Current ThreatQ Version Filter
 

Generating a Troubleshooting Package

ThreatQ allows you to generate a troubleshooting package using the TQAdmin tool.  The troubleshooting package contains multiple system logs that ThreatQ Support can use to identify issues and determine next steps for resolution.

Troubleshooting Package

Troubleshooting Package - Artisan Command
  1. Access the ThreatQ host command line via SSH or console.
  2. Change directories:
    cd /var/www/api/
  3. Run the following command:
    sudo php artisan threatq:get-debug-info

    The command for getting hardware info (hwinfo) may not be installed. In this case, an error message is shown, but the execution is not affected.

    You may get a tar notification about the laravel.log file being modified as it is read, this does not affect the process outcome.

    The process creates a file named debug_info.tar.zip in /var/tmp/.

  4. Send the file to ThreatQ Support and remove it from the host to conserve disk space.
Troubleshooting Package - TQAdmin

TQAdmin requires elevated privileges and must be run as root.

The TQAdmin troubleshooting package contains the following log files:

  • var/log/threatq/ var/log/threatq/migrate.log
  • var/log/threatq/websocket.log
  • var/log/threatq/add-search-vhost.log
  • var/log/threatq/api-schedule-run.log
  • var/log/threatq/solr-1.log.1.gz
  • var/log/threatq/tika.log
  • var/log/threatq/solr-0.log.1.gz
  • var/log/threatq/zookeeper-0.log
  • var/log/threatq/redis.log
  • var/log/threatq/solr-0.log.5.gz
  • var/log/threatq/solr-1.log.3.gz
  • var/log/threatq/mongodb.log
  • var/log/threatq/solr-0.log.4.gz
  • var/log/threatq/nginx.log
  • var/log/threatq/add-events-vhost.log
  • var/log/threatq/solr-0.log.2.gz
  • var/log/threatq/frontend.log
  • var/log/threatq/solr-0.log.3.gz
  • var/log/threatq/mariadb.log
  • var/log/threatq/php-fpm.log
  • var/log/threatq/taxii-server.log
  • var/log/threatq/solr-1.log.4.gz
  • var/log/threatq/operations-manager.log
  • var/log/threatq/upload-security-json.log
  • var/log/threatq/pynoceros-messenger.log
  • var/log/threatq/solr-1.log.5.gz
  • var/log/threatq/solr-1.log.2.gz
  • var/log/threatq/tq-dx.log
  • var/log/threatq/solr-0.log
  • var/log/threatq/solr-1.log
  • var/log/threatq/solr-metrics.log
  • var/log/threatq/opendxl-broker.log
  • var/log/threatq/rabbitmq.log
  • var/log/threatq/helpcenter.log
  • var/log/threatq/add-feeds-vhost.log
  1. Access the ThreatQ host command line via SSH or console.
  2. Run the following command:
    tqadmin troubleshoot full

    This command tars /var/log/threatq, bundles it with the troubleshoot package and sends the output to /tmp.

    You can add the --upload parameter to upload the troubleshooting package to the ThreatQ support site.

  3. Send the file to ThreatQ Support and remove it from the host to conserve disk space.

    If you untar the troubleshooting package, the system creates a tmp/systemCheck directory which contains the contents of the zip. 
    SystemCheck Directory