Red Hat Insights が収集するシステム情報

最新情報

2017 年 7 月 21 日以降、収集される情報に以下の変更が加えられました。

追加される情報

ファイル

• /etc/security/limits.conf

コマンド

• /bin/lsinitrd /boot/initramfs-kdump.img -f /etc/sysctl.conf /etc/sysctl.d/*.conf
• /usr/bin/find /sys/bus/pci/devices/*/mlx4_port[0-9] -print -exec cat {} \;

概要

Red Hat Insights は、分析のためにシステム情報を収集する必要があります。本ドキュメントに掲載されている情報は、Red Hat Insights エンジンに既知の問題によってシステムに影響があるかどうかを判定する上で必要となる最小限のサブセットです。

完全な透明性を保つために、クライアントが収集する情報を以下に表示します。Red Hat Insights クライアントが実際に使用する設定ファイルは、こちら で確認できます。

ファイル全体が収集されるもの

• /boot/efi/EFI/redhat/grub.cfg
• /boot/grub/grub.conf
• /boot/grub2/grub.cfg
• /etc/modprobe.conf
• /etc/audit/auditd.conf
• /etc/ceilometer/ceilometer.conf
• /etc/chrony.conf
• /etc/cinder/cinder.conf
• /etc/fstab
• /etc/haproxy/haproxy.cfg
• /etc/heat/heat.conf
• /etc/hosts
• /etc/httpd/conf.d/.+.conf
• /etc/httpd/conf/httpd.conf
• /etc/kdump.conf
• /etc/modprobe.d/.*.conf
• /etc/multipath.conf
• /etc/my.cnf.d/galera.cnf
• /etc/neutron/plugin.ini
• /etc/nova/nova.conf
• /etc/ntp.conf
• /etc/origin/node/node-config.yaml
• /etc/pam.d/password-auth
• /etc/pam.d/vsftpd
• /etc/rc.d/rc.local
• /etc/redhat-access-insights/machine-id
• /etc/redhat-access-insights/machine-id
• /etc/redhat-release
• /etc/redhat_access_proactive/machine-id
• /etc/resolv.conf
• /etc/rhn/rhn.conf
• /etc/security/limits.conf
• /etc/security/limits.d/.*
• /etc/security/limits.d/.*-nproc.conf
• /etc/selinux/config
• /etc/sysconfig/corosync
• /etc/sysconfig/docker
• /etc/sysconfig/docker-storage-setup
• /etc/sysconfig/iptables
• /etc/sysconfig/netconsole
• /etc/sysconfig/network-scripts/ifcfg-.*
• /etc/sysconfig/ntpd
• /etc/sysconfig/rhn/rhn-entitlement-cert.xml.*
• /etc/sysconfig/rhn/up2date
• /etc/sysctl.conf
• /etc/systemd/journald.conf
• /etc/systemd/journald.conf.d/.+.conf
• /etc/systemd/system.conf
• /etc/vdsm/vdsm.conf
• /etc/vdsm/vdsm.id
• /etc/xinetd.conf
• /etc/xinetd.d/.*
• /etc/yum.conf
• /etc/yum.repos.d/.*.repo
• /etc/yum/pluginconf.d/\w+.conf
• /proc/cmdline
• /proc/cpuinfo
• /proc/driver/cciss/cciss.*
• /proc/interrupts
• /proc/mdstat
• /proc/meminfo
• /proc/net/bonding/bond.*
• /proc/net/netfilter/nfnetlink_queue
• /proc/scsi/scsi
• /sos_commands/process/ps_auxwww
• /sys/devices/system/clocksource/clocksource0/current_clocksource
• /sys/kernel/kexec_crash_size
• /sys/kernel/mm/ksm/run
• /usr/lib/systemd/journald.conf.d/.+.conf
• /usr/lib/systemd/system/atomic-openshift-node.service
• /usr/lib/systemd/system/docker.service
• /usr/share/foreman/lib/satellite/version.rb
• /usr/share/rhn/config-defaults/rhn_hibernate.conf
• /var/lib/pacemaker/cib/cib.xml
• /var/lib/pgsql/data/postgresql.conf
• /var/log/redhat-access-insights/redhat-access-insights.log
• /var/log/redhat_access_proactive/redhat_access_proactive.log
• /var/log/rhn/rhn_taskomatic_daemon.log

