The get_logs.sh utility will then run for a few minutes gathering all the logs and making one archive file with all the logs within. When the get_logs.sh command completes it will then display the full path to this generated archive file on the Siem machine, which can be sent to support for analysis.
- The command is: /opt/qradar/support/get_logs.sh
- If there is a C1 issue with a failed upgrade or install, you can add the -s argument to obtain all the setup files: /opt/qradar/support/support/get_logs.sh -s
- The get_logs.sh command is run on the Siem console machine in most cases.
- Also, prior to running get_logs.sh, it is more efficient to duplicate the issue and note the timestamp the issue was reproduced, then immediately run the get_logs.sh. When sending the get_logs file, please send us this timestamp. This allows us to isolate the timeframe of when the issue occurred within the log files more efficiently.
The size of this file may by too large to send to us via email. The Extreme Networks secure upload utility may need to be used to upload the file.