Sophos Anti-virus for Linux/Unix: Description of the diagnose log contents

This article provides an overview of the logs and files collected by the /opt/sophos-av/bin/savdstatus --diagnose command.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Anti-Virus for Linux

Log Location Description
diagnose.log Root folder of the diagnose archive Output from running the diagnose command:/opt/Sophos-av/bin/savdstatus –diagnose
index.lst Root folder of the diagnose archive This lists the checksums of the files included in the diagnose log archive
Log Location Description
registerMCS.log.txt /opt/sophos-av/log Key exchange and registration of the MCS
Log Location Description
Agent-.log.txt /opt/sophos-av/rms/Agent/Logs/ RMS Agent related logging
Router-.log.txt /opt/sophos-av/rms/Router/Logs/* RMS Router related logging
ClientMRInit-.log.txt /opt/sophos-av/rms/ClientMRInit-*.log boot strap log of RMS
sophos.config.txt /opt/sophos-av/rms/sophos.config RMS registry information
agent.config.txt /opt/sophos-av/rms/agent.config RMS Agent related information
router.config.txt /opt/sophos-av/rms/router.config.txt Registry information from the RMS router
Log Location Description
sav-rms.log.txt /opt/sophos-av/log RMS daemon log
sophosmgmtd.log.txt /opt/sophos-av/log/sophosav Sophos Management daemon log
savd.log.txt /opt/sophos-av/log SAV daemon log in XML format
sav-protect.log.txt /opt/sophos-av/log Log of the notification actions from the SAV
savd.log.en.txt Exists in archive only – logs/sav Savd log – in english
dmesgcmd.txt Exists in archive only – logs/system Log output of the dmesg command
messages*.txtor syslog*.txt /var/log/messages* or /var/log/syslog* Log output of the system messages log this could also be from the syslog on some systems
dmesg.txt /var/log/dmesg the system dmesg file
boot.log.txt /var/log/boot.log the system boot logfile
talpaselect.log.txt /opt/sophos-av/log/talpaselect.log the log loading and compiling our kernel modules
mcs.config.txt /opt/sophos-av/etc/mcs.config