ファイルからパターンが収集されるもの

下記のファイルについては、ファイルの下に表示されているキーワードパターンを含む行だけが収集されます。

• /etc/ImageMagick/policy.xml
  • 
    
  • 
    
• /etc/cluster/cluster.conf
  • clusternode name=
• /etc/exports
  • no_root_squash
• /etc/exports.d/.*.exports
  • no_root_squash
• /etc/lvm/lvm.conf
  • auto_activation_volume_list
  • filter
  • locking_type
  • volume_list
• /etc/nscd.conf
  • enable-cache
• /etc/nsswitch.conf
  • HOSTS:
  • Hosts:
  • hosts:
• /etc/ovirt-engine/engine.conf.d/.*
  • ENGINE_TMP=
• /etc/rsyslog.conf
  • imtcp
  • regex
• /etc/samba/smb.conf
  • GLOBAL
  • Global
  • NT PIPE SUPPORT
  • Nt Pipe Support
  • REALM
  • Realm
  • SECURITY
  • Security
  • [
  • global
  • nt pipe support
  • realm
  • security
• /etc/ssh/sshd_config
  • ALLOWUSERS
  • AllowUsers
  • Allowusers
  • CHALLENGERESPONSEAUTHENTICATION
  • CIPHERS
  • CLIENTALIVECOUNTMAX
  • CLIENTALIVEINTERVAL
  • ChallengeResponseAuthentication
  • Challengeresponseauthentication
  • Ciphers
  • ClientAliveCountMax
  • ClientAliveInterval
  • Clientalivecountmax
  • Clientaliveinterval
  • DENYUSERS
  • DenyUsers
  • Denyusers
  • KBDINTERACTIVEAUTHENTICATION
  • KbdInteractiveAuthentication
  • Kbdinteractiveauthentication
  • LOGINGRACETIME
  • LoginGraceTime
  • Logingracetime
  • MACS
  • MACs
  • MAXAUTHTRIES
  • MAXSTARTUPS
  • Macs
  • MaxAuthTries
  • MaxStartups
  • Maxauthtries
  • Maxstartups
  • PERMITEMPTYPASSWORDS
  • PERMITROOTLOGIN
  • PROTOCOL
  • PermitEmptyPasswords
  • PermitRootLogin
  • Permitemptypasswords
  • Permitrootlogin
  • Protocol
  • USEPAM
  • UsePAM
  • UsePam
  • Usepam
  • allowusers
  • challengeresponseauthentication
  • ciphers
  • clientalivecountmax
  • clientaliveinterval
  • denyusers
  • kbdinteractiveauthentication
  • logingracetime
  • macs
  • maxauthtries
  • maxstartups
  • permitemptypasswords
  • permitrootlogin
  • protocol
  • usepam
• /etc/vsftpd/vsftpd.conf
  • LOCAL_ENABLE
  • Local_Enable
  • local_enable
  • ssl_enable
  • ssl_sslv3
• /usr/lib/ImageMagick-6.5.4/config/policy.xml
  • 
    
