Reset Search
 

 

Article

Siem: How to Gather Logs From a Siem using get_logs.sh

« Go Back

Information

 
TitleSiem: How to Gather Logs From a Siem using get_logs.sh
Objective
  • How to gather logs from a Dragon Siem implementation.
Environment
  • Siem v7.x
Procedure
  • The command is:  /opt/qradar/support/get_logs.sh
  • If there is a C1 issue with a failed upgrade or install, you can add the -s argument to obtain all the setup files:  /opt/qradar/support/support/get_logs.sh -s
  • The get_logs.sh command is run on the Siem console machine in most cases.
  • Also, prior to running get_logs.sh, it is more efficient to duplicate the issue and note the timestamp the issue was reproduced, then immediately run the get_logs.sh.  When sending the get_logs file, please send us this timestamp.  This allows us to isolate the timeframe of when the issue occurred within the log files more efficiently.
The get_logs.sh utility will then run for a few minutes gathering all the logs and making one archive file with all the logs within.  When the get_logs.sh command completes it will then display the full path to this generated archive file on the Siem machine, which can be sent to support for analysis.

The size of this file may by too large to send to us via email.  The Extreme Networks secure upload utility may need to be used to upload the file.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255