Question & Answer
What information needs to be submitted specifically with a QRadar app case?
To collect logs from the command line, root access is required. The get_logs.sh utility is available on every version of QRadar and is provided on every QRadar appliance. A further utility, qappmanager, provides additional information specific to the apps installed in the environment.
Steps for generating and collecting the logs:
- Use SSH to log in to the Console appliance (or All-in-One) as the root user.
- Enter the following command to generate a get_logs file:
- For administrators having application or extension issues, use the -a option to collect application logs on your Console and App Host (if one exists). The logs from both hosts are saved under the Console's get_logs output, so only the Console's get_logs output file needs to be uploaded.
- For a list of options that can be run, enter:
- The script informs you that the log was created and provides the name and the location, which is always the
- Copy the tar.gz file to a system that has access to an external network to upload your log file.
- Enter the following command on your App Host and save the output to a text file:
Note: If there is not an App Host installed, enter the command on your Console.
- Enter the following command on your Console and save the output to a text file:
- This command places you in a menu. To exit the qappmanager menu and return to the normal command prompt, enter 0.
- This command includes menu output that is not necessary to send to support. Ensure that you include all information indicated by the red box:
- Contact support to open a case.
- In the case, include a description of the issue (what is happening, when did it start, etc). Attach the get_logs file and the text files containing the command outputs for docker and qappmanager to the case for review.
Was this topic helpful?
15 November 2022