Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[JSA/STRM] Logs to collect before opening a support case with JTAC

0

0

Article ID: KB14166 KB Last Updated: 20 Sep 2019Version: 12.0
Summary:

This article provides information about the logs that are recommended to be collected before opening a JSA/STRM case with Juniper Technical Assistance Center (JTAC).

Symptoms:

What information is needed to troubleshoot JSA/STRM issues?

Solution:

A. Collecting log files from the CLI of JSA console

Run the JSA Tech Support script:

# sh /opt/qradar/support/get_logs.sh

The get_logs.sh script gathers all the logs and data needed for review and saves a log file in this location:

/var/log/logs_<hostname>_<YYYMMDD>.tar.bz2 or /store/LOGS/logs_<hostname>_<YYYMMDD>_random-number.tar.bz2

To encrypt this log file, run the script with the -e option:

Example:

sh /opt/qradar/support/get_logs.sh -e

This saves the log file in encrypted format: /store/LOGS/logs_jsa_20190915_b7ae85e4.tar.bz2.enc

To decrypt this file, copy it to a Linux host and run:

# openssl enc -d -blowfish -in filename -out logs.tgz -pass pass:[file_date]

Example:        

# openssl enc -d -blowfish -in /store/LOGS/logs_jsa_20190915_b7ae85e4.tar.bz2.enc -out logs.tgz -pass pass:20190915

Provide the tar.bz2.enc file when opening a JTAC case.

 

B. Collecting logs from the JSA webpage:

Starting from JSA 7.2.8 and later, you can collect troubleshooting logs from the JSA webpage:

  1. Navigate to Admin > in the System Configuration section. Click System and License Management > in the Display list. Then select Systems.
  2. If you have an HA-setup, click the HA host Actions > Collect Log Files.
  3. Click Advanced Options and select the options for the log file collection.
  4. Encrypted log file collections can be decrypted only by Support. If you want access to the log file collection, do not encrypt the file.
  5. Click Collect Log Files.
  6. Under System Support Activities Messages, a message indicates the status of the collection process. 
  7. To download the log file collection, wait for the "Log file collection completed successfully" notification, and click Click here to download files.


In addition to the get_logs script log file, provide the following information as well, depending on the issue:

  • For HA issues:

/opt/qradar/ha/ha.log
/opt/qradar/ha/ha.conf
  • For WebUI/Tomcat issues:

/opt/imq/var/instances/imqbroker/log/log.txt
/var/log/qradar-sql.log
/opt/tomcat5/logs/catalina.out
/opt/tomcat6/logs/catalina.out
/var/log/tomcat.log
  • For Setup issues, add the -s flag to the get_logs command:

sh /opt/qradar/support/get_logs.sh -s
  • For Flow issues:

/var/log/qflow.debug (for qflow related issue)
  • For DSM/VIS issue:

# rpm -qa | egrep -i dsm (if related to a DSM/Event issue) & XML export of the events in question (KB21646)
# rpm -qa | egrep -i vis (if related to a scanner issue)
  • For Hardware issues:

/var/log/messages/
tar of /store/LOGS folder

Output from the following:

# dmesg
# dmidecode
  • For License issues:

/opt/qradar/conf/license.key
  • For User Permission issues:

/opt/qradar/conf/user*.conf

Modification History:

2019-09-20: Removed commands that were applicable to older (EOL/EOS) versions of STRM

2019-07-06: Added method to collect logs from JSA webpage for versions 7.2.8 and later

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search