HOW TO: Save the logs Sophos Support requests

So this was frustrating to figure out because I never really get any guidance from support on how to do this.  I think they are assuming everyone simply uses PuTTY for Windows or some other Linux client and everyone must know how to capture logs to a file, it's easy right?  OK well yeah it is, but here's the guide for people who don't know how now and still need to learn.  If you want to grab a log, use PuTTY.  I prefer the Bitvise SSH Client, but they don't have the same logging capabilities as PuTTY.

When you first run PuTTY, you get a window where you can type your host and connect.  But there's also a Logging area under Session you can configure to save the output of the entire session into a log file:

OK so click there and make the following changes:

I use "All session output" and you also have to change the location of the default log file name, or it defaults to the program location where no one has default write access (unless you run PuTTY as Admin).  So my Log file name is: C:\Users\chris\Documents\Putty logs\&H-&Y-&M-&D-&T.log  There's a legend for what those & global variables translate to.

You're going to login as admin.  If you want to paste your password in you can, just hit the right mouse button somewhere in the terminal screen if its in the clipboard.

Let's say you need to grab your awarrenmta.log file from /log folder.  to do this you're gong to need to enter the Advanced Shell.  Select #5 Device Management, then #3 Advanced Shell.  Be very careful in this area, if you do the wrong thing you could ruin your device and void your warranty.  However, digging through a log is something they make us do rather frequnetly at my shop.

So you advanced shell looks like this:

You're going to type the following commands:

cd /log
cat awarrenmta.log
cat awarrenmta.log.0

awarrentmta.log.0 goes back further than awarrentmta.log, but picks up where awarrenmta.log drops off.  When the system brings you back to the bash prompt, type exit, then hit 0 twice to leave the console.  This will close PuTTY and you'll have a nice large .log file to zip up and email to Sophos support.

Bon apetit!