ESET Online Help

Search English
Select the topic

ESET Log Collector Command line

The Command line interface allows you to use ESET Log Collector without the GUI. For example, on Server Core or Nano Server installation, or if you need to use the command line instead of the GUI. An extra command-line-only function available that converts the ESET binary log file to an XML format or text file.

Command line help—Run start /wait ESETLogCollector.exe /? to display the syntax help. It also lists available targets (artifacts) that can be collected. Contents of the list depend on the detected type of ESET security product installed on the system you are running ESET Log Collector on. Only relevant artifacts are available.


note

We recommend you use start /wait prefix when executing any command because the ESET Log Collector is primarily a GUI tool, the Windows command line interpreter (shell) does not wait for the executable to terminate and instead returns immediately and displays a new prompt. When you use start /wait prefix, you will make the Windows shell wait for ESET Log Collector's termination.

If you are running ESET Log Collector for the first time, you must accept the ESET Log Collector End User License Agreement (EULA). To accept EULA, run the first command with /accepteula parameter. Any subsequent commands will run without the need of the /accepteula parameter. If you choose not to accept the terms in the End User License Agreement (EULA) and do not use the /accepteula parameter, your command will not be executed.

Also, the /accepteula parameter must be specified as the first parameter, for example:

start /wait ESETLogCollector.exe /accepteula /age:90 /otype:fbin /targets:prodcnf,qinfo,warn,threat,ondem collected_eset_logs.zip

 

Usage:

[start /wait] ESETLogCollector.exe [options] <out_zip_file>—Collects logs according to specified options and creates output archive file in a ZIP format.

[start /wait] ESETLogCollector.exe /Bin2XML [/All] [/UTC] <eset_binary_log> <output_xml_file>—Converts collected ESET binary log file (.dat) to an XML file.

[start /wait] ESETLogCollector.exe /Bin2Txt [/All] [/UTC] <eset_binary_log> <output_txt_file>—Converts collected ESET binary log file (.dat) to a text file.

Options:

/Age:<days>—Maximum age of collected log records in days. The value range is 0–999, 0 means infinite, and the default is 30.


note

When you choose Filtered XML or Filtered binary collection format, the filtering means that only records for the last number of days will be collected (specified by /Age:<days> parameter). If you choose the Original binary from disk, the parameter /Age:<days> will be ignored for all ESET logs. For other logs, such as Windows Event Logs, Microsoft SharePoint logs or IBM Domino logs, parameter /Age:<days> will be applied so you can limit non-ESET log records to a specified number of days and have original ESET binary files collected (copied) without an age limit.

/OType:<xml|fbin|obin> - Collection format for ESET logs:

xmlFiltered XML

fbinFiltered binary (default)

obin—Original binary from disk

/All—Translate also records marked as deleted. This parameter only applies when converting the collected ESET binary log file to XML or TXT.


note

Parameter /All enables conversion of all log records, including those deleted via main program window but are present in the original binary file marked as deleted (log records not visible in the main program window).

/UTC—Convert the time format of the log records from local time to UTC format.

/Targets:<id1>[,<id2>...]—List of artifacts to collect. If not specified, a default set is collected. The special value 'all' means all targets.

/NoTargets:<id1>[,<id2>...]—List of artifacts to skip. This list is applied after the Targets list.

/Profile:<default|threat|all>—A collection profile is a defined set of targets:

DefaultProfile used for general support cases.

ThreatProfile related to the threat detection cases.

All—Selects all available targets.

/ProtectArch - Protect the archive by password.

elc_cli_help


example

This example command changes the language to Italian. You can use any of the available languages:

ARE, BGR, CSY, DAN, DEU, ELL, ENU, ESL, ESN, ETI, FIN, FRA, FRC, HUN, CHS, CHT, ITA, JPN, KKZ, KOR, LTH, NLD, NOR, PLK, PTB, ROM, RUS, SKY, SLV, SVE, THA, TRK, UKR

/lang: ITA


example

This example command collects ESET product configuration, Info about quarantined files, ESET Events log, ESET Detected threats log and ESET Computer scan logs in Filtered binary collection mode with records for the last 90 days:

start /wait ESETLogCollector.exe /age:90 /otype:fbin /targets:prodcnf,qinfo,warn,threat,ondem collected_eset_logs.zip


example

This example command collects Running processes, System event log, ESET SysInspector log, ESET product configuration, ESET Events log and General product diagnostics logs in Original binary from disk collection mode:

start /wait ESETLogCollector.exe /otype:obin /targets:proc,evlogsys,sysin,prodcnf,warn,diag collected_diag_logs.zip


example

This example command collects ERA Agent logs, ERA Server logs, ERA configuration and ERA Rogue Detection Sensor logs in Filtered XML collection mode with records for the last 10 days:

start /wait ESETLogCollector.exe /age:10 /otype:xml /targets:eraag,erasrv,eraconf,erard collected_era_logs.zip


example

This example command converts collected ESET binary log files (Computer scan log) to an XML file format with all records (including logs marked as deleted):

start /wait ESETLogCollector.exe /bin2xml /all C:\collected_eset_logs\ESET\Logs\Common\eScan\ndl27629.dat scan_log.xml

 

Similarly, collect Computer scan log file converted to a text file, but omitting logs marked as deleted:

start /wait ESETLogCollector.exe /bin2txt C:\collected_eset_logs\ESET\Logs\Common\eScan\ndl27629.dat scan_log.txt