Skip to main content

Using BDSysLog to submit forensic information and suspicious files for analysis

Overview

If your computer seems to be infected, but Bitdefender does not detect any malware, and you are uncertain of the source of malicious behavior, or just want to be sure that your computer is not infected, an analysis made by the Bitdefender Labs is most likely necessary.

This section explains how to use the BdSysLog system diagnosis tool to submit suspicious files and forensic information for malware analysis.

This tool collects specific system information that may indicate active malware or malware-related activity. The gathered files are sent to Bitdefender Cloud Services for processing. After the analysis is complete, the tool generates a local archive named bdsyslog.zip, containing the detailed log.

This standalone tool can be used on any computer and does not require any other Bitdefender product to be installed.

Prerequisites

  • It is recommended, even if not vital, to have a good internet connection while using BDSysLog.

    Warning

    • Without a good internet connection, the BDSysLog scanning efficiency may be significantly reduced.

    • If communication to Bitdefender Cloud Services is blocked due to poor connectivity, the high-priority files that would normally be uploaded to the cloud are instead stored locally in the bdsyslog.zip archive, together with the scan log.

  • This tool is available for Windows, Linux, and macOS operating systems.

Gather the information on Windows systems

To use BDSysLog on Windows and provide us with the necessary information, follow the steps below:

  1. Download the BDSysLog tool to the computer with issues.

  2. Run the BDSysLog_i.exe file.

  3. Click the Create log button to generate a log.

    A progress bar indicates the progress status. When complete, a Windows Explorer opens at the location of bdsyslog.zip. Usually, the archive is saved to the current user's Desktop or Public Desktop (C:\Users\Public\Desktop).

  4. Take a screenshot displaying the malware or the effects of the malware (if applicable).

  5. Update the security agent, if present on the computer.

  6. If your endpoint is protected by BEST, run a Full scan task as described in the Malware scan article and save the scan log.

  7. Include the scan log, if collected in the previous step, and the screenshot in the bdsyslog.zip archive.

  8. Submit the archive in a support ticket so the BDSysLog results can be reviewed for further analysis. For details, refer to Submitting BDSysLog results in a support ticket.

Gather the information on Linux or BSD systems

To use BDSysLog on Linux or BSD operating systems and provide us with the necessary information, follow the steps below:

  1. Verify your operating system distribution by running uname -s -m in a terminal.

  2. According to the output of the previous command, download the appropriate BDSysLog version:

    Important

    If you need to run BDSysLog on a different OS distribution, open a ticket to the Bitdefender Enterprise Support team and include the output of the uname -a command.

  3. Run the command that matches your OS and available package manager to install either gcc-13 or libasan8:

    Operating system

    Package manager

    Command

    Debian, Ubuntu, or any other Debian-based distribution

    apt

    apt install gcc-13 or apt install libasan8

    snap

    snap install gcc-13

    Fedora

    dnf

    dnf install gcc13

    RHEL, CentOS, Rocky Linux, or AlmaLinux

    dnf

    dnf install gcc-toolset-13 or dnf install libasan8

    OpenSuse

    zypper

    zypper install gcc13

    Arch Linux or any Arch-based distribution

    yay

    yay -S gcc13

    Tip

    If your package manager cannot locate these packages, try upgrading your OS.

  4. In the directory where you downloaded the BDSysLog file, run the following command to grant execute permissions:

    chmod 755 BDSysLog_i

  5. Run the following command to execute BDSysLog with administrator privileges:

    sudo ./BDSysLog_i

  6. When prompted, enter your admin password, then press Enter.

    Important

    • For security reasons, the password will not be displayed as you type.

    • The BDsysLog execution process may take several minutes to complete, depending on your system.

    • If you did not install libasan8 or gcc-13, you may encounter an error indicating that required shared libraries are missing.

  7. Once the scan finishes, verify that a new archive, bdsyslog.zip, has been created in the same directory as BDSysLog_i.

  8. Submit the previously generated archive in a support ticket so the BDSysLog results can be reviewed for further analysis. For details, refer to Submitting BDSysLog results in a support ticket.

Gather the information on macOS systems

To use BDSysLog on macOS and provide us with the necessary information, follow the steps below:

  1. Open the Terminal application on your Mac.

  2. Check your macOS version compatibility. To do this, follow these instructions provided by Apple, or run one of these commands in Terminal:

    • sw_vers -productVersion

    • defaults read /System/Library/CoreServices/SystemVersion.plist ProductVersion

    Note

    BDSysLog requires macOS 15.6.1 (Sequoia) or later.

  3. Identify your system architecture by running this command:

    uname -m

    bdsyslog_mac_68053_en.png

  4. Based on the output, download the appropriate BdSysLog version:

    Other architectures are not supported.

  5. In Terminal, navigate to the folder where the file was downloaded and set execute permissions by running this command:

    chmod 755 BDSysLog_i

  6. (Optional) If you want it to scan Safari and other protected locations, grant Full Disk Access permission to BdSysLog:

    1. Open the Apple menu and select System Settings.

    2. Select Privacy & Security.

    3. Scroll to Full Disk Access.

    4. Click the lock to authenticate as administrator.

    5. Click the + icon to add BDSyslog_i to the list of applications with Full Disk Access permission.

    6. Click OK and close the window.

  7. Run BDSysLog with elevated privileges by executing:

    sudo ./BDSysLog_i

  8. When prompted, enter your administrator password. The password will not be visible while you type.

  9. Wait for BDSysLog to complete its scan. This process may take several minutes depending on your system.

  10. Once the scan finishes, verify that a new archive, bdsyslog.zip, has been created in the same directory as BDSysLog_i.

  11. Submit the previously created archive in a support ticket so the BDSysLog results can be reviewed for further analysis. For details, refer to Submitting BDSysLog results in a support ticket.

Submitting BDSysLog results in a support ticket

To submit BDSysLog results in a support ticket so that Bitdefender Labs can continue troubleshooting, follow these steps:

  1. Go to the Contact Customer Care page.

  2. Fill in the information requested in the form. Be sure to provide us with the following information:

    • A description of the suspicious behavior that led you to believe that your computer is infected

    • The archive with the previously gathered information (uploaded via the Choose Files button)

      Important

      If the archive is bigger than 25 MB, mention that the logs are exceeding the upload size limit. You will receive a link that you can use to upload your files.

    Note

    All this information that you send to us will be used for malware analysis only and will be treated accordingly.

  3. Click Submit.

    A Bitdefender Support Engineer will contact you shortly.

In this section: