2 Working With the sos Command
The sos command collects information about a system such as hardware configuration, software configuration, and operational state. You can also use the sos report command to enable diagnostics and analytical functions on the current system.
The generated report is useful in cases where you're being helped by Oracle Support in troubleshooting a problem in the system. The support representative can use the report to obtain an exact picture of the system, its resources, and all the applications and processes that exist in the system, and all other data that can help find the causes of the issues you're experiencing.
The sos utility requires the installation of the sos
package. To install the package, type:
sudo dnf install sos
Running the sos Command
To obtain a list of options and arguments that you can use with the sos utility, type:
sos report -h
optional arguments:
-h, --help show this help message and exit
Global Options:
--batch Do not prompt interactively
--config-file CONFIG_FILE
specify alternate configuration file
...
Creating the SOS Report
To collect all diagnostic and configuration information from the system and its installed applications, run the following command:
sudo sos report
sosreport (sosreport version)
...
The generated archive may contain data considered sensitive and its
content should be reviewed by the originating organization before being
passed to any third party.
...
Press ENTER to continue, or CTRL-C to quit.
Every time you issue the sos utility, the utility always prompts you whether to continue or to quit. If you press Enter to continue, you can use an optional prompt to specify a case ID for the report.
Optionally, please enter the case id that you are generating this report for []:
If you're generating the report as related to a specific troubleshooting case, you can enter the case ID at this prompt.
After you have provided information as prompted, the command proceeds to generate the report, which can take a considerable time to complete. At the end of the process, the screen displays a message similar to the following:
Your sosreport has been generated and saved in:
/var/tmp/sosreport-hostname-case#-datestamp-ID.tar.xz
Size 20.62MiB
Owner root
sha256 428f7b4118acd2d349bb022946877d853aa0eefbb4d340af3839810dc634b8b7
Please send this file to your support representative.
The report is generated as an xa
-compressed tar
file in
the /var/tmp
directory. In the report's file name, the
ID is dynamicly created by the utility.
Important:
As indicated before, the report can be useful in cases where you engage Oracle Support to diagnose and troubleshoot issues that you have observed in the system. However, the report contains sensitive information specific to your company. Ensure that you review the contents of the report and identify sensitive information before sending the report to any third-party.
Hiding Sensitive Information in an SOS Report
To secure sensitive information before sending the report externally, you can use the clean functionality of the sos utility. This functionality tries to obfuscate any information in the report that's considered to be sensitive, such as the following information:
-
IPv4 addresses and networks (network topologies are retained)
-
MAC addresses
-
Host names
-
Usernames
-
Any words or phrases that you specify with the
--keyword
option
To use the sos clean utility on a generated report, type the following command and follow the prompts that are displayed:
sudo sos clean /var/tmp/sosreport-hostname-case#-datestamp-ID.tar.xz
...
Users should review any resulting data and/or archives generated or processed by
this utility for remaining sensitive content before being passed to a third
party.
Press ENTER to continue, or CTRL-C to quit.
At the end of the process, the screen displays a message similar to the following:
Successfully obfuscated 1 report(s)
A mapping of obfuscated elements is available at
/var/tmp/sosreport-host0-2022-08-08-qxbegcn-private_map
The obfuscated archive is available at
/var/tmp/sosreport-host0-2022-08-08-qxbegcn-obfuscated.tar.xz
Size 3.62MiB
Owner root
Please send the obfuscated archive to your support representative and keep the mapping file private
The resulting report that has been scrubbed of sensitive information is also stored in
/var/tmp
. However, the file name itself is revised. The hostname is
generic, and importantly, obfuscated
is added to the file name so you can
identify the clean version of the report.
Caution:
Consider the following about the sos clean
utility:
-
The
clean
functionality is a best-effort method to identify and then mask sensitive information. However, sos clean doesn't guarantee that the coverage of the masking process is complete in a specific system. -
Reports that are processed with the sos clean command obfuscate certain details which a third-party such as a support representative might need to provide better help when troubleshooting problems.
- You must always audit archives and reports that are generated by the
sos
utility before sending any of these files externally.
To automatically clean any sos
report that you create, use the following
command syntax when generating a report:
sudo sos report --clean
For more information, see the sos-report(1)
and
sos-clean(1)
manual pages. See also https://github.com/sosreport/sos/wiki.
Extra Sample Usages of the sos Command
The sos report command can also be used with other options. For example, to only list available plugins and plugin options in the report, type:
sudo sos report -l
The plugins that are displayed by the command are grouped according to the following sections:
- All enabled plugins
- All disabled plugins
- Available options for all the plugins
- Available plugin options
See the sos-report(1)
manual page for information about how to enable or
disable plugins and how to set values for plugin options.
You can also obtain only information specific to a problem area and specify options to tailor the report that's generated. For example, to record only information about Apache and Tomcat and to gather all the Apache logs, type:
sudo sos report -o apache,tomcat -k apache.log=on
To enable all the Boolean options for all the loaded plugins (excluding the
rpm.rpmva
plugin) and verify all packages:
sudo sos report -a -k rpm.rpmva=off
For more information, see the sos-report(1)
and
sos-clean(1)
manual pages. See also https://github.com/sosreport/sos/wiki.
Reviewing Information Gathered by sosreport
The sos command is automatically configured to collect hardware information, system configuration files, and log data. You can enable and disable modules to suit your own data protection needs.
Note:
The module information that's provided in this table relates to sos 3.9. To verify the modules you have installed, run the sos report command. The output includes the version of the sos utility that you're running.
Disabling modules prevents the sos command from collecting certain details that might be needed for advanced troubleshooting, such as networking information.
Module | Information Type | Included Files |
---|---|---|
|
Installation log files |
|
|
Audit log files |
|
|
System boot process details |
|
|
Root user cron commands |
|
|
Printer log files |
|
|
Context data |
|
|
Hardware details |
|
|
List of all files in use |
|
|
Kernel and system start-up configuration |
|
|
Hardware details |
|
|
Host identification |
|
|
System log files |
|
|
List of shared libraries |
|
|
System log files |
|
|
Hardware details |
|
|
Hardware details |
|
|
Network identification |
|
|
Login security settings |
|
|
Hardware details |
|
|
List of all running processes and process details |
|
|
Hardware details |
|
|
Installed software packages |
|
|
Resource and usage data |
|
|
Security settings |
|
|
All defined system services |
|
|
SSH configuration |
|
|
GUI logs for the X Window System |
|
|
Installed software packages |
|