Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 9 subscribers
  • Views 7967 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Running SDU remotely

Jay Parmar

Hi all,

Anyone aware if it is possible to collect SDU logs remotely without having to disturb users and remoting onto endpoints?

Sophos Support can't seem to do much [in my experience] without the SDU log files...

I'm trying to find a way where I can supply support the SDU log files at the point of logging the call....as opposed to support taking a day or so to ask you for the SDU logs.

Thanks.



This thread was automatically locked due to age.
  • 0

    Hello Jay Parmar,

    there's a How to article, it's for the on-premise managed SESC though. AFAIK the utility exists on the endpoint in %ProgramData%\Sophos\Sophos Anti-Virus\diagnose\. Of course you'd either need to be able to access the logs on the endpoint or the endpoint must be able to write to a remote share (in which case an endpoint should create its own subdirectory there).

    Christian

  • 0

    I use psexec to open a remote command shell and from there the below commands will kick off an SDU collection in a custom folder.

     

    On Prem (SEC managed)
    psexec \\*workstation* cmd
    cd c:\programdata\sophos\autoupdate\cache\savxp\diagnose\
    sducli.exe -sysinfo -sophos -logdir=c:\programdata\sophos\sduOutput\


    Central
    psexec \\*workstation* cmd
    cd c:\programdata\sophos\autoupdate\cache\decoded\sdu
    sducli.exe -sysinfo -sophos -logdir=c:\programdata\sophos\sduOutput\

  • 0 in reply to ISRyanB

    Hello ISRyanB,

    on a decent machine (and especially with Central that has a longer updating interval) SDU might complete before the next update check. But otherwise the cache might be locked (due to the sducli.exe process running from it) and updating fail. As said, I think a copy exists under %ProgramData%, or the diagnose/sdu folder could be copied to a temporary location.

    Christian

  • 0 in reply to QC

    Hi QC, thanks for that. As we are on Sophos Central, i'm looking at PowerShell to try and grab the SDUs.

    psexec is not permitted in our environment unfortunately.

  • 0 in reply to Jay Parmar

    Hello Jay Parmar,

    psexec is just one option, in an AD environment the Task Scheduler is perhaps the weapon of choice.

    Christian

Unfiltered HTML