Collecting log files

IBM® QRadar® log files contain detailed information about your deployment, such as hostnames, IP addresses, and email addresses. If you need help with troubleshooting, you can collect the log files and send them to IBM Support.

About this task

You can collect the log files for one or more host systems at the same time. Depending on the size of your deployment and the number of managed hosts, collecting the log files might take a while. The QRadar console log files are automatically included in each log file collection.

You can continue to use the QRadar console while the log file collection is running. If the system is actively collecting log files, you can't begin a new collection request. Cancel the active collection process and start another collection.

When the log file collection process completes, a system notification appears on the System Monitoring dashboard.

Procedure

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. In the System Configuration section, click System and License Management.
  3. In the Display list, select Systems.
  4. Select the hosts in the host table.
  5. Click Actions > Collect Log Files.
  6. Click Advanced Options and choose the options for the log file collection.
    Important: Changed in 7.4.2 If you choose the Encrypt compressed file option, you must enter a password for the log file. If you are sending encrypted log files to IBM Support, you must also provide the password so that the log files can be decrypted.

    In previous releases, you could not specify a password and encrypted log files could only be decrypted by IBM Support.

  7. Click Collect Log Files.

    Check the status of the collection process in the System Support Activities Messages section.

  8. To download the log file collection, wait for the Log file collection completed successfully notification, and then click the click here to download file link.