Why is this the documentation for this feature so bad? "Diagnose: This diagnoses potential issues with the computer." That's all.
I'd expected, I could get this file somewhere centrally without the need to collect this on the endpoint. Now I read in the forums, that this uploads a file to Central and only supoort can access it there, after I created a case and mention the file name.
Can I pick this file somewhere on the client or download it via central live response or whatever?
If you run "Diagnose" from Central, it will leave the zip file in the system user's temp directory, e.g. \windows\temp\.. I believe the zip is in a sub-folder under \windows\temp named "sdu-<pid>".…
Thank you for reaching out to the Sophos Community. The most detailed guidance regarding the SDU tool can be found in the following two links.
How to locate and download: https://support.sophos.com/support/s/article/KB-000033500?language=en_USRunning the SDU tool and sending logs to support: https://support.sophos.com/support/s/article/KB-000033508?language=en_US
I will reach out to our documentation teams to see if we can get the content in the Central Admin Help guide reviewed so that we include some links that redirect customers to the documentation above.
In regards to obtaining the logs yourself after the upload process, this can only be done by Sophos Support at this time. If you wish to see this opened up to customers in the future, I recommend submitting a feature request. - https://ideas.sophos.com/forums/285723-endpoint-protection
If you run "Diagnose" from Central, it will leave the zip file in the system user's temp directory, e.g. \windows\temp\.. I believe the zip is in a sub-folder under \windows\temp named "sdu-<pid>". You could grab that yourself with what ever agent or C$ access you might have to the computer.
"C:\Program Files (x86)\Sophos\Sophos Diagnostic Utility\sducli.exe" is essentially what gets called and sduconfig.xml is the config which defines the files to collect and commands to run. So you could run that through whatever means you may have.
that's good information, would be really cool, to add such knowledge into the documentation!
thanks Sophos User930
thanks Qoosh for contacting the Doc-Team