IBM Security QRadar

 View Only
  • 1.  QRadar JMX.SH

    Posted Fri January 15, 2021 03:50 AM
    Hi everyone,

    I want to know the usage of the jmx.sh script at QRadar. 

    Can you guys type the issues you have encountered and with which purpose you use this script to troubleshoot it?

    Thank you in advance for your sharings.

    Regards.

    ------------------------------
    Halil BALIM
    ------------------------------


  • 2.  RE: QRadar JMX.SH

    Posted Mon February 22, 2021 03:51 PM
    Hello Halil,

    I am a QRadar L3 Developer.  The script is mainly used for troubleshooting, although it does have some uses outside of troubleshooting.  The workflow of using this script would be something like this:
    • run the script with a -l flag to list the services that you can connect to, and the port with which you connect. 
    • run the script with a -p flag using one of the ports we found from the command above.  For example, this command will connect to ecs-ec:
      • /opt/qradar/support/jmx.sh -p 7777
    • by default, the script lists the available 'mbeans' for the service.  'mbeans' can be used to get more information from a service.  For example, this command will list information able DSMs running on the box:
      • /opt/qradar/support/jmx.sh -p 7777 -b 'com.q1labs.sem:application=ecs-ec.ecs-ec,type=filters,name=DSM,id=*'
      • the above command can be useful in finding DSMs that have high parse times, which may indicate a problem and deserves investigation.

    I use jmx.sh on a regular basis to troubleshoot different aspects of a client's pipeline.  There are many mbeans in the product;  look around, you may find something useful.

    ------------------------------
    Clint Gardiner
    ------------------------------