IBM Support

QRadar: Monitor Hostcontext processes with



How can you monitor or check the status of Hostcontext processes? This article defines and provides steps for running the script.


The is a script to monitor and display the status of the Hostcontext processes. When starting services, patching, and upgrades, this script shows whether a process is running or stopped. This script runs on managed hosts or a primary host of any High Availability (HA) appliance. This script cannot run on secondary HA appliances, even if the secondary system is set to the active host.
  • Different sub-services of Hostcontext run on the various managed hosts in QRadar.
  • By default, this script refreshes every 10 seconds.
  • By default, this script stops after 20 minutes whether or not all processes are running.
  • The script ends once all processes are in the running status.
Services dependent on Hostcontext  
  1.     ECS (Event Correlation Service)
    • ECS-EC (Event Correlation Service – Event Collector)
    • ECS-EP (Event Correlation Service – Event Processor) 
    • ECS-Ingress (7.3.1+)
  2.     Ariel
    • Ariel Proxy Server
    • Ariel Query Server
  3.     Accumulator
    • Accumulator Rollup
  4.     Reporting Executor
    • Report Runner
  5.     Historical Correlation Engine
  6.     Offline Forwarder
  7.     ARC Builder
  8.     VIS (Vulnerability Integration Service


Resolving The Problem

To run the script
  1. Using SSH, log in to the Console as the root user.
  2. To verify the status of services, type: /opt/qradar/upgrade/util/setup/upgrades/

Example of the script on a Console
Example of the script on an Event Processor

Document Location


[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"Support Tools","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
07 January 2021