IBM Support

App Logs

How To


App logs are stored in the /opt/app-root/store/log directory of your application's Docker container.


The /opt/app-root/store/log directory contains 6 log files by default:

The first 3 log files contain stdout and stderr from startup shell scripts that now execute during container startup:

  • contains the output from
  • contains the output from
  • contains the output from

The next 3 are for supervisord and the app itself:

  • app.log is the log file that is created by the qpylib library. Logging calls to the qpylib.log() method are written in the app.log file.
  • startup.log is the initial start-up log for the application. This log is useful for checking initialization of the app has completed successfully. It will show for example if flask has started without errors in this log
  • supervisord.log contains the stderr and stdout from supervisord process

Adding logging to your app

The IBM QRadar Python helper library (qpylib) contains two useful functions that you can use to add logging to your app.

The log() Function

Import the qpylib helper library into your app's to use the log() function. This function writes messages at your chosen log level to the /opt/app-root/store/log/app.log file.

In order to turn on logging your app must call qpylib.create_log() as part of its initialisation. Logging is set to INFO level by default. Lower level logging messages are ignored. In order to add the ability to set the log level you will need to add a log_level endpoint similar to the Hello World template sample app.

# This endpoint sets the app's minimum level for qpylib logging.
# Example call using curl:
#   curl -X POST -F "level=DEBUG" http://localhost:<port>/dev/log_level
@devbp.route('/log_level', methods=['POST'])
def log_level():
    level = request.form['level'].upper()
    levels = ['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL']

    if level in levels:
        return 'log level set to {0}'.format(level)

    return 'level value {0} missing or unsupported. Use one of {1}'.format(level, levels), 42

Once you have set up the log level function you will then be able to perform a POST to /log_level endpoint to change log level.

The log() function uses the following format:

def log(message, level='info'):
from qpylib import qpylib

#in precedence order from lowest level to highest
qpylib.log('debug message', level='debug')
qpylib.log('info message', level='info')
qpylib.log('warning message', level='warning')
qpylib.log('error message', level='error')
qpylib.log('critical message', level='critical')

The set_log_level() Function

You can use this function to set the current log level. This function is used by the POST /log_level endpoint but can also be called programmatically.

def set_log_level(log_level='info'):

Setting app log level

Use built-in routes to create HTTP requests download, view, and set log collection levels.

Assuming you are using qpylib logging and you are using a log_level endpoint like the one in the sample helloworld app. You can create your own targeted web requests to the app for the following route:

Table 1. Request route

Route Format Description
POST /log_level POST https://{console_ip}/console/plugins/{application_id}/app_proxy/log_level
form body: level = ‘INFO’
Dynamically define the level of logging that you want your app to capture. Post a form, with an attribute level that is set to one of the log level values to this endpoint. QRadar® dynamically reset the log collection levels in your/opt/app-root/store/log/app.log file.

Viewing Logs Within the Host Directory

All logs are located in the /opt/app-root/store/log directory of the container.

Document Location


[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
30 March 2021