Hi Pablo,

First identify the container running the Resilient plugin and monitor the logs:

docker ps docker exec -it <container-id> bashtail -f /store/log/circuits.log

In a separate terminal, navigate the persistent storage directory and edit loglevel parameter = DEBUG:

cd /store/docker/volumes/qapp-<app-id>/vi app.config

The plugin should automatically restart when it detects a configuration change, giving the extra detail required. If the circuits.log is continually being overwritten, you can go back to your docker terminal and run the following additional steps can be taken:

1. Confirm you are in the right application by running ls /store and confirming that either of incident.json, resilient.db, app.config is present
2. Run ps -ef. Record PID of python run_circuits.py and /bin/bash /src_deps/init/circuits.sh
3. Kill those processes with kill -9 <PID of circuits.sh> <PID of run_circuits.py>. The order is important, first use kill with PID of /bin/bash /src_deps/init/circuits.sh
4. Make sure that loglevel=DEBUG in /store/app.config
5. Run env APP_CONFIG_FILE=/store/app.config python2.7 run_circuits.py > /store/log/circuits.log
6. Wait for it to fail and exit
7. Back up circuits.log by running mv /store/log/circuits.log /store/log/circuits.log.bac . This backup file should have the latest error.
   You can restart the plugin using the Interactive REST api, setting STATUS to RUNNING at

   POST - /gui_app_framework/applications/{application_id}

If the level of detail is still not enough or the error persists, it may be necessary to troubleshoot the QRadar instance to ensure it is in a fully functional state. The issue above seems related to backend certificate issues with the instance, rather than the plugin. Troubleshooting Qradar may require other support that can be found at:

https://w3.ibm.com/w3publisher/ctp-resources-qradar/customer-engagement

Thanks for reaching out, I hope this can be of assistance.

Kind regards,

Hi Pablo,

First identify the container running the Resilient plugin and monitor the logs:

docker ps docker exec -it <container-id> bashtail -f /store/log/circuits.log

In a separate terminal, navigate the persistent storage directory and edit loglevel parameter = DEBUG:

cd /store/docker/volumes/qapp-<app-id>/vi app.config

The plugin should automatically restart when it detects a configuration change, giving the extra detail required. If the circuits.log is continually being overwritten, you can go back to your docker terminal and run the following additional steps can be taken:

1. Confirm you are in the right application by running ls /store and confirming that either of incident.json, resilient.db, app.config is present
2. Run ps -ef. Record PID of python run_circuits.py and /bin/bash /src_deps/init/circuits.sh
3. Kill those processes with kill -9 <PID of circuits.sh> <PID of run_circuits.py>. The order is important, first use kill with PID of /bin/bash /src_deps/init/circuits.sh
4. Make sure that loglevel=DEBUG in /store/app.config
5. Run env APP_CONFIG_FILE=/store/app.config python2.7 run_circuits.py > /store/log/circuits.log
6. Wait for it to fail and exit
7. Back up circuits.log by running mv /store/log/circuits.log /store/log/circuits.log.bac . This backup file should have the latest error.
   You can restart the plugin using the Interactive REST api, setting STATUS to RUNNING at

   POST - /gui_app_framework/applications/{application_id}

If the level of detail is still not enough or the error persists, it may be necessary to troubleshoot the QRadar instance to ensure it is in a fully functional state. The issue above seems related to backend certificate issues with the instance, rather than the plugin. Troubleshooting Qradar may require other support that can be found at:

https://w3.ibm.com/w3publisher/ctp-resources-qradar/customer-engagement

Thanks for reaching out, I hope this can be of assistance.

Kind regards,

Hi Pablo,

First identify the container running the Resilient plugin and monitor the logs:

docker ps docker exec -it <container-id> bashtail -f /store/log/circuits.log

In a separate terminal, navigate the persistent storage directory and edit loglevel parameter = DEBUG:

cd /store/docker/volumes/qapp-<app-id>/vi app.config

The plugin should automatically restart when it detects a configuration change, giving the extra detail required. If the circuits.log is continually being overwritten, you can go back to your docker terminal and run the following additional steps can be taken:

1. Confirm you are in the right application by running ls /store and confirming that either of incident.json, resilient.db, app.config is present
2. Run ps -ef. Record PID of python run_circuits.py and /bin/bash /src_deps/init/circuits.sh
3. Kill those processes with kill -9 <PID of circuits.sh> <PID of run_circuits.py>. The order is important, first use kill with PID of /bin/bash /src_deps/init/circuits.sh
4. Make sure that loglevel=DEBUG in /store/app.config
5. Run env APP_CONFIG_FILE=/store/app.config python2.7 run_circuits.py > /store/log/circuits.log
6. Wait for it to fail and exit
7. Back up circuits.log by running mv /store/log/circuits.log /store/log/circuits.log.bac . This backup file should have the latest error.
   You can restart the plugin using the Interactive REST api, setting STATUS to RUNNING at

   POST - /gui_app_framework/applications/{application_id}

If the level of detail is still not enough or the error persists, it may be necessary to troubleshoot the QRadar instance to ensure it is in a fully functional state. The issue above seems related to backend certificate issues with the instance, rather than the plugin. Troubleshooting Qradar may require other support that can be found at:

https://w3.ibm.com/w3publisher/ctp-resources-qradar/customer-engagement

Thanks for reaching out, I hope this can be of assistance.

Kind regards,

Hi Pablo,

First identify the container running the Resilient plugin and monitor the logs:

docker ps docker exec -it <container-id> bashtail -f /store/log/circuits.log

In a separate terminal, navigate the persistent storage directory and edit loglevel parameter = DEBUG:

cd /store/docker/volumes/qapp-<app-id>/vi app.config

The plugin should automatically restart when it detects a configuration change, giving the extra detail required. If the circuits.log is continually being overwritten, you can go back to your docker terminal and run the following additional steps can be taken:

1. Confirm you are in the right application by running ls /store and confirming that either of incident.json, resilient.db, app.config is present
2. Run ps -ef. Record PID of python run_circuits.py and /bin/bash /src_deps/init/circuits.sh
3. Kill those processes with kill -9 <PID of circuits.sh> <PID of run_circuits.py>. The order is important, first use kill with PID of /bin/bash /src_deps/init/circuits.sh
4. Make sure that loglevel=DEBUG in /store/app.config
5. Run env APP_CONFIG_FILE=/store/app.config python2.7 run_circuits.py > /store/log/circuits.log
6. Wait for it to fail and exit
7. Back up circuits.log by running mv /store/log/circuits.log /store/log/circuits.log.bac . This backup file should have the latest error.
   You can restart the plugin using the Interactive REST api, setting STATUS to RUNNING at

   POST - /gui_app_framework/applications/{application_id}

If the level of detail is still not enough or the error persists, it may be necessary to troubleshoot the QRadar instance to ensure it is in a fully functional state. The issue above seems related to backend certificate issues with the instance, rather than the plugin. Troubleshooting Qradar may require other support that can be found at:

https://w3.ibm.com/w3publisher/ctp-resources-qradar/customer-engagement

Thanks for reaching out, I hope this can be of assistance.

Kind regards,