How to pull logs from Sentinelone

How to pull logs from Sentinelone

1. Open an elevated CMD prompt

2. Run: cd C:\Program Files\SentinelOne\Sentinel Agent version\Tools

3. Run these commands:

> mkdir c:\temp

> LogCollector.exe WorkingDirectory=c:\temp

With CMD, you enter the output directory in the command. You can use a name other than “temp”.

When you press Enter on the last command, the LogCollector starts immediately and shows the status of the tool processes.

If the tool shows a message that it cannot find the output directory, make sure you entered an existing path as the WorkingDirectory.

4. Wait for the log collector to finish. In the temp directory (or other Working Directory, if you used the CMD), see the final output: a GZ file.

File name format: mm_dd_yyyy_hh_mm{AM|PM}_Logs.gz

Example: 05_12_2020_09_57AM_Logs.gz