ESET Log Collector Command line

Command line interface is a feature that allows you to use ESET Log Collector without the GUI. For example, on Server Core or Nano Server installation, also if you require or simply wish to use command line instead of the GUI. There is also an extra command line only function available that converts the ESET binary log file to an XML format or to a text file.

Command line help - Run start /wait ESETLogCollector.exe /? to display the syntax help. It also lists available targets (artifacts) that can be collected. Contents of the list depend on the detected type of ESET security product installed on the system you are running ESET Log Collector on. Only relevant artifacts are available.

note_icon_note NOTE

We recommend you use start /wait prefix when executing any command because the ESET Log Collector is primarily a GUI tool and Windows command-line interpreter (shell) does not wait for the executable to terminate and instead returns immediately and displays a new prompt. When you use start /wait prefix, you will make Windows shell wait for ESET Log Collector's termination.

If you are running ESET Log Collector for the first time, ESET Log Collector requires the End User License Agreement (EULA) to be accepted. To accept EULA, run the very first command with /accepteula parameter. Any subsequent commands will run without the need of the /accepteula parameter. If you choose not to accept the terms in the End User License Agreement (EULA) and do not use the /accepteula parameter, your command will not be executed. Also, the /accepteula parameter must be specified as the first parameter, for example: start /wait ESETLogCollector.exe /accepteula /age:90 /otype:fbin /targets:prodcnf,qinfo,warn,threat,ondem collected_eset_logs.zip

Usage:

      [start /wait] ESETLogCollector.exe [options] <out_zip_file> - collects logs according to specified options and creates output archive file in a ZIP format.

      [start /wait] ESETLogCollector.exe /Bin2XML [/All] <eset_binary_log> <output_xml_file> - converts collected ESET binary log file (.dat) to an XML file.

      [start /wait] ESETLogCollector.exe /Bin2Txt [/All] <eset_binary_log> <output_txt_file> - converts collected ESET binary log file (.dat) to a text file.

Options:

      /Age:<days> - Maximum age of collected log records in days. Value range is 0-999, 0 means infinite, default is 30.

      /OType:<xml|fbin|obin> - Collection format for ESET logs:

xml - Filtered XML

fbin - Filtered binary (default)

obin - Original binary from disk

      /All - Translate also records marked as deleted. This parameter is applicable only when converting collected ESET binary log file to XML or TXT.

      /Targets:<id1>[,<id2>...] - List of artifacts to collect. If not specified, a default set is collected. Special value 'all' means all targets.

      /NoTargets:<id1>[,<id2>...] - List of artifacts to skip. This list is applied after the Targets list.

      /Profile:<default|threat|all> - Collection profile is a defined set of targets:

Default - Profile used for general support cases

Threat - Profile related to the threat detection cases

All - Selects all available targets

 

note_icon_note NOTE

When you choose Filtered XML or Filtered binary collection format, the filtering means that only records for the last number of days will be collected (specified by /Age:<days> parameter). If you choose Original binary from disk, parameter /Age:<days> will be ignored for all ESET logs. For other logs, such as Windows Event Logs, Microsoft SharePoint logs or IBM Domino logs, parameter /Age:<days> will be applied so that you can limit non-ESET log records to a specified number of days and have original ESET binary files collected (copied) without age limit.

note_icon_note NOTE

Parameter /All allows for conversion of all log records, including those that were deleted via GUI but are present in the original binary file marked as deleted (log records not visible in the GUI).

elc_cli_help

note_icon_example EXAMPLE

This example command changes the language to Italian. You can use any of the available languages: ARE, BGR, CSY, DAN, DEU, ELL, ENU, ESL, ESN, ETI, FIN, FRA, FRC, HUN, CHS, CHT, ITA, JPN, KKZ, KOR, LTH, NLD, NOR, PLK, PTB, ROM, RUS, SKY, SLV, SVE, THA, TRK, UKR

/lang: ITA

note_icon_example EXAMPLE

This example command collects ESET product configuration, Info about quarantined files, ESET Events log, ESET Detected threats log and ESET Computer scan logs in Filtered binary collection mode with records for last 90 days:

start /wait ESETLogCollector.exe /age:90 /otype:fbin /targets:prodcnf,qinfo,warn,threat,ondem collected_eset_logs.zip

note_icon_example EXAMPLE

This example command collects Running processes, System event log, ESET SysInspector log, ESET product configuration, ESET Events log and General product diagnostics logs in Original binary from disk collection mode:

start /wait ESETLogCollector.exe /otype:obin /targets:proc,evlogsys,sysin,prodcnf,warn,diag collected_diag_logs.zip

note_icon_example EXAMPLE

This example command collects ERA Agent logs, ERA Server logs, ERA configuration and ERA Rogue Detection Sensor logs in Filtered XML collection mode with records for last 10 days:

start /wait ESETLogCollector.exe /age:10 /otype:xml /targets:eraag,erasrv,eraconf,erard collected_era_logs.zip

note_icon_example EXAMPLE

This example command converts collected ESET binary log file (Computer scan log) to an XML file format with all records (including logs marked as deleted):

start /wait ESETLogCollector.exe /bin2xml /all C:\collected_eset_logs\ESET\Logs\Common\eScan\ndl27629.dat scan_log.xml

Similarly, collected Computer scan log file conversion to a text file, but omitting logs marked as deleted:

start /wait ESETLogCollector.exe /bin2txt C:\collected_eset_logs\ESET\Logs\Common\eScan\ndl27629.dat scan_log.txt