Question & Answer
Question
How do you set IBM QRadar Network Security (IQNS) debug logging?
Answer
Alpsd debugging
Notes:
Event response (eventsd) debugging
LUM and update debugging
Note: As an option you can enable the LUM MSL logging parameter:
SPA and heartbeat debugging
Note: As an option you can enable the SPA MSL logging parameter:
web Server and LMI debugging
- Log in to appliance via SSH.
- Type:
analysis debug<type in the needed debug level>
Debug level options:
0 - turns off debugging
1 - alpsd level 1 (event detection level)
2 - alpsd level 2 (verbose packet tracking level) - Reproduce issue after turn off debug logging.
Type:analysis debug 0 - Generate a support file.
Notes:
- Potential performance impact of debug logging on a busy sensor, which increases with logging levels implemented (2 would have a greater impact than 1, for example).
- It is importance that you set logging, reproduce the issue, and quickly turning off logging when finished. This is also important for debug level 2, as it can roll over logs quickly.
- Be sure that you turn off any debug logging before trying to generate the support file.
Event response (eventsd) debugging
- Open Advanced Tuning Parameters policy.
- Add the following parameter:
Name:events.debug.level
Value:2 - Reproduce issue and generate a support file.
- Remove parameter or set to 0 to turn off debug logging.
LUM and update debugging
- Open Advanced Tuning Parameters policy
- Add the following parameter:
Name:update.log.level
Value:2 - Log into the XGS via SSH and restart the License and Update service via the CLI.
Type:services restartand enter the index number of the entry "License and Update" then enterYES. - Reproduce issue and generate a support file.
- Remove parameter or set to 0 to turn off debug logging.
Note: As an option you can enable the LUM MSL logging parameter:
- Name:
msl.trace.lum
Value:true
SPA and heartbeat debugging
- Open Advanced Tuning Parameters policy.
- Add the following parameter:
Name:spad.debug.level
Value:2 - log in to the XGS via SSH and restart the SiteProtector Communication service via cli.
Type:services restartand enter the index number of the entry "SiteProtector Communication" then enterYES - Reproduce issue and generate a support file.
- Remove parameter or set to 0 to turn off debug logging.
Note: As an option you can enable the SPA MSL logging parameter:
- Name:
msl.trace.spa
Value:true
web Server and LMI debugging
- Open Advanced Tuning Parameters policy.
- Add the following parameter:
Name:lmi.debug.enabled
Value:1 - Save and deploy the policy. This restarts the LMI service automatically.
- Reproduce issue and generate a support file.
- Remove parameter or set to 0 to turn off debug logging.
[{"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Tuning Parameters","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Tuning Parameters","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.3.1;5.3.2;5.3.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
21 January 2021
UID
swg21987352