Skip to content
Jake Hunsaker edited this page Dec 9, 2020 · 24 revisions

SoS (also referred to as sosreport) is an extensible, portable, support data collection tool primarily aimed at Linux distributions and other UNIX-like operating systems.

SoS has several functionalities built into it:

  • report serves to collect diagnostic data for review by support engineers/sysadmins
  • collect allows users to collect a report from multi nodes, presumably a cluster of some sort
  • clean allows users to consistently obfuscate sensitive data such as networking information from generated reports

Report

sos report operates on the concepts of plugins, one for each area or subsystem that you want to collect data from. By default, plugins are dynamically run based on conditions on the system it's running on. Currently sos report is only designed to be run as root.

Plugins can run based on:

  • Installed packages (generally recommended method)
  • Certain files existing
  • Commands existing in PATH

Each plugin can specify

  • Files to collect
  • Commands to run
  • Journal logs to collect

Confidentiality Protections

  • will attempt to sanitize passwords from the system that it knows about
  • provides the ability to disable certain plugins (-n flag)

Collect

sos collect uses the concept of cluster profiles, similar in design to report plugins, to identify what type of clustering technology is used on a given system and to then enumerate the other systems that makes up the cluster.

From there, SoS will connect to each remote node via SSH, generate a report on that node, and then copy it back to the user's system that sos collect was run from.

Currently supported cluster types include:

  • Pacemaker
  • oVirt (RHV)
  • Community Kubernetes
  • OpenShift v3
  • Red Hat Satellite

Users may also specify an arbitrary set of nodes to collect from.

Clean

sos clean aims to obfuscate potentially sensitive information from reports. It may be run either during the generating of a report via the sos report --clean option, or may be run after the fact directly.

Types of information currently obfuscated by clean incldues:

  • IPv4 addresses and networks (with network topologies retained)
  • MAC addresses
  • Hostnames
  • Usernames
  • User-provided keywords

For Users

Running a report

  • To get a full listing of options for sosreport run the following: sos report -h
  • To get a full listing of available plugins and their options run the following: sos report -l
  • For most situations it's best to run sos with the default set of plugins enabled:
[jake@terra sos]$ sudo sos report

sosreport (version 4.0)

This command will collect system configuration and diagnostic
information from this Fedora system.

For more information on the Fedora Project visit:

  https://fedoraproject.org/

The generated archive may contain data considered sensitive and its
content should be reviewed by the originating organization before being
passed to any third party.

No changes will be made to system configuration.


Press ENTER to continue, or CTRL-C to quit.

If you don't want to be prompted for information while sos runs use batch mode:

[jake@terra sos]$ sudo ./bin/sos report --batch

sosreport (version 4.0)

This command will collect system configuration and diagnostic
information from this Fedora system.

For more information on the Fedora Project visit:

  https://fedoraproject.org/

The generated archive may contain data considered sensitive and its
content should be reviewed by the originating organization before being
passed to any third party.

No changes will be made to system configuration.



 Setting up archive ...
 Setting up plugins ...

  Starting 1/117 abrt            [Running: abrt]
  Starting 2/117 alternatives    [Running: abrt alternatives]
  Starting 3/117 anaconda        [Running: abrt alternatives anaconda]
  Starting 4/117 anacron         [Running: abrt alternatives anaconda anacron]
  Starting 5/117 apache          [Running: abrt alternatives anaconda apache]
  Starting 6/117 ata             [Running: abrt alternatives apache ata]
[...]
  Finishing plugins              [Running: process systemd yum]
  Finishing plugins              [Running: process yum]
  Finishing plugins              [Running: yum]

  Finished running plugins

Creating compressed archive...

Your sosreport has been generated and saved in:
	/var/tmp/sosreport-terra-2020-12-09-curocll.tar.xz

 Size	28.26MiB
 Owner	root
 md5	556a72de9f9a4534c1b7c57f5219f099

Please send this file to your support representative.

[jake@terra sos]$

Can I see what it is collecting?

Just extract the archive and take a look or use the --build flag to not make an archive and leave the temporary directory.

You can get an overview by looking at the sos_reports/sos.txt and sos_reports/sos.html. Using sos.html allows you to click on the file in one click.

For example apparmor plugin has:

apparmor
========================================================================
-  commands executed:
  * apparmor_status
  * ls -alh /etc/apparmor.d/abstractions
  * ls -alh /etc/apparmor.d/libvirt
-  files copied:
  * /etc/apparmor.d/usr.sbin.cups-browsed
  * /etc/apparmor.d/disable/usr.bin.firefox
  * /etc/apparmor.d/usr.bin.firefox
  * /etc/apparmor.d/snap.core.4917.usr.lib.snapd.snap-confine
  * /etc/apparmor.d/nvidia_modprobe
  * /etc/apparmor.d/usr.sbin.tcpdump
  * /etc/apparmor.d/usr.bin.firefox
  * /etc/apparmor.d/tunables/securityfs

A more detailed review can be done by looking at sos_reports/manifest.json which will record all copied files, commands run, the file locations in the archive of each, as well as a host of other metadata, for example:

{
    "version": "4.0",
    "cmdline": "report -o abrt --batch",
    "start_time": "2020-12-09 10:15:45.035644",
    "end_time": "2020-12-09 10:15:47.549699",
    "run_time": "0:00:02.514055",
    "compression": "auto",
    "policy": "Fedora",
    "components": {
        "report": {
[...]
            "plugins": {
                "abrt": {
                    "start_time": "2020-12-09 15:17:26.988828",
                    "end_time": "2020-12-09 15:17:27.156536",
                    "run_time": "0:00:00.167708",
                    "setup_start": "2020-12-09 15:16:57.748917",
                    "setup_end": "2020-12-09 15:16:57.886188",
                    "setup_time": "0:00:00.137271",
                    "timeout_hit": false,
                    "commands": [
                        {
                            "command": "abrt-cli",
                            "parameters": [
                                "list"
                            ],
                            "exec": "abrt-cli list",
                            "filepath": "sos_commands/abrt/abrt-cli_list",
                            "return_code": 0,
                            "run_time": 0.13386058807373047,
                            "tags": [
                                "abrt-cli"
                            ]
                        },
                        {
                            "command": "abrt-cli",
                            "parameters": [
                                "status"
                            ],
                            "exec": "abrt-cli status",
                            "filepath": "sos_commands/abrt/abrt-cli_status",
                            "return_code": 0,
                            "run_time": 0.11269283294677734,
                            "tags": [
                                "abrt-cli"
                            ]
                        }
                    ],
                    "files": [
                        {
                            "specification": "/etc/abrt/abrt.conf",
                            "files_copied": [
                                "etc/abrt/abrt.conf"
                            ],
                            "tags": [
                                "abrt_conf"
                            ]
                        }
                    ]
                }
            }
        }
    }
}

For Developers

Developer guides

Submitting patches and pull requests

Stay in touch