Skip to main content
Skip table of contents

What does the Collector Reporter gather from the system

Question:

What does the Collector Reporter gather from the system?

Answer:

Depending on the Operating System on which you are running the Collector Reporter it will gather the information you can find below.

Collector Reporter for Windows

  1. Files included

The Collector reporter zip contains the following files inside:

nxtreporter-x.x.x.x.zip

nxtreporter.cmd

batch file to run

nxtreporter32.exe

executable running on 32 bits systems

nxtreporter64.exe

executable running on 64 bits systems


 2. Data gathered from the system

Table 2.1: The data gathered inside zip report

nxtreporter.zip

filename

description

Support question type

Investigation priority

systemlog.txt

Collector version, running state, configuration.
List of all currently running processes.

Status of gathering all the following data for the full zip report.

 

 

*.dmp

c:\Windows\MEMORY.dmp

c:\Windows\Minidump\* (all files located here)

BSOD issue

 

edid.txt

EDID data in binary form (Extended Display Identification Data). Detailed information about all connected displays.

crash nxtsvc / wrong monitor data reported

 

ipconfig.txt

Result of the command "ipconfig.exe"

No Collector data reported to Engine

 

macs.txt

MAC addresses, result of the command "getmac.exe"

 

 

serviceslist.txt

All kernel/user drivers configured, result of the command "driverquery.exe -v"

 

 

servicesstatus.txt

Running status of all windows services, result of the command "sc queryex"

 

 

ver.txt

OS Version, result of the command "ver.exe"

 

 

wfpstate.xml

WFP configuration, result of the command "netsh wfp show state"

 

 

disks.xml

Information about hard disks.

 

 

printers.xml

Information about installed printers.

 

 

verifier.txt

Driver verifier configuration, result of the command "verifier.exe  /querysettings"

 

 

msiproducts.xml

List of all products and patches installed by msi installer.

 

 

/wer/*

WER (Windows Error Reporting) files, crash dumps of user applications.

nxtsvc crash

 

/watchdog/*

Kernel error reports, content of directory C:\Windows\LiveKernelReports\WATCHDOG\

 

 

/Temp/*

/Windows/*

/Windows_Temp/*

All log files with name matching pattern "*nxt*" or "*nexthink*",

setupapi.log

Installation issue

Important

eventlog_application.txt

eventlog_security.txt

eventlog_system.txt

Windows event logs. Text representation of internal log database (viewable by "Event Viewer" application).

installation issue / historical data

Important

/Antivirus/SecurityCenter.txt

/Antivirus/*.bk

Information about Security Center status.

Backup of registry keys of well known Antivirus products: see table 2.1

 

 

/Printers/*.bk

Backup of registry keys of installed printers: see table 2.2

 

 

*.bk

Backup of registry keys: see table 2.3

installation issue

 

Table 2.1: Backup of registry keys of well known Antivirus products

Registry Key

Backup file name

"HKEY_LOCAL_MACHINE\\SOFTWARE\\McAfee"

reg_software_mcafee.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\KasperskyLab"

reg_software_kaspersky.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\BitDefender"

reg_software_bitdeffender.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Microsoft Antimalware"

reg_software_ms_anti.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Norton"

reg_software_norton.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Sophos"

reg_software_sophos.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Symantec"

reg_software_symantec.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\TrendMicro"

reg_software_trendmicro.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\McAfee"

reg_software_mcafee6432.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\KasperskyLab"

reg_software_kaspersky6432.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\BitDefender"

reg_software_bitdeffender6432.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Microsoft Antimalware"

reg_software_ms_anti6432.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Norton"

reg_software_norton6432.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Sophos"

reg_software_sophos6432.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Symantec"

reg_software_symantec6432.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\TrendMicro"

reg_software_trendmicro6432.bk

Table 2.2: Backup of registry keys of installed printers

Registry Key

Backup file name

"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\Printers\\"

machine_system_ccs_control_print_printers.bk

"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Enum\\"

machine_system_ccs_enum.bk

"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceContainers\\"

machine_system_ccs_devicecontainers.bk

"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\Monitors\\"

machine_system_ccs_control_print_monitors.bk

Table 2.3: Backup of registry keys

Registry Key

Backup file name

"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet"

machine_system_current_control_set.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion"

machine_software_win_current_version.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"

machine_software_winnt_current_version.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion"

machine_software_win_current_version6432.bk

"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion"

machine_software_winnt_current_version6432.bk

The same set of keys is gathered for each user (#UserSID#), from HKEY_USERS tree:

Registry Key

Backup file name

"HKEY_USERS\\#UserSID#\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet"

users_#UserSID#_system_current_control_set.bk

"HKEY_USERS\\#UserSID#\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion"

users_#UserSID#_software_win_current_version.bk

"HKEY_USERS\\#UserSID#\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"

users_#UserSID#_software_winnt_current_version.bk

 

Reporter for Mac OS X

The reporter is included inside the collector installer dmg package.

The tool have to be run as privileged user i.e. sudo reporter

To run the reporter:

  • Copy the reporter script from the dmg package to a folder on the machine

  • Run reporter script

CODE
sudo ./reporter
  • The zip file will by in the same folder the reporter script was running

Files Included

 

Nexthink_Collector_x.x.x....dmg

reporter

Script file to run

Data gathered from the system

In the current directory from where the script is executed, a .zip file is created or an error message from the script is displayed.

Nexthink_Reporter.zip

file/directory

description

CrashReporter

directory containing logs of crash incidents

DiagnosticReports

copy of Mac OS system diagnostic events

config.plist

collector config

crashguard

collector crashguard file (binary)

nxtsvc

collector service (binary)

sudoers

Mac OS sudores file

nxtsvc.log

Nexthink Service log

nxtsvc.X.log

Nexthink Service backup logs; "X" represents the number of the backup file

nxtcod.log

Nxtcod process logs

nxtcod.X.log

Nxtcod process backup logs; "X" represents the number of the backup file

nxtcoordinator.log

NXT Coordinator Service Logs

nxtcoordinator.X.log

NXT Coordinator Service backup logs; "X" represents the number of the backup file

nxteufb.log

Engage Client Service logs

nxtupdater.log

Update logs

nxtbsm.log

Business Service module log

nxtextension.log

Application Experience Extension log


Only the files which were present on the system are included in the zip, for example, if logs setting was 'Silent' then nxtsvc.log won't be present.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.