Question & Answer
Question
What is the all_servers.sh utility in /opt/qradar/support and how do administrators use it?
Answer
Warning: Using all_servers.sh as a file manipulation tool can be destructive and could have consequential results. Use extra caution you use this tool for file manipulation. When in doubt, contact Customer Support for guidance.
The all_servers.sh command is a powerful tool that can issue commands to all QRadar appliances within your deployment.
The all_servers.sh command is a powerful tool that can issue commands to all QRadar appliances within your deployment.
- To display all help options for the all_servers.sh script, enter:
/opt/qradar/support/all_servers.sh -h
- To move a file to the /storetmp on all appliances in the deployment, enter:
/opt/qradar/support/all_servers.sh -p <file>
With the -r option, you can choose an alternative remote directory./opt/qradar/support/all_servers.sh -p <file> -r <remote_directory>
- To copy a remote file from all appliances, enter the following command. This option can be used for getting copies of files or logs from all appliances.
/opt/qradar/support/all_servers.sh -g
- To check disk space and redirect the output to a file called DiskSpace.txt, enter:
/opt/qradar/support/all_servers.sh -C "df -h" > DiskSpace.txt
x.x.x.x -> QRadar728.ibm.com Appliance Type: 3100 Product Version: 7.2.8.20171213225424 13:41:07 up 2:36, 1 user, load average: 7.01, 6.98, 6.44 ------------------------------------------------------------------------ Filesystem Size Used Avail Use% Mounted on /dev/sda7 20G 16G 3.2G 83% / tmpfs 31G 0 31G 0% /dev/shm /dev/sda1 93M 47M 42M 54% /boot /dev/sda8 145G 20G 126G 14% /store /dev/sda6 9.7G 1.5G 7.8G 16% /store/tmp /dev/sda9 38G 36M 38G 1% /store/transient /dev/sda5 9.8G 1.3G 8.0G 14% /var/log /dev/sda3 6.0G 3.5G 2.2G 62% /recovery
- To locate a specific string within the /var/log/qradar.log file on all QRadar appliances, a command like the following can be used. In this example, we are searching for the word deploy:
/opt/qradar/support/all_servers.sh -C 'grep -i "deploy" /var/log/qradar.log | tail -n 10'
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
14 November 2022
UID
swg21978283