Skip to content
Find out how we support MDR.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=appliance-logs

Appliance logs

You can get logs of Sophos appliance activity and send them to Sophos Support for troubleshooting.

The Sophos Diagnostic Utility (SDU) collects the log files. You can find them as described here. The steps depend on whether you have access to the VM that the appliance runs on.

Get logs without access to the VM

If you can't access the VM, find out where the log files are kept and tell Sophos Support as follows:

  1. Sign in to Sophos Central.
  2. Go to Threat Analysis Center > Integrations > Configured.

  3. Click the Integration Appliances tab.

    Configured integrations page.

  4. Find the appliance. In the rightmost column, click the ellipsis (three dots) and select Collect logs.

    Appliances tab showing the ellipsis.

  5. In the Log requested column, hover over the information icon to see the log file name in a tooltip.

    Appliances tab showing the Log requested column.

  6. Send the file name to Sophos Support.

Get logs with access to the VM

If you can access the VM, download the log files as follows:

  1. Go to Threat Analysis Center > Integrations > Configured.

  2. Click the Integration Appliances tab.

    Configured integrations page.

  3. Find the appliance. In the rightmost column, click the ellipsis (three dots) and select Open Appliance Manager.

    Appliances tab showing the ellipsis.

  4. Click Open.

    If you don't know the password, use the link to reset it. The username is zadmin.

    Open Appliance Manager confirmation dialog.

  5. In the Appliance Manager dashboard, click Actions and select Download Log File.

    Appliance Manager dashboard showing Actions menu.

  6. Send the log file to Sophos Support.