Bin2Txt [/All] [/UTC] <eset_binary_log> <output_txt_file> - Converts collected ESET binary log file (.dat) to a text file.

Options:

/Age:<days> - Maximum age of collected log records in days. The value range is 0-999, 0 means infinite, and default is 30.

/OType:<xml|fbin|obin> - Collection format for ESET logs:

xml - Filtered XML

fbin - Filtered binary (default)

obin - Original binary from disk

/All - Translate also records marked as deleted. This parameter applies only when converting the collected ESET binary log file to XML or TXT.

/UTC - Convert the time format of the log records from local time to UTC format.

/Targets:<id1>[,<id2>...] - List of artifacts to collect. If not specified, a default set is collected. The special value 'all' means all targets.

/NoTargets:<id1>[,<id2>...] - List of artifacts to skip. This list is applied after the Targets list.

/Profile:<default|threat|all> - A collection profile is a defined set of targets:

Default - Profile used for general support cases.

Threat - Profile related to the threat detection cases.

All - Selects all available targets.

note

When you choose Filtered XML or Filtered binary collection format, the filtering means that only records for the last number of days will be collected (specified by /Age:<days> parameter). If you choose Original binary from disk, parameter /Age:<days> will be ignored for all ESET logs. For other logs, such as Windows Event Logs, Microsoft SharePoint logs or IBM Domino logs, parameter /Age:<days> will be applied so that you can limit non-ESET log records to a specified number of days and have original ESET binary files collected (copied) without age limit.

note

Parameter /All enables conversion of all log records, including those deleted via main program window but are present in the original binary file marked as deleted (log records not visible in the main program window).

elc_cli_help

example

This example command changes the language to Italian. You can use any of the available languages: ARE, BGR, CSY, DAN, DEU, ELL, ENU, ESL, ESN, ETI, FIN, FRA, FRC, HUN, CHS, CHT, ITA, JPN, KKZ, KOR, LTH, NLD, NOR, PLK, PTB, ROM, RUS, SKY, SLV, SVE, THA, TRK, UKR

/lang: ITA

example

This example command collects ESET product configuration, Info about quarantined files, ESET Events log, ESET Detected threats log and ESET Computer scan logs in Filtered binary collection mode with records for last 90 days:

start /wait ESETLogCollector.exe /age:90 /otype:fbin /targets:prodcnf,qinfo,warn,threat,ondem collected_eset_logs.zip

example

This example command collects Running processes, System event log, ESET SysInspector log, ESET product configuration, ESET Events log and General product diagnostics logs in Original binary from disk collection mode:

start /wait ESETLogCollector.exe /otype:obin /targets:proc,evlogsys,sysin,prodcnf,warn,diag collected_diag_logs.zip

example

This example command collects ERA Agent logs, ERA Server logs, ERA configuration and ERA Rogue Detection Sensor logs in Filtered XML collection mode with records for last 10 days:

start /wait ESETLogCollector.exe /age:10 /otype:xml /targets:eraag,erasrv,eraconf,erard collected_era_logs.zip

example

This example command converts collected ESET binary log file (Computer scan log) to an XML file format with all records (including logs marked as deleted):

start /wait ESETLogCollector.exe /bin2xml /all C:\collected_eset_logs\ESET\Logs\Common\eScan\ndl27629.dat scan_log.xml

Similarly, collected Computer scan log file conversion to a text file, but omitting logs marked as deleted:

start /wait ESETLogCollector.exe /bin2txt C:\collected_eset_logs\ESET\Logs\Common\eScan\ndl27629.dat scan_log.txt