/opt/sophos-av/etc/sophosav/mcs.config
MCS server URL and token details
namedScanConfig_SEC:*Scheduled Scan.txt Exists in archive only – logs/namedScan Configuration files of the scheduled scans
Log Location Description
rpm.txt Exists in archive only – other/packages Shows the install packages of the system output of rpm command
yum.txt Exists in archive only – other/packages Shows the install packages of the system output of the yum command
Log Location Description
dpkg.txt Exists in archive only – other/packages Shows the install packages of the system output of the dpkg command
Log Location Description
savShortVersion.txt /opt/sophos-av/engine/savShortVersion Shows the version of SAV in short form
savVersion.txt /opt/sophos-av/engine/savVersion Shows the full version of SAV including minor release version and build number
customer_ID.txt.txt /opt/sophos_av/engine/customer_idtxt Shows the uniquecustomer ID
machine_ID.txt.txt Exists in archive only – other/sav Shows the machine ID
engineInfo.txt.txt Exists in archive only – other/sav Shows build details of the SAV engine
phonehome.txt Exists in archive only – other/sav Shows the phone home information
user.txt Exists in archive only – other/sav/c/user.txt Shows the user related SAV config info including the update configuration
machine.txt /opt/sophos_av/engine/machine_id.txt Shows the user related SAV config info including the update configuration
sophos.txt Exists in archive only other/sav/savconfig/sophos.txt Shows the SAV config including scanned filesystems and notification info
consoleav.txt Exists in archive only – other/sav/savconfig/consoleav.txt Shows the SAV config info
consoleupdate.txt Exists in archive only – other/sav/savconfig/consoleupdate.txt Shows the SAV config and update info
corporate.txt Exists in archive only – other/sav/savconfig/corporate.tx Shows the SAV config
Log Location Description
linuxthreads.txt Exists in archive only – other/system Info on the version of the thread library
route.txt Exists in archive only – other/system Routing table information on the system – output of the route command
last.txt Exists in archive only – other/system last logged in user information – output of the last command
netstat.txt Exists in archive only – other/system state information of the TCP/IP stack – output of the netstat command
ss.txt Exists in archive only – other/system state information of the TCP/IP stack – output of the ss command
env.txt Exists in archive only – other/system Information about environment variables – output of the env command
mount.txt Exists in archive only – other/system Information about mounted file systems – output of the mount command
ps.txt Exists in archive only – other/system Information about process running on the systems – output of the ps command
df.txt Exists in archive only – other/system Information about disk space usage on the systems – output of the df command
lsmod.txt Exists in archive only – other/system Information about loaded kernel modules on the systems – output of the lsmod command
lspci.txt Exists in archive only – other/system lists all PCI devices on the systems – output of the lspci command
lsInstallDir.txt Exists in archive only – other/system lists all files in the install directory – output of the ls command
ifconfig.txt Exists in archive only – other/system lists all configuration of all network interfaces – output of the ifconfig command
ip_addr.txt Exists in archive only – other/system lists all configuration of all network interfaces – output of the ip command
mounts.txt /proc/mounts lists the currently mounted filesystems
fstab.txt /etc/fstab static information about filesystems
mtab.txt /etc/mtab Information about filesystems
config.txt /etc/selinux/config Information about SELinux settings
rsyslog.conf.txt /etc/rsyslog.conf Information about the syslog daemons config
hosts.txt /etc/hosts local DNS information
resolv.conf.txt /etc/resolv.conf local DNS settings
sysctl.txt Exists in archive only – other/system Kernel parameters at runtime – output of the sysctl command
lsLibs.txt Exists in archive only – other/system Listing of the contents of the library directories
ldconfig.txt Exists in archive only – other/system listing of the preloaded libraries – output of the ldconfig command
Log Location Description
targetsystem.txt Exists in archive only – other/talpa information about the kernel version, distribution and startup system
modules.txt /proc/modules information about the memory addresses of the different kernel modules
version.txt /proc/version listing kernel version
meminfo.txt /proc/meminfo memory usage info
cpuinfo.txt /proc/cpuinfo processor info
kernel.txt Exists in archive only – other/talpa listing of kernel version, system map and kernel memory map
System.map-.txt /boot/System.map- copy of the kernel symbols map currently used on the system
kallsyms.txt /proc/ksyms', '/proc/kallsyms all symbols used by the kernels
config.log.txt talpa/build/talpa-*/config.log configure log of the talpa kernel modules
talpaselect.txt Exists in archive only – other/talpa name of the required talpa module and version for the running kernel
MRInit.conf.txt /opt/sophos-av/rms/MRInit.conf Holds info of ports, keys and addresses of the parent router
sophosmgmtd.log.txt /opt/sophos-av/log/sophosav/sophosmgmtd.log Log of the sophos management deamon
Savupdate-debug.log Info on the update debug log
Mozilla_version.txt details the mozilla version installed
Firefox_version.txt Exists in archive only – other/system details the Firefox version installed,from command /usr/bin/firefox --version
Uptime.txt Exists in archive only – other/system details how long the system has been running
Pstree.txt Exists in archive only – other/system output from the command /usr/bin/pstree -ap
Savfeedback.log /opt/sophos-av/log/sophosav/savfeedback.log logs from the phonehome service
Installer-verbose.log /opt/sophos-av/log/installer-verbose.log the verbose installer log
talpaVersion /opt/sophos-av/engine/talpaVersion provides the talpa version number
suiteVersion /opt/sophos-av/engine/suiteVersion provides the suite version number
fullVersion /opt/sophos-av/engine/fullVersion provides the full engine version number
oslevel_s.txt Exists in archive only (UNIX only) provides the output from the oslevel command
swap.txt Exists in archive only (UNIX only) provides the output from the swap command showing the swap partitions
vfstab.txt (UNIX only) see fstab for further details
mnttab.txt (UNIX only) see mtab for further details
gcc_version.txt Exists in archive only gcc version infomation
gcc_symbols.txt Exists in archive only gcc symbol infomation
menu.lst /boot/grub/menu.lst grub bootloader config
lilo.conf /etc/lilo.conf lilo bootloader config
build.log /opt/sophos-av/talpa/build/talpa-*/build.log build logs of the locally compiled talpa module
proc-sys-talpa/* /proc/sys/talpa copy of the files from the above location
sys-kernel-security-talpa/* /sys/kernel/security/talpa copy of the files from the above location
system.conf
limits.conf system/systemd/sav-rms.service.d/limits.conf or /system/systemd/sav-protect.service.d/limits.conf limit configuration
lsof.txt Exists in archive only – other/sav/ output of the lsof command – showing open files and sockets
pstack.txt Exists in archive only (UNIX only) prints stack trace of processes
core* complete core files collected from the system
scan.*.log /opt/sophos-av/log/scan.*.log logs of named scans
telnet.txt Exists in archive only output of the telnet command connecting to the RMS ports locally and remotely
Heartbeat.log.txt /opt/sophos-av/'log/heartbeat/Heartbeat.log Contains details of heartbeat related messages
Heartbeat.xml.txt etc/sophosav/Heartbeat.xml heartbeat IP address and certificates
mtdd_.log.txt /opt/sophos-av/log/mtdd_.log Contains details of mtdd related messages

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

Leave a Reply