Troubleshoot WatchGuard Endpoint Security on Mac Computers

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product., WatchGuard EDR Core This topic applies to the WatchGuard EDR Core, available in the Total Security Suite license.

Review this help topic to verify that your Mac computer is compatible with WatchGuard Endpoint Security products and that your computer can communicate with necessary endpoint software URLs.

• Make sure that your Mac computer meets the requirements in the Release Notes (external link).
• Make sure that your Mac computer can communicate with the URLs listed in this article (external link).

Collect Data for macOS Agent Version 3.x

If you have the latest updates for your endpoint security product, but an issue still exists, collect this information to help with a Support case:

• Generate a screenshot of the issue.
• Describe the issue in detail.
• Run the aether_logs_mac_v3.sh script and create an output tar.gz file.

You can use the aether_logs_mac_v3.sh script to collect data about your endpoint security product. If you contact Support, provide the tar.gz file that the script generates.

To collect data and create a diagnostic package:

1. Download the .ZIP file that contains the aether_logs_mac_v3.sh script from: https://www.pandasecurity.com/resources/tools/aether_logs_mac_v3.zip (external link)
   The file is password-protected. Use 'panda' for the password.
2. Unpack the aether_logs_mac_v3.sh folder to a location of your choice.
3. From a terminal window, change the directory to the aether_logs_mac_v3 directory.
4. To make sure you have access to the files in the directory, type the list command:
   ls
5. In the dialog box that opens, click OK.
   If the dialog box does not open, you already have access to the files in the directory. Go to the next step.

6. To run the script with root privileges, type:
   sudo ./aether_logs_mac_v3.sh
   The Options menu opens. The available options are:

0. Activate debug logs

1. Deactivate debug logs

2. Activate watchdog logs

3. Deactivate watchdog logs

4. Activate network protection logs

5. Deactivate network protection logs

6. Gather system logs

7. Test URL protection

8. Exit

7. To start to gather logs, type 0.
8. Replicate the issue.
9. To disable logs, type 1.
10. To gather data, type 6.

After some time, the process creates a tar.gz file that contains the logs. To help with your Support case, contact Support and provide the tar.gz file.

If you try to collect information without protection installed, you might not see all options. If this is the case, type 0 to gather logs and send the generated tar.gz file to Support.

Collect Data for macOS Agent Version 2.x

If you have the latest updates for your endpoint security product, but an issue still exists, collect this information to help with a Support case:

• Generate a screenshot of the issue.
• Describe the issue in detail.
• Run the aether_logs.sh script and create an output tar.gz file.

You can use the aether_logs.sh script to collect data about your endpoint security product. If you contact Support, provide the tar.gz file that the script generates.

To collect data and create a diagnostic package:

1. Download the .ZIP file that contains the aether_logs.sh script from: https://www.pandasecurity.com/resources/tools/aether_logs.zip (external link)
   The file is password-protected. Use 'panda' for the password.
2. Unpack the aether_logs folder to a location of your choice.
3. From a terminal window, change the directory to the aether_logs directory.
4. To run the script with root privileges, type:
   sudo ./aether_logs.sh
   The Options menu opens. The available options are:
   

0. Activate debug logs

1. Deactivate debug logs

2. Gather system logs

3. Test URL protection

4. Exit

5. To start to gather logs, type 0.
6. Replicate the issue.
7. To disable logs, type 1.
8. To gather data, type 2.

After some time, the process creates a tar.gz file that contains the logs. To help with your Support case, contact Support and provide them with the tar.gz file.

If you try to collect information without protection installed, you might not see all options. If this is the case, type 2 to gather logs. When complete, send the generated tar.gz file to Support.

Endpoint Has No Protection

If you do not have protection installed on your endpoint, you can still gather system logs:

1. To start to gather logs, type 0.
2. To disable logs, type 1.

After some time, the process creates a tar.gz file that contains the logs. To help with your Support case, contact Support and provide the tar.gz file.

Related Topics

Permissions required to enable WatchGuard Endpoint Security on macOS (external)