How to collect logs

ESET Virtualization Security consists of 3 components: Virtual Agent Host (VAH), ESET Virtualization Security Appliance, ESET Remote Administrator. The logs of each component must be retrieved to troubleshoot any issue.

To ensure logs contain all essential data required to identify the cause of a problem: enable trace logging for Virtual Agent Host and ESET Remote Administrator server and enable access to system logs for ESET Virtualization Security .  

Logs can be collected using the diagnostic tool or manually.


Collect logs using the diagnostic tool

The diagnostic tool is part of all ERA components. Run the diagnostic tool to collect logs from ERA and VAH, select a root folder where the logs will be saved, and then select one of following actions below:

Dump logs - A logs folder is created where all logs are saved.

Dump process - A new folder is created. A process dump file is generally created in cases where a problem was detected. When a serious problem is detected, a dump file is created by system. To check it manually, go to the folder %temp% (in Windows) or folder /tmp/ (in Linux) and insert a dmp file.


Service (Agent, Proxy, Server, RD Sensor, FileServer) must be running.

General application information - The GeneralApplicationInformation folder is created and inside it the file GeneralApplicationInformation.txt. This file contains text information including the product name and product version of the currently installed product.

Action configuration - A configuration folder is created where file storage.lua is saved.


Location of the Diagnostic Tool:

Windows - Folder C:\Program Files\ESET\RemoteAdministrator\<product>\ , a file called Diagnostic.exe.

Linux - Server path /opt/eset/RemoteAdministrator/<product>/ , there is a Diagnostic<product> executable (one word, for example, DiagnosticServer, DiagnosticAgent)


The <product> can represent Server or Agent in case of ESET Remote Administrator server machine, or it can be Agent or VAgentHost in case of VAH Aplience.


Manually collect logs from VAH

Necessary log files from VAH can be found at the following locations:

/var/opt/eset/RemoteAdministrator/VAgentHost/MultiAgent - Contains logs for each protected virtual machine (directory is represented by UUID).

/var/opt/eset/RemoteAdministrator/VAgentHost/Dumps - Contains crashdumps that have not been sent to the ESET CrashReporting service yet.

/var/log/eset/RemoteAdministrator/VAgentHost - Contains the tracelog of VAgentHost.

/var/log/eset/RemoteAdministrator/VAgentHost/Proxy - Contains the tracelog of VAgentHost's MultiProxy component.

/var/log/eset/RemoteAdministrator/vahinstaller.log - Contains installation logs


VAH Database dump

Sometimes a copy of VAH database might be needed for troubleshooting purposes.  To create a database dump, run the following command in the VAH appliance:

mysqldump -u root -p era_vah_db > /tmp/vah_db_export.sql 

Where /tmp/vah_db_export.sql is the desired path and  file name of database is dump.


See how to access system logs of ESET Virtualization Security.