System Information Collected by Red Hat Insights

What's new

The following changes to what information is collected have been made since July 21, 2017.

Additions

Files

/etc/security/limits.conf

Commands

/bin/lsinitrd /boot/initramfs-kdump.img -f /etc/sysctl.conf /etc/sysctl.d/*.conf
/usr/bin/find /sys/bus/pci/devices/*/mlx4_port[0-9] -print -exec cat {} \;

Overview

Red Hat Insights must collect some system information for analysis. The information listed in this document is the minimum subset required to determine if a system is affected by any of the issues known to the Red Hat Insights engine.

In the interest of full transparency, the information collected by the client is listed below in subheadings. The actual configuration file used by the Red Hat Insights client is here.

Files collected in their entirety

/boot/efi/EFI/redhat/grub.cfg
/boot/grub/grub.conf
/boot/grub2/grub.cfg
/etc/modprobe.conf
/etc/audit/auditd.conf
/etc/ceilometer/ceilometer.conf
/etc/chrony.conf
/etc/cinder/cinder.conf
/etc/fstab
/etc/haproxy/haproxy.cfg
/etc/heat/heat.conf
/etc/hosts
/etc/httpd/conf.d/.+.conf
/etc/httpd/conf/httpd.conf
/etc/kdump.conf
/etc/modprobe.d/.*.conf
/etc/multipath.conf
/etc/my.cnf.d/galera.cnf
/etc/neutron/plugin.ini
/etc/nova/nova.conf
/etc/ntp.conf
/etc/origin/node/node-config.yaml
/etc/pam.d/password-auth
/etc/pam.d/vsftpd
/etc/rc.d/rc.local
/etc/redhat-access-insights/machine-id
/etc/redhat-access-insights/machine-id
/etc/redhat-release
/etc/redhat_access_proactive/machine-id
/etc/resolv.conf
/etc/rhn/rhn.conf
/etc/security/limits.conf
/etc/security/limits.d/.*
/etc/security/limits.d/.*-nproc.conf
/etc/selinux/config
/etc/sysconfig/corosync
/etc/sysconfig/docker
/etc/sysconfig/docker-storage-setup
/etc/sysconfig/iptables
/etc/sysconfig/netconsole
/etc/sysconfig/network-scripts/ifcfg-.*
/etc/sysconfig/ntpd
/etc/sysconfig/rhn/rhn-entitlement-cert.xml.*
/etc/sysconfig/rhn/up2date
/etc/sysctl.conf
/etc/systemd/journald.conf
/etc/systemd/journald.conf.d/.+.conf
/etc/systemd/system.conf
/etc/vdsm/vdsm.conf
/etc/vdsm/vdsm.id
/etc/xinetd.conf
/etc/xinetd.d/.*
/etc/yum.conf
/etc/yum.repos.d/.*.repo
/etc/yum/pluginconf.d/\w+.conf
/proc/cmdline
/proc/cpuinfo
/proc/driver/cciss/cciss.*
/proc/interrupts
/proc/mdstat
/proc/meminfo
/proc/net/bonding/bond.*
/proc/net/netfilter/nfnetlink_queue
/proc/scsi/scsi
/sos_commands/process/ps_auxwww
/sys/devices/system/clocksource/clocksource0/current_clocksource
/sys/kernel/kexec_crash_size
/sys/kernel/mm/ksm/run
/usr/lib/systemd/journald.conf.d/.+.conf
/usr/lib/systemd/system/atomic-openshift-node.service
/usr/lib/systemd/system/docker.service
/usr/share/foreman/lib/satellite/version.rb
/usr/share/rhn/config-defaults/rhn_hibernate.conf
/var/lib/pacemaker/cib/cib.xml
/var/lib/pgsql/data/postgresql.conf
/var/log/redhat-access-insights/redhat-access-insights.log
/var/log/redhat_access_proactive/redhat_access_proactive.log
/var/log/rhn/rhn_taskomatic_daemon.log

Patterns collected from files

For the files listed below, only the lines containing the keyword patterns listed below the file are collected.

