You can set logging levels to ERROR, WARN, INFO, or DEBUG.
About this task
Set logging levels for specific deployments, such as:
reaqta-hive-claudio
reaqta-hive-graph-similarity
reaqta-hive-graph-similarity-gui
reaqta-hive-maia
reaqta-hive-policycompiler
reaqta-hive-yogi
Procedure
- To set the logging level for a service, run the following command and replace the
deployment and level arguments with the relevant values.
cpctl -n <qradar_edr_namespace> diagnostics set_logging_levels --token="$(oc whoami -t)" --application=reaqta-hive --deployment=<DEPLOYMENT NAME> --level=<LEVEL>
Replace
<LEVEL> with one of the following values:
Important: Running this command causes the component to restart.
For example, for the
reaqta-hive-maia component, the following message is an
example of the
command:
cpctl -n <qradar-edr-namespace> diagnostics set_logging_levels --token="$(oc whoami -t)" --application=reaqta-hive --deployment=reaqta-hive-maia --level=warn
The following message is an example of the
output.
Executing playbook set_logging_levels.yaml
- localhost on hosts: localhost -
Gathering Facts...
localhost ok
assert...
localhost ok: {
"changed": false,
"msg": "Log level validation passed"
}
[Login] Validate...
[Login] Token...
localhost done | stdout:
[INFO] Logging in via token...
prepare...
localhost ok
datalake logging...
completed check for datalake logging...
set soar logging level...
completed check for soar logging...
set logging for given deployment...
localhost done | stdout: Update CP4S log levels:
Updating reaqta-hive-maia
configmap/reaqta-hive-maia patched
deployment.apps/reaqta-hive-maia patched
set logging for given deployment...
- Play recap -
localhost : ok=5 changed=2 unreachable=0 failed=0 rescued=0 ignored=0
- Optional: To set the class and package level for the
reaqta-hive-event-hive service, run the following command and replace the
deployment and level arguments with the relevant values.
CAUTION:
This option requires internal knowedge of the software; follow this step only
if advised by IBM Support.
cpctl -n <qradar_edr_namespace> diagnostics set_logging_levels --application=reaqta --package=<PACKAGE OR CLASS NAME> --level=<LEVEL> --token=$(oc whoami -t)
Replace
<LEVEL> with one of the following values:
The following command is an example with the
debug
level.
cpctl -n <qradar_edr_namespace> diagnostics set_logging_levels --application=reaqta --package=com.reaqta.eventhive.Routes --level=DEBUG --token=$(oc whoami -t)
The following message is an example of the output.
Executing playbook set_logging_levels.yaml
- localhost on hosts: localhost -
Gathering Facts...
localhost ok
assert...
localhost ok: {
"changed": false,
"msg": "Log level validation passed"
}
[Login] Validate...
[Login] Token...
localhost done | stdout:
[INFO] Logging in via token...
prepare...
localhost ok
datalake logging...
completed check for datalake logging...
reaqta logging...
localhost ok
DataLake logging...
XDRCC logging...
ReaQta logging...
localhost ok
included: /etc/ansible/roles/common/set_logging_levels/tasks/reaqta.yml for localhost
set_fact...
localhost ok
Look up loggers in configmap reaqta-hive-event-hive-config...
localhost ok
Update Resource Data...
Setting deployment: reaqta-hive-event-hive-config in namespace: cp4s with group: com.reaqta.eventhive.Routes to: DEBUG
localhost done
Apply new logging config...
localhost done | item: reaqta-hive-event-hive-config, cp4s
localhost done
completed check for reaqta logging...
localhost ok
set soar logging level...
completed check for soar logging...
datalake logging...
completed check for datalake logging...
set logging for given deployment...
set logging for given deployment...
- Play recap -
localhost : ok=10 changed=3 unreachable=0 failed=0 rescued=0 ignored=0