General Page
IBM QRadar apps live in docker containers and have their own logs, which are separate from the QRadar logs. The QRadar logs only container messages and errors around the container infrastructure. For example, "failed app installs or apps are not running". For specific app issues, the app logs contain useful messages and errors.
Steps
To connect to a specific app container, follow these steps:
- SSH into the QRadar console as the admin.
- From the command line, run the following command where the apps are running from to display all the app containers. Insert the <app id> of the apps logs you wish to view.
cd /store/docker/volumes/qapp_<appid>/log - Once you are inside the app directory, you can open any of the log files. The app.log usually contains the most relevant information but each app has different log files, which can all store useful messages and errors. To open a file run:
less app.log
Result
The most recent log information is displayed.
Parent Topic:
-> QRadar App Troubleshooting
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSV4BL","label":"IBM QRadar"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
19 December 2022
UID
ibm16256046