/etc/ImageMagick/policy.xml
- </policymap>
- <policy
- <policymap>
/etc/cluster/cluster.conf
- <lvm
- clusternode name=
/etc/exports
- no_root_squash
/etc/exports.d/.*.exports
- no_root_squash
/etc/lvm/lvm.conf
- auto_activation_volume_list
- filter
- locking_type
- volume_list
/etc/nscd.conf
- enable-cache
/etc/nsswitch.conf
- HOSTS:
- Hosts:
- hosts:
/etc/ovirt-engine/engine.conf.d/.*
- ENGINE_TMP=
/etc/rsyslog.conf
- imtcp
- regex
/etc/samba/smb.conf
- GLOBAL
- Global
- NT PIPE SUPPORT
- Nt Pipe Support
- REALM
- Realm
- SECURITY
- Security
- [
- global
- nt pipe support
- realm
- security
/etc/ssh/sshd_config
- ALLOWUSERS
- AllowUsers
- Allowusers
- CHALLENGERESPONSEAUTHENTICATION
- CIPHERS
- CLIENTALIVECOUNTMAX
- CLIENTALIVEINTERVAL
- ChallengeResponseAuthentication
- Challengeresponseauthentication
- Ciphers
- ClientAliveCountMax
- ClientAliveInterval
- Clientalivecountmax
- Clientaliveinterval
- DENYUSERS
- DenyUsers
- Denyusers
- KBDINTERACTIVEAUTHENTICATION
- KbdInteractiveAuthentication
- Kbdinteractiveauthentication
- LOGINGRACETIME
- LoginGraceTime
- Logingracetime
- MACS
- MACs
- MAXAUTHTRIES
- MAXSTARTUPS
- Macs
- MaxAuthTries
- MaxStartups
- Maxauthtries
- Maxstartups
- PERMITEMPTYPASSWORDS
- PERMITROOTLOGIN
- PROTOCOL
- PermitEmptyPasswords
- PermitRootLogin
- Permitemptypasswords
- Permitrootlogin
- Protocol
- USEPAM
- UsePAM
- UsePam
- Usepam
- allowusers
- challengeresponseauthentication
- ciphers
- clientalivecountmax
- clientaliveinterval
- denyusers
- kbdinteractiveauthentication
- logingracetime
- macs
- maxauthtries
- maxstartups
- permitemptypasswords
- permitrootlogin
- protocol
- usepam
/etc/vsftpd/vsftpd.conf
- LOCAL_ENABLE
- Local_Enable
- local_enable
- ssl_enable
- ssl_sslv3
/usr/lib/ImageMagick-6.5.4/config/policy.xml
- </policymap>
- <policy
- <policymap>
/usr/lib64/ImageMagick-6.5.4/config/policy.xml
- </policymap>
- <policy
- <policymap>
/var/lib/pgsql/data/pg_log/postgresql-.+.log
- ERROR:
- checkpoints are occurring too frequently
/var/log/ceph/ceph-osd.*.log$
- Thread.cc
/var/log/cinder/volume.log
- Image cloning unsuccessful for image
- Message: NFS file could not be discovered.
- [Errno 24] Too many open files
/var/log/httpd/error_log
- (28)No space left on device:
- Require ServerLimit > 0, setting to 1
- and would exceed the ServerLimit value of
- consider raising the MaxClients setting
- consider raising the MaxRequestWorkers setting
- exceed ServerLimit of
- exceeds ServerLimit value of
- exceeds compile time limit of
- exceeds compile-time limit of
- not allowed, increasing to 1
/var/log/messages
- disconnect jid=
- 'Ifcfg' object has no attribute 'runningConfig
- : segfault at
- : session replaced: jid=
- Abort command issued
- DMA Status error. Resetting chip
- Dazed and confused, but trying to continue
