Carbon Black Cloud: How to fetch logs for CBC Qradar app 2.0

Carbon Black Cloud: How to fetch logs for CBC Qradar app 2.0

Environment

  • Carbon Black Cloud Web Console: All Versions
  • IBM QRadar: 7.3.3 patch level 6 and later
  • VMware Carbon Black Cloud App for IBM QRadar: 2.x

Objective

Retrieve app logs in QRadar while troubleshooting an issue with VMware Carbon Black Cloud App for IBM Qradar

Resolution

  • There are two logs types to collect: Qradar logs and app logs
    • For Qradar logs, follow IBM Qradar's Collecting Log Files article
    • For logs specific to the CBC Qradar app, follow IBM's App Troubleshooting page
      • The app lives in a docker container and has its own logs separate from the QRadar logs
      • Start by identifying the correct app container
      • Then gather all logs in the docker container: /opt/app-root/store/log

Additional Notes

This article is for general reference purposes
If any difficulties are encountered while gathering QRadar logs, please contact IBM QRadar for additional support

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎12-03-2021
Views:
204
Contributors