Question & Answer
How can you collect logs from the command line interface (get_logs.sh)?
To collect logs from the command line, root access is required. The get_logs.sh utility is available on every version of QRadar and is provided on every QRadar appliance. If you are having issues with a managed host, his utility should be used as a backup when the QRadar user interface is not available.
Steps for generating and collecting get_logs:
- Using SSH, log in to the Console appliance (or All-in-One) as the root user.
- Type the following command:
Notes: The script informs you that the log was created and provides the name and the location, which is always the /store/LOGS/ directory.
For administrators having application or extension issues, use the -a option to collect application logs with your Console log information. For a list of commands that can be run, type:
- Copy the tar.bz2 file to a system that has access to an external network to upload your log file.
- Log in to the support portal to make a service request - IBM Security QRadar SIEM.
- Click Open a new service request - sign in.
- Attach the get_log file to the service request ticket for review.
13 November 2018