This article provides information on the Sophos Cloud installer log locations for both Windows and Mac.
If you need to provide this information to Support please run the Sophos Diagnostic Utility to capture the relevant information. For more information see article 33533.
Applies to the following Sophos product(s) and version(s) Windows
Running 'SophosInstall.exe' creates the following logs in the user's temporary directory, this is typically referred to as %temp%, e.g.:
- XP/2003: 'C:\documents and settings\[usernmae]\local settings\temp\'
- Vista or later: 'C:\users\[username]\AppData\Local\Temp\'
Tip: To confirm you temp location, in a command prompt run the command:
set and find the variable called 'TEMP'.
Note: If the SophosInstall.exe is being run as a system, for example as deployed with a start-up script, then the logs will be in '%windir%\temp\'. E.g. 'C:\windows\temp\'.
The logs are as follows:
- Sophos Extract Log_[TimeStamp].txt - The log file of 'SophosInstall.exe'. It details the unpacking of the downloaded package.
- Sophos Endpoint Bootstrap_[TimeStamp].txt - The log for setup.exe ('%temp%\sophos_bootstrap\setup.exe'), which co-ordinates the first time installation of the various components.
Note: See article: 120449 for details on return codes.
- avremove.log - The Log of the third-party security detection and removal tool (extracted to %temp%\crt\) as created by 'avremoveew.exe'. This tool is run if the user selects the option when running SophosInstall.exe (this is the default). For more information on the CRT, see article 119619.
- Sophos AutoUpdate Install Log.txt - The MSI log detailing the installation of Sophos AutoUpdate - The component that keeps the software up to date.
- Sophos MCS Install Log.txt - The MSI log detailing the installation of Sophos Management Communication System (MCS). MCS is the component that provides communication to Sophos Cloud for policies, sending alerts and event information.
The default level of logging for the installer is written to the file 'install.log'. This file can be found in the following location by default:
One way to easily find the log is using 'Console' app and locate install.log under the '/var/log/' section on the left hand tree menu.
- Console can be launched by navigating in Finder to 'Applications' > 'Utilities' and running 'Console.app'.
- The lines containing relevant information about the install contain the text 'Sophos Installer' and 'Sophos Bootstrap'.
If the above level of logging is insufficient to diagnoze the problem it maybe necessary to re-run the installer again with debug logging enabled. To enable additional logging do as follows:
- Enable debug logging, to do so, in a Terminal window run the command:
sudo syslog -c 0 -d
Enter the administrative password as required.
- Launch 'Console' and click on 'All Messages'.
- Launch the downloaded 'Sophos Installer.app' file. You should see entries in Console from the Sophos installer.
Tip: Lines contain 'Sophos Installer' and 'Sophos Bootstrap'.
If the installer fails, see the Console log for information as to why. If you need guidance from Sophos Support, please send this output along with any other details.
- Once you have finished tracing the install it is suggested you disable debug logging. To do so run the following command in a Terminal window:
sudo syslog -c 0 off