- Device offlined - not ready after error recovery
- Error deleting EBS Disk volume aws
- Error running DeviceResume dm_task_run failed
- Machine
- Neighbour table overflow
- Out of MCCQ wrbs
- Out of memory: kill process
- SCSI device reset on
- SDN initialization failed: Error: Existing service with IP: None is not part of service network
- SELinux is preventing /usr/sbin/logrotate from getattr access on the file
- Sense Key : Illegal Request [current]
- Temperature above threshold
- Uhhuh. NMI received for unknown reason
- Virtualization daemon
- WRITE SAME failed. Manually zeroing
- be2net
- blocked FC remote port time out
- does not seem to be present, delaying initialization
- ext4_ext_search_left
- fiid_obj_get: 'present_countdown_value': data not available
- firewalld - dynamic firewall daemon
- heated above trip temperature
- in libnl.so.1
- irq handler for vector (irq -1)
- is beyond advertised capabilities
- kernel: CIFS VFS: Unexpected SMB signature
- kernel: bnx2fc: byte_count
- kernel: megasas: Found FW in FAULT state, will reset adapter.
- khash_super_prune_nolock
- megaraid_sas: FW detected to be in faultstate, restarting it
- mode:0x20
- modprobe: FATAL: Error inserting nfsd
- multipathd.service operation timed out. Terminating
- nf_conntrack: expectation table full
- nf_conntrack: table full, dropping packet
- page allocation failure
- per_source_limit from
- server kernel: rhsmcertd-worke
- skb_copy
- skb_over_panic
- start request repeated too quickly for docker.service
- swapper: page allocation failure
- tg3_start_xmit
- timeout; kill it
- udev: renamed network interface
- udevd
- vdsm-tool: EnvironmentError: Failed to restore the persisted networks
/var/log/neutron/server.log
- No tenant network is available for allocation
/var/log/nova/nova-api.log
- Timed out waiting for a reply to message ID
/var/log/ovirt-engine/engine.log
- Duplicate ID 'virtio-serial0' for device
- Received fatal alert: certificate_expired
- XML error: Multiple 'virtio-serial' controllers with index '0'
- [org.ovirt.engine.core.vdsbroker.VmsStatisticsFetcher]
- has paused due to storage I/O problem
/var/log/pacemaker.log
- pcmk_dbus_find_error
/var/log/rabbitmq/startup_log
- Event crashed log handler:
/var/log/rhn/search/rhn_search_daemon.log
- APPARENT DEADLOCK!
/var/log/secure
- error: session_pty_req: session
/var/log/tomcat.*/catalina.out
- APPARENT DEADLOCK!
/var/log/vdsm/vdsm.log
- (waitForMigrationDestinationPrepare)
- 16514': No route to host
- ImageIsNotLegalChain: Image is not a legal chain:
- ImagePathError: Image path does not exist or cannot be accessed/created:
- Migration is stuck: Hasn't progressed in
- The name org.fedoraproject.FirewallD1 was not provided by any .service files
- Timeout while waiting for path preparation

