Question & Answer
Question
QRadar: How to verify the application framework docker images are installed and running?
Cause
The QRadar® applications live in docker containers, and one of the first troubleshooting steps is to determine whether the docker image is installed and its status.
Answer
If the applications are running on the Console, you can see the installed applications containers and the app framework containers in QRadar 7.5.x.
If you have an App Host in the deployment and that is where the apps are running, run the commands on the App Host to get the installed applications container status.
To see the installed docker images
Example 7.5.x (Console):
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZ
console.localdeployment:5000/qradar-app-base 2.1.8 7376168d463b 20 months ago 369MB
Note: If there is no App Host in the deployment, you see on the Console all containers (apps and framework).
Example 7.5.x (App Host):
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
console.localdeployment:5000/qapp/1054 2.1.2-20200404154856 0c2ae57ee761 3 weeks ago 473MB
console.localdeployment:5000/qapp/1251 5.0.1-20200404154351 02391967b258 3 weeks ago 395MB
console.localdeployment:5000/qapp/1302 2.2.1-20200404154058 a14464adbfb0 3 weeks ago 551MB
console.localdeployment:5000/qapp/1055 1.1.2-20200404151957 14a1f92759e1 3 weeks ago 401MB
To see the containers status
Example 7.5.x (Console):
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c98f591f5ab8 console.localdeployment:5000/qapp/3053:1.3.0-20240123053643 "sh /opt/app-root/bi…" 10 minutes ago Up 10 minutes 0.0.0.0:35141->5000/tcp qapp-3053-qardFrNy
Example 7.5.x (App Host):
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6d0dc553f54b console.localdeployment:5000/qapp/5101:4.1.14-20231207103959 "sh /opt/app-root/bi…" About an hour ago Up About an hour 0.0.0.0:49155->5000/tcp, :::49155->5000/tcp qapp-5305-yB2r1ynG
fb61d865b518 console.localdeployment:5000/qapp/5102:4.1.14-20231207105036 "sh /opt/app-root/bi…" About an hour ago Up About an hour 0.0.0.0:49154->5000/tcp, :::49154->5000/tcp qapp-5154-RvzLQ6mN
e79c22b7e20a console.localdeployment:5000/qapp/5151:2.0.0-20231027075949 "sh /opt/app-root/bi…" About an hour ago Up About an hour 0.0.0.0:49153->5000/tcp, :::49153->5000/tcp qapp-5201-UEkR5POK
To further troubleshoot with Recon, see this document: QRadar: How to use recon to troubleshoot QRadar applications.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
11 March 2024
UID
ibm16191187