  • 
    
• /usr/lib64/ImageMagick-6.5.4/config/policy.xml
  • 
    
  • 
    
• /var/lib/pgsql/data/pg_log/postgresql-.+.log
  • ERROR:
  • checkpoints are occurring too frequently
• /var/log/ceph/ceph-osd.*.log$
  • Thread.cc
• /var/log/cinder/volume.log
  • Image cloning unsuccessful for image
  • Message: NFS file could not be discovered.
  • [Errno 24] Too many open files
• /var/log/httpd/error_log
  • (28)No space left on device:
  • Require ServerLimit > 0, setting to 1
  • and would exceed the ServerLimit value of
  • consider raising the MaxClients setting
  • consider raising the MaxRequestWorkers setting
  • exceed ServerLimit of
  • exceeds ServerLimit value of
  • exceeds compile time limit of
  • exceeds compile-time limit of
  • not allowed, increasing to 1
• /var/log/messages
  • disconnect jid=
  • 'Ifcfg' object has no attribute 'runningConfig
  • : segfault at
  • : session replaced: jid=
  • Abort command issued
  • DMA Status error. Resetting chip
  • Dazed and confused, but trying to continue
  • Device offlined - not ready after error recovery
  • Error deleting EBS Disk volume aws
  • Error running DeviceResume dm_task_run failed
  • Machine
  • Neighbour table overflow
  • Out of MCCQ wrbs
  • Out of memory: kill process
  • SCSI device reset on
  • SDN initialization failed: Error: Existing service with IP: None is not part of service network
  • SELinux is preventing /usr/sbin/logrotate from getattr access on the file
  • Sense Key : Illegal Request [current]
  • Temperature above threshold
  • Uhhuh. NMI received for unknown reason
  • Virtualization daemon
  • WRITE SAME failed. Manually zeroing
  • be2net
  • blocked FC remote port time out
  • does not seem to be present, delaying initialization
  • ext4_ext_search_left
  • fiid_obj_get: 'present_countdown_value': data not available
  • firewalld - dynamic firewall daemon
  • heated above trip temperature
  • in libnl.so.1
  • irq handler for vector (irq -1)
  • is beyond advertised capabilities
  • kernel: CIFS VFS: Unexpected SMB signature
  • kernel: bnx2fc: byte_count
  • kernel: megasas: Found FW in FAULT state, will reset adapter.
  • khash_super_prune_nolock
  • megaraid_sas: FW detected to be in faultstate, restarting it
  • mode:0x20
  • modprobe: FATAL: Error inserting nfsd
  • multipathd.service operation timed out. Terminating
  • nf_conntrack: expectation table full
  • nf_conntrack: table full, dropping packet
  • page allocation failure
  • per_source_limit from
  • server kernel: rhsmcertd-worke
  • skb_copy
  • skb_over_panic
  • start request repeated too quickly for docker.service
  • swapper: page allocation failure
  • tg3_start_xmit
  • timeout; kill it
  • udev: renamed network interface
  • udevd
  • vdsm-tool: EnvironmentError: Failed to restore the persisted networks
• /var/log/neutron/server.log
  • No tenant network is available for allocation
• /var/log/nova/nova-api.log
  • Timed out waiting for a reply to message ID
• /var/log/ovirt-engine/engine.log
  • Duplicate ID 'virtio-serial0' for device
  • Received fatal alert: certificate_expired
  • XML error: Multiple 'virtio-serial' controllers with index '0'
  • [org.ovirt.engine.core.vdsbroker.VmsStatisticsFetcher]
  • has paused due to storage I/O problem
• /var/log/pacemaker.log
  • pcmk_dbus_find_error
• /var/log/rabbitmq/startup_log
  • Event crashed log handler:
• /var/log/rhn/search/rhn_search_daemon.log
  • APPARENT DEADLOCK!
• /var/log/secure
  • error: session_pty_req: session
• /var/log/tomcat.*/catalina.out
  • APPARENT DEADLOCK!
• /var/log/vdsm/vdsm.log
  • (waitForMigrationDestinationPrepare)
  • 16514': No route to host
  • ImageIsNotLegalChain: Image is not a legal chain:
  • ImagePathError: Image path does not exist or cannot be accessed/created:
  • Migration is stuck: Hasn't progressed in
  • The name org.fedoraproject.FirewallD1 was not provided by any .service files
  • Timeout while waiting for path preparation

コマンド全体が収集されるもの

• /bin/date
• /bin/date --utc
• /bin/df -alP
• /bin/df -li
• /bin/hostname
• /bin/ls -l /boot/grub/grub.conf
• /bin/ls -l /boot/grub2/grub.cfg
• /bin/ls -l /etc/ssh/sshd_config
• /bin/ls -la /var/log /var/log/audit
• /bin/ls -lanR /boot
• /bin/ls -lanR /dev
• /bin/ls -lanR /dev/disk
• /bin/ls -lanR /etc
• /bin/ls -lanR /sys/firmware
• /bin/ls -lanR /var/lib/docker/volumes
• /bin/lsblk
• /bin/lsblk -P -o NAME,KNAME,MAJ:MIN,FSTYPE,MOUNTPOINT,LABEL,UUID,RA,RO,RM,MODEL,SIZE,STATE,OWNER,GROUP,MODE,ALIGNMENT,MIN-IO,OPT-IO,PHY-SEC,LOG-SEC,ROTA,SCHED,RQ-SIZE,TYPE,DISC-ALN,DISC-GRAN,DISC-MAX,DISC-ZERO
• /bin/lsinitrd /boot/initramfs-kdump.img -f /etc/sysctl.conf /etc/sysctl.d/*.conf
• /bin/mount
• /bin/netstat -agn
• /bin/netstat -i
• /bin/netstat -neopa
• /bin/netstat -s
• /bin/ps auxcww
• /bin/rpm -V coreutils procps procps-ng shadow-utils passwd sudo
• /bin/rpm -qa --qf='%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH} %{INSTALLTIME:date} %{BUILDTIME} %{RSAHEADER:pgpsig} %{DSAHEADER:pgpsig}'
• /bin/systemctl list-unit-files
• /bin/systemctl show mariadb
• /bin/systemctl show openstack-cinder-volume
• /bin/uname -a
• /sbin/chkconfig --list
• /sbin/dcbtool gc dcb
• /sbin/dumpe2fs -h
• /sbin/ethtool
• /sbin/ethtool -S
• /sbin/ethtool -g
• /sbin/ethtool -i
• /sbin/ethtool -k
• /sbin/ip -4 neighbor show nud all
• /sbin/ip -6 neighbor show nud all
• /sbin/ip addr
• /sbin/ip route show table all
• /sbin/iptables-save
• /sbin/lsmod
• /sbin/lspci
• /sbin/lvs --nameprefixes --noheadings --separator='|' -a -o lv_name,vg_name,lv_size,region_size,mirror_log,lv_attr,devices,region_size --config="global{locking_type=0}"
• /sbin/multipath -v4 -ll
• /sbin/pvs --nameprefixes --noheadings --separator='|' -a -o pv_all,vg_name --config="global{locking_type=0}"
• /sbin/sysctl -a
• /sbin/tuned-adm list
• /sbin/vgs --nameprefixes --noheadings --separator='|' -a -o vg_all --config="global{locking_type=0}"
• /usr/bin/ceph -s -f json-pretty
• /usr/bin/ceph -v
• /usr/bin/ceph daemon config show
• /usr/bin/ceph health detail -f json-pretty
• /usr/bin/ceph osd dump -f json-pretty
• /usr/bin/ceph osd erasure-code-profile get -f json-pretty
• /usr/bin/ceph osd tree -f json-pretty
• /usr/bin/chronyc sources
• /usr/bin/docker images --all --no-trunc --digests
• /usr/bin/docker info
• /usr/bin/docker inspect --type=container {DOCKER_CONTAINER_NAME}
• /usr/bin/docker ps --all --no-trunc
• /usr/bin/facter
• /usr/bin/file -L /etc/localtime
• /usr/bin/find /etc/origin/node /etc/origin/master /etc/pki -type f -exec /usr/bin/openssl x509 -noout -enddate -in '{}' \; -exec echo '{}' \;
• /usr/bin/find /sys/bus/pci/devices/*/mlx4_port[0-9] -print -exec cat {} \;
• /usr/bin/find /sys/devices/virtual/net/ -name multicast_querier -print -exec cat {} \;
• /usr/bin/find /var/crash /var/tmp -path '.reports-/whoopsie-report'
• /usr/bin/ipcs -s
• /usr/bin/ipcs -s -i
• /usr/bin/lpstat -p
• /usr/bin/ovs-vsctl show
• /usr/bin/uptime
• /usr/bin/yum -C repolist
• /usr/sbin/blkid -c /dev/null
• /usr/sbin/brctl show
• /usr/sbin/dmidecode
• /usr/sbin/getenforce
• /usr/sbin/httpd -V
• /usr/sbin/ntpq -c 'rv 0 leap'
• /usr/sbin/ntpq -pn
• /usr/sbin/ntptime
• /usr/sbin/rabbitmqctl list_queues name messages consumers auto_delete
• /usr/sbin/rabbitmqctl list_users
• /usr/sbin/rabbitmqctl report
• /usr/sbin/sestatus -b
• /usr/sbin/ss -tulpn
• /usr/sbin/virt-what

コマンドからパターンが収集されるもの

下記のコマンドについては、コマンドの下に表示されているキーワードパターンを含む行だけが収集されます。

• /bin/dmesg
  • CSUM
  • CVE-2017-1000364
  • Dropping TSO
  • HP HPSA
  • Linux version
  • NUMA:
  • P220i
  • P420i
  • WRITE SAME failed. Manually zeroing
  • blocked FC remote port time out
  • crashkernel reservation failed
  • crashkernel=auto resulted in zero bytes of reserved memory
  • ixgbevf: Unknown parameter `InterruptThrottleRate'
  • mounted filesystem without journal.
  • vpd r/w failed
• /bin/ps aux
  • /sapmnt/
  • /usr/bin/docker daemon
  • /usr/bin/docker-current daemon
  • /usr/bin/openshift start master
  • /usr/bin/openshift start node
  • /usr/bin/postgres
  • /usr/bin/postmaster
  • /usr/sap/
  • COMMAND
  • STAP
  • STAP/8.2
  • ceph-osd
  • chronyd
  • keystone-all
  • ntpd
  • phc2sys
  • postgres
  • postmaster
  • ptp4l
• /sbin/vgdisplay
  • Clustered
  • Couldn't find device with uuid
  • LV Name
  • Mirrored volumes
  • VG Name
• /usr/bin/crontab -l -u heat
  • heat-manage
• /usr/bin/crontab -l -u keystone
  • heat-manage
  • keystone-manage
• /usr/bin/crontab -l -u root
  • heat-manage
• /usr/bin/dig +dnssec . DNSKEY
  • ANSWER SECTION
  • DNSKEY
  • RRSIG
• /usr/sbin/lsof
  • COMMAND
  • libcrypto
  • libssl
  • libssl.so
  • lsnrctl
  • oracle
  • tnslsnr
• /usr/sbin/named-checkconf -p
  • DNSSEC-ENABLE
  • Dnssec-Enable
  • dnssec-enable

データの除外

Insights クライアントにメタデータを送信しないようにする方法については、Opt out of sending metadata from Red Hat Insights client のアーティクルを参照してください。