Commands collected in their entirety

/bin/date
/bin/date --utc
/bin/df -alP
/bin/df -li
/bin/hostname
/bin/ls -l /boot/grub/grub.conf
/bin/ls -l /boot/grub2/grub.cfg
/bin/ls -l /etc/ssh/sshd_config
/bin/ls -la /var/log /var/log/audit
/bin/ls -lanR /boot
/bin/ls -lanR /dev
/bin/ls -lanR /dev/disk
/bin/ls -lanR /etc
/bin/ls -lanR /sys/firmware
/bin/ls -lanR /var/lib/docker/volumes
/bin/lsblk
/bin/lsblk -P -o NAME,KNAME,MAJ:MIN,FSTYPE,MOUNTPOINT,LABEL,UUID,RA,RO,RM,MODEL,SIZE,STATE,OWNER,GROUP,MODE,ALIGNMENT,MIN-IO,OPT-IO,PHY-SEC,LOG-SEC,ROTA,SCHED,RQ-SIZE,TYPE,DISC-ALN,DISC-GRAN,DISC-MAX,DISC-ZERO
/bin/lsinitrd /boot/initramfs-kdump.img -f /etc/sysctl.conf /etc/sysctl.d/*.conf
/bin/mount
/bin/netstat -agn
/bin/netstat -i
/bin/netstat -neopa
/bin/netstat -s
/bin/ps auxcww
/bin/rpm -V coreutils procps procps-ng shadow-utils passwd sudo
/bin/rpm -qa --qf='%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH} %{INSTALLTIME:date} %{BUILDTIME} %{RSAHEADER:pgpsig} %{DSAHEADER:pgpsig}'
/bin/systemctl list-unit-files
/bin/systemctl show mariadb
/bin/systemctl show openstack-cinder-volume
/bin/uname -a
/sbin/chkconfig --list
/sbin/dcbtool gc dcb
/sbin/dumpe2fs -h
/sbin/ethtool
/sbin/ethtool -S
/sbin/ethtool -g
/sbin/ethtool -i
/sbin/ethtool -k
/sbin/ip -4 neighbor show nud all
/sbin/ip -6 neighbor show nud all
/sbin/ip addr
/sbin/ip route show table all
/sbin/iptables-save
/sbin/lsmod
/sbin/lspci
/sbin/lvs --nameprefixes --noheadings --separator='|' -a -o lv_name,vg_name,lv_size,region_size,mirror_log,lv_attr,devices,region_size --config="global{locking_type=0}"
/sbin/multipath -v4 -ll
/sbin/pvs --nameprefixes --noheadings --separator='|' -a -o pv_all,vg_name --config="global{locking_type=0}"
/sbin/sysctl -a
/sbin/tuned-adm list
/sbin/vgs --nameprefixes --noheadings --separator='|' -a -o vg_all --config="global{locking_type=0}"
/usr/bin/ceph -s -f json-pretty
/usr/bin/ceph -v
/usr/bin/ceph daemon config show
/usr/bin/ceph health detail -f json-pretty
/usr/bin/ceph osd dump -f json-pretty
/usr/bin/ceph osd erasure-code-profile get -f json-pretty
/usr/bin/ceph osd tree -f json-pretty
/usr/bin/chronyc sources
/usr/bin/docker images --all --no-trunc --digests
/usr/bin/docker info
/usr/bin/docker inspect --type=container {DOCKER_CONTAINER_NAME}
/usr/bin/docker ps --all --no-trunc
/usr/bin/facter
/usr/bin/file -L /etc/localtime
/usr/bin/find /etc/origin/node /etc/origin/master /etc/pki -type f -exec /usr/bin/openssl x509 -noout -enddate -in '{}' \; -exec echo '{}' \;
/usr/bin/find /sys/bus/pci/devices/*/mlx4_port[0-9] -print -exec cat {} \;
/usr/bin/find /sys/devices/virtual/net/ -name multicast_querier -print -exec cat {} \;
/usr/bin/find /var/crash /var/tmp -path '.reports-/whoopsie-report'
/usr/bin/ipcs -s
/usr/bin/ipcs -s -i
/usr/bin/lpstat -p
/usr/bin/ovs-vsctl show
/usr/bin/uptime
/usr/bin/yum -C repolist
/usr/sbin/blkid -c /dev/null
/usr/sbin/brctl show
/usr/sbin/dmidecode
/usr/sbin/getenforce
/usr/sbin/httpd -V
/usr/sbin/ntpq -c 'rv 0 leap'
/usr/sbin/ntpq -pn
/usr/sbin/ntptime
/usr/sbin/rabbitmqctl list_queues name messages consumers auto_delete
/usr/sbin/rabbitmqctl list_users
/usr/sbin/rabbitmqctl report
/usr/sbin/sestatus -b
/usr/sbin/ss -tulpn
/usr/sbin/virt-what

Patterns collected from commands

For the commands listed below, only the lines containing the keyword patterns listed below the command are collected.

/bin/dmesg
- CSUM
- CVE-2017-1000364
- Dropping TSO
- HP HPSA
- Linux version
- NUMA:
- P220i
- P420i
- WRITE SAME failed. Manually zeroing
- blocked FC remote port time out
- crashkernel reservation failed
- crashkernel=auto resulted in zero bytes of reserved memory
- ixgbevf: Unknown parameter `InterruptThrottleRate'
- mounted filesystem without journal.
- vpd r/w failed
/bin/ps aux
- /sapmnt/
- /usr/bin/docker daemon
- /usr/bin/docker-current daemon
- /usr/bin/openshift start master
- /usr/bin/openshift start node
- /usr/bin/postgres
- /usr/bin/postmaster
- /usr/sap/
- COMMAND
- STAP
- STAP/8.2
- ceph-osd
- chronyd
- keystone-all
- ntpd
- phc2sys
- postgres
- postmaster
- ptp4l
/sbin/vgdisplay
- Clustered
- Couldn't find device with uuid
- LV Name
- Mirrored volumes
- VG Name
/usr/bin/crontab -l -u heat
- heat-manage
/usr/bin/crontab -l -u keystone
- heat-manage
- keystone-manage
/usr/bin/crontab -l -u root
- heat-manage
/usr/bin/dig +dnssec . DNSKEY
- ANSWER SECTION
- DNSKEY
- RRSIG
/usr/sbin/lsof
- COMMAND
- libcrypto
- libssl
- libssl.so
- lsnrctl
- oracle
- tnslsnr
/usr/sbin/named-checkconf -p
- DNSSEC-ENABLE
- Dnssec-Enable
- dnssec-enable

Excluding data

For information on how to exclude metadata from being sent from the Insights client, see Opt out of sending metadata from Red Hat Insights client.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories