QRadar: Troubleshoot permission for the get_logs.sh script on QRadar appliances

Troubleshooting

Problem

/opt/qradar/support/get_logs.sh will fail if you run in non-root and certain sudo situations.

Symptom

When you are running the get_logs.sh script: /opt/qradar/support/get_logs.sh, the command line will fail to run without possibly displaying any messages. If you get an error message it will look like the example below:

[non_root@Qradar_725 root]# ERROR: Something happened attempting to get logs.

Cause

In environments with non-root users logging in, they can't generate a get_logs. They must sudo as root to run the /opt/qradar/support/get_logs.sh shell script.

Resolving The Problem

The resolution is to properly run sudo permissions when executing get_logs.sh

sudo su -

su -

when you run as sudo su or su without the dash, your environment variables are not present and output of get_logs.sh will not run properly.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Documentation","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: Troubleshoot permission for the get_logs.sh script on QRadar appliances

Troubleshooting

Problem

Symptom

Cause

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?