01. What is the sos Report Command?
The sos report command performs a complete scanning and data-gathering, deep into the heart of your Linux system. It collects vital diagnostics information like —logs, configuration settings, hardware details and commands outputs— from across the system. With this report, administrators and engineers can peer into the intricate workings of their servers, seeking patterns in the chaos, much like a doctor uses MRI imaging to examine inside the human body. The command provides a snapshot, a detailed account of a moment in the life of your system, helping to decode the causes of poor performance, instability or malfunction. Such a tool is invaluable, for it helps to quickly find root cause and understanding of what might otherwise remain a problem.
1. Collecting System Information
When you run sos report, it executes a wide variety of plugins that collect system information from various subsystems, including:
- Hardware details: CPU, memory, disk, network devices, etc.
- Kernel information: Kernel version, modules, and logs.
- System logs: Logs from /var/log/, including system logs, service logs, and security logs.
- Configuration files: Important configuration files from services like Apache, MySQL, NFS, etc.
- Performance metrics: Information about system resource usage (CPU, memory, disk I/O, etc.).
- Installed packages: Lists of installed RPMs or DEBs, depending on the distribution.
- Network details: IP configurations, network interfaces, routing tables, firewall rules, and more.
2. Plugins System
The sos report tool uses a modular plugin architecture, where each plugin is responsible for collecting information about a specific subsystem (e.g., kernel, network, storage, etc.). This allows for targeted data collection and can be customized based on the system setup. Some important plugins include: (a more detailed list of plugins can be found in this article)
- network: Collects network-related information.
- memory: Gathers memory usage and swap details.
- storage: Collects disk and filesystem-related information.
3. Running the Command
- It will ask for confirmation to proceed.
- Optionally it may also ask for a case ID or ticket number (which is typically provided by support personnel).
- Optionally it can encrypt all the information gathered.
- Optionally, it can redact sensitive information (like IP addresses, hostnames, or passwords) if needed.
4. Generating the Report
Once executed, sosreport gathers all the data and compresses it into a single tarball (sosreport-HOSTNAME-DATE-ID.tar.xz). The report is usually saved in /var/tmp/ unless specified otherwise.
5. Customizing the Collection
You can customize what information is collected by using various options:
- Exclude certain plugins if they are irrelevant or collect too much data:
sudo sos report --skip-plugins network,storage.
- Limit specific commands or configurations using options like --profile to limit to specific areas (e.g., just gathering network diagnostics):
sudo sos report --profile network
6. Upload or Share with Support
After the report is generated, you typically send it to the support team. It contains all the relevant diagnostic information they need to analyze the system state without needing to access it directly.
In summary, the sos report command automates the process of collecting system information, combining configuration files, logs, and performance data into a single, easy-to-share archive. It’s a comprehensive tool that enables effective debugging and troubleshooting in complex environments.