View Sensor Logs

You can view sensor logs to troubleshoot issues with a sensor.

Retrieve logs

  1. In the System > Sensors screen, select the sensor(s) from the list. You can fetch logs for up to 10 sensors at once.

  2. Above the sensor list, click Actions.

  3. In the action list, select Fetch sensor log.

  4. Click Action log/In progress from the top right corner of the screen. When the Cybereason platform log retrieves the log from the sensor and displays a Success message, click Download log.

Fetch Logs

Your browser downloads a zip file including the following log file(s) to your machine:

  • Sensor logs

  • Anti-Malware (signatures) log

  • Anti-Ransomware log

  • Execution Prevention service log

  • Application Control log

  • Anti-Malware (artificial intelligence) log

Example: Accessing sensor logs

Here is an example of accessing the Anti-Malware (signatures feature) log:

  1. On the machine, in the C:\ProgramData\apv2\Logs folder, find the AmSvc.log log file, alongside the other sensor log files:

Log location

  1. Open the file. Here is how it appears, displaying notifications of first time update and malware detection:

Log file

Find log files on sensor machines

If a sensor is not connected and you need to troubleshoot an issue on the sensor, you can access sensor logs directly on the machine. The tables below show the location and name of log files.

Machines with Windows 7 and higher or Windows Server 2008 and higher:

Log type

Log name

Log location

Sensor logs

Several log files. Main log file is: CybereasonActiveProbe.log

C:\ProgramData\apv2\Logs

Sensor communication logs

CybereasonActiveConsole.log

C:\ProgramData\apv2\Logs

Anti-Malware signatures log

AmSvc.log

C:\ProgramData\apv2\Logs

Anti-Ransomware log

CybereasonCrs.log

C:\ProgramData\crs1

Execution Prevention service log

CRExecPrev.log

C:\ProgramData\crb1

Application Control log

AcScanner.log

C:\ProgramData\crb1

Anti-Malware (artificial intelligence) log

NGAV.log

C:\ProgramData\crb1

Other operating systems:

Operating system

Sensor log location

Mac

/usr/local/cybereason/Logs

Linux

/opt/cybereason/sensor/Logs/