IBM Security QRadar SOAR

 View Only
  • 1.  Increasing the retention period of logs in app.log

    Posted Thu January 21, 2021 07:32 AM
    Hi All,

    Is anyone aware of how we'd go about changing the log rotation settings?

    Tried looking in app.config but there's nothing there. Currently, the logs rotate every hour or so. Meaning we've got very little time to spot any issues and pull the logs before they're gone.

    Really could do with having the app.log file rotate once a day.

    TIA!

    ------------------------------
    Gareth P
    ------------------------------


  • 2.  RE: Increasing the retention period of logs in app.log

    Posted Fri January 22, 2021 04:43 AM
    Hi Gareth,

    I assume you are talking about the QRadar app? The log files are stored on the QRadar server along with the app.config on persisted storage. You can navigate to the directory /store/docker/volumes/qapp-<your app-id>. You could create a shell script that is called by cron to copy the circuits.log* every x hours to another directory. That would give you some history to resort to.

    ------------------------------
    BEN WILLIAMS
    ------------------------------



  • 3.  RE: Increasing the retention period of logs in app.log

    Posted Tue January 26, 2021 03:58 AM
    Hi Ben,

    Perfect, thank you! Just wanted to be sure there wasn't an alternative way of doing it. :)

    ------------------------------
    Gareth Pearson
    ------------------------------



  • 4.  RE: Increasing the retention period of logs in app.log

    Posted Thu February 09, 2023 11:17 AM

    What about the app.log of IBM Soar? How can I increase the file number of logs and/or they're size?

    Thanks



    ------------------------------
    Lucian Sipos
    ------------------------------