Home
SoS (also referred to as sosreport) is an extensible, portable, support data collection tool primarily aimed at Linux distributions and other UNIX-like operating systems.
SoS has several functionalities built into it:
-
reportserves to collect diagnostic data for review by support engineers/sysadmins -
collectallows users to collect areportfrom multiple nodes, presumably a cluster of some sort -
cleanallows users to consistently obfuscate sensitive data such as networking information from generated reports
sos report operates on the concepts of plugins, one for each area or subsystem that you want to collect data from. By default, plugins are dynamically run based on conditions on the system it's running on. Currently sos report is only designed to be run as root.
Plugins can run based on:
- Installed packages (generally recommended method)
- Certain files existing
- Commands existing in PATH
Each plugin can specify
- Files to collect
- Commands to run
- Journal logs to collect
Confidentiality Protections
- will attempt to sanitize passwords from the system that it knows about
- provides the ability to disable certain plugins (-n flag)
sos collect uses the concept of cluster profiles, similar in design to report plugins, to identify what type of clustering technology is used on a given system and to then enumerate the other systems that makes up the cluster.
From there, SoS will connect to each remote node via SSH, generate a report on that node, and then copy it back to the user's system that sos collect was run from.
Currently supported cluster types include:
- Pacemaker
- oVirt (RHV)
- Community Kubernetes
- OpenShift v3
- Red Hat Satellite
Users may also specify an arbitrary set of nodes to collect from.
sos clean aims to obfuscate potentially sensitive information from reports. It may be run either during the generating of a report via the sos report --clean option, or may be run after the fact directly.
Types of information currently obfuscated by clean incldues:
- IPv4 addresses and networks (with network topologies retained)
- MAC addresses
- Hostnames
- Usernames
- User-provided keywords
- To get a full listing of options for sosreport run the following:
sos report -h - To get a full listing of available plugins and their options run the following:
sos report -l - For most situations it's best to run sos with the default set of plugins enabled:
[jake@terra sos]$ sudo sos report
sosreport (version 4.0)
This command will collect system configuration and diagnostic
information from this Fedora system.
For more information on the Fedora Project visit:
https://fedoraproject.org/
The generated archive may contain data considered sensitive and its
content should be reviewed by the originating organization before being
passed to any third party.
No changes will be made to system configuration.
Press ENTER to continue, or CTRL-C to quit.
If you don't want to be prompted for information while sos runs use batch mode:
[jake@terra sos]$ sudo sos report --batch
sosreport (version 4.0)
This command will collect system configuration and diagnostic
information from this Fedora system.
For more information on the Fedora Project visit:
https://fedoraproject.org/
The generated archive may contain data considered sensitive and its
content should be reviewed by the originating organization before being
passed to any third party.
No changes will be made to system configuration.
Setting up archive ...
Setting up plugins ...
Starting 1/117 abrt [Running: abrt]
Starting 2/117 alternatives [Running: abrt alternatives]
Starting 3/117 anaconda [Running: abrt alternatives anaconda]
Starting 4/117 anacron [Running: abrt alternatives anaconda anacron]
Starting 5/117 apache [Running: abrt alternatives anaconda apache]
Starting 6/117 ata [Running: abrt alternatives apache ata]
[...]
Finishing plugins [Running: process systemd yum]
Finishing plugins [Running: process yum]
Finishing plugins [Running: yum]
Finished running plugins
Creating compressed archive...
Your sosreport has been generated and saved in:
/var/tmp/sosreport-terra-2020-12-09-curocll.tar.xz
Size 28.26MiB
Owner root
md5 556a72de9f9a4534c1b7c57f5219f099
Please send this file to your support representative.
[jake@terra sos]$
Just extract the archive and take a look or use the --build flag to not make an archive and leave the temporary directory.
You can get an overview by looking at the sos_reports/sos.txt and sos_reports/sos.html. Using sos.html allows you to click on the file in one click.
For example apparmor plugin has:
apparmor
========================================================================
- commands executed:
* apparmor_status
* ls -alh /etc/apparmor.d/abstractions
* ls -alh /etc/apparmor.d/libvirt
- files copied:
* /etc/apparmor.d/usr.sbin.cups-browsed
* /etc/apparmor.d/disable/usr.bin.firefox
* /etc/apparmor.d/usr.bin.firefox
* /etc/apparmor.d/snap.core.4917.usr.lib.snapd.snap-confine
* /etc/apparmor.d/nvidia_modprobe
* /etc/apparmor.d/usr.sbin.tcpdump
* /etc/apparmor.d/usr.bin.firefox
* /etc/apparmor.d/tunables/securityfs
A more detailed review can be done by looking at sos_reports/manifest.json which will record all copied files, commands run, the file locations in the archive of each, as well as a host of other metadata, for example:
{
"version": "4.0",
"cmdline": "report -o abrt --batch",
"start_time": "2020-12-09 10:15:45.035644",
"end_time": "2020-12-09 10:15:47.549699",
"run_time": "0:00:02.514055",
"compression": "auto",
"policy": "Fedora",
"components": {
"report": {
[...]
"plugins": {
"abrt": {
"start_time": "2020-12-09 15:17:26.988828",
"end_time": "2020-12-09 15:17:27.156536",
"run_time": "0:00:00.167708",
"setup_start": "2020-12-09 15:16:57.748917",
"setup_end": "2020-12-09 15:16:57.886188",
"setup_time": "0:00:00.137271",
"timeout_hit": false,
"commands": [
{
"command": "abrt-cli",
"parameters": [
"list"
],
"exec": "abrt-cli list",
"filepath": "sos_commands/abrt/abrt-cli_list",
"return_code": 0,
"run_time": 0.13386058807373047,
"tags": [
"abrt-cli"
]
},
{
"command": "abrt-cli",
"parameters": [
"status"
],
"exec": "abrt-cli status",
"filepath": "sos_commands/abrt/abrt-cli_status",
"return_code": 0,
"run_time": 0.11269283294677734,
"tags": [
"abrt-cli"
]
}
],
"files": [
{
"specification": "/etc/abrt/abrt.conf",
"files_copied": [
"etc/abrt/abrt.conf"
],
"tags": [
"abrt_conf"
]
}
]
}
}
}
}
}
- Our mailing list: http://www.redhat.com/mailman/listinfo/sos-devel
- Also IRC: irc.freenode.net/#sosreport