Warning message

log in to add comments or rate this document

What is a sosreport and how to create one in Red Hat Enterprise Linux 4.6 and later?

Updated 2015-02-27T14:29:12+00:00

Issue

  • What is a sosreport?
  • How to generate a sosreport?
  • What to do if a sosreport hangs
  • How to collect system log files, configuration details and system information from a Red Hat Enterprise Linux system to provide to Red Hat Technical Support for analysis.
  • I am opening a service request with Red Hat Technical Support for technical assistance. What data I have to provide for initial analysis of my system?

Environment

  • Red Hat Enterprise Linux 4.6 or later
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7

Resolution

The sosreport command is a tool that collects configuration and diagnostic information from a Red Hat Enterprise Linux system. For instance: the running kernel version, loaded modules, and system and service configuration files. The command also runs external programs to collect further information, and stores this output in the resulting archive.

To run sosreport the sos package must be installed. The package is part of the default group and will be installed automatically on most systems.

If for any reason the package is not present it may be added manually using the following steps:

Red Hat Enterprise Linux 4 Update 6 or later

If the system is registered with Red Hat Network (RHN), sos can be installed using the up2date command:

# up2date sos

Red Hat Enterprise Linux 5 and later

If the system is registered with RHN, use the yum command:

# yum install sos

If the system is not registered with RHN, the sos package can be downloaded from the RHN website or found on the installation CDs or DVD. The rpm command may be used to install the package on any version of Red Hat Enterprise Linux:

 # rpm -Uvh sos-<version>.noarch.rpm

Once the package has been installed issue the following command:

Note: sosreport requires root permissions to run.

# sosreport

The command will normally complete within a few minutes on Red Hat Enterprise Linux 6. Older versions may take longer to complete. Depending on local configuration and the options specified in some cases the command may take longer to finish. If you are concerned about the run time of the sosreport command contact your Red Hat support representative for assistance.

Once completed, sosreport will generate a compressed a file under /tmp (for RHEL6 and earlier) or under /var/tmp (for RHEL7 and later). Different versions use different compression schemes (gz, bz2, or xz). The file should be provided to your support representative (normally as an attachment to an open case).

The size of the archive varies depending on system configuration and any optional sosreport features that are enabled (for example specifying the "all_logs" option of the general module to collect all syslog log files may greatly increase the size of the archive).

If the collected sosreport is too big to upload to the case, it could be uploaded to Red Hat ftp site at dropbox.redhat.com.

To avoid the need to enter user and account information interactively the command may be run in batch mode by use of the --batch option. In this case user information is obtained from the system RHN configuration files:

# sosreport --batch

The sosreport command has a modular structure and allows the user to enable and disable modules and specify module options via the command line. To list available modules (plug-ins) use the following command:

# sosreport -l

To temporarily turn off a module:

Include it in a comma-separated list of modules passed to the -n/--skip-plugins option.

For instance, to temporarily disable both the kvm and amd modules (if broken):

# sosreport -n kvm,amd

Individual modules may provide additional options that may be specified via the -k option. For example on Red Hat Enterprise Linux 4 and 5 installations the sos rpm module collects "rpm -Va" output by default. As this may be time-consuming the behavior may be disabled via:

# sosreport -k rpm.rpmva=off

Running sosreport on RHN Proxy Server
To capture more detailed information on RHN Proxy Server, run the following command:

# sosreport -o rhn

Note:

1. Red Hat Enterprise Linux 4.5 and earlier include the older sysreport command for creating diagnostic archives. If possible update your system to the sos package included in later releases however sysreports may still be submitted to Red Hat if needed What is a sysreport and how to run it in Red Hat Enterprise Linux?

2. The sos package in Red Hat Enterprise Linux 4 and 5 also includes the sysreport command. This is a symbolic link provided for backwards compatibility:

# ls -l /usr/sbin/sysreport
lrwxrwxrwx 1 root root 19 Nov  3  2008 /usr/sbin/sysreport -> /usr/sbin/sosreport

To use the original (legacy) version of the sysreport script on these installations use the sysreport.legacy command:

# sysreport.legacy
This utility will go through and collect some detailed information 
about the hardware and setup of your Red Hat Linux system.
This information will be used to diagnose problems with your system
and will be considered confidential information.  Red Hat will use
this information for diagnostic purposes ONLY.

What to do if sosreport hangs:

  • If running on RHEL5, background the sosreport process (ctrl-z) before killing it via its PID. Otherwise you may encounter the issue documented in KCS#55275

  • If sosreport fails due to "No space left on device" for the device

    • Verify there is enough space on the filesystem containing /tmp
    # df -h /tmp
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_ren-lv_root
                       50G   49G    1M  99% /
    • Free additional space, or a different directory can be specified using the argument below
    # soserport --tmp-dir /path/to/another/volume

  • The sosreport may have hung because of a specific plugin

Try to determine which plugin it is hanging on.

  1. Increase verbosity sosreport -vvvv
  2. strace it

Once you determine which plugin it is hanging on, exclude it.

Enter the following command to show all plugins:

sosreport -l

e.g. To exclude the filesys plugin

sosreport -n filesys

  • Otherwise, instead of collecting the failure sosreport, a manual report may be created by running the following script

    #!/bin/bash
host="$(hostname)"

sos_dir="/tmp/${host}_hungsos"
mkdir $sos_dir
cd $sos_dir
chkconfig --list > chkconfig
date > date
df > df
dmesg > dmesg
dmidecode > dmidecode  
fdisk -l > fdisk  
free > free  
hostname --fqdn > hostname  
ifconfig > ifconfig  
lsmod > lsmod  
lspci > lspci  
cat /proc/mounts > mount  
netstat -tlpn > netstat  
ps auxww > ps  
rpm -qa > rpm-qa  
rpm -Va > rpm-Va     #this command may take a while to run  
ulimit -a > ulimit  
uname -a > uname  
uptime > uptime  
cat /proc/meminfo > meminfo  
cat /proc/cpuinfo > cpuinfo  
mkdir etc  
cd etc  
cp /etc/fstab .
cp /etc/cluster/cluster.conf .
cp /etc/security/limits.conf .  
cp /etc/redhat-release .  
cp /etc/sysctl.conf .  
cp /etc/modprobe.conf .  
mkdir sysconfig/network-scripts -p  
cd sysconfig  
cp /etc/sysconfig/* . -R  
cd $sos_dir
mkdir var/log -p  
cp /var/log/* var/log -R  
cd /tmp  
tar -cvjf ${host}_hungsos.tar.bz2 $sos_dir

Reference: How to gather data from a Red Hat Enterprise Linux system for troubleshooting if the sosreport process goes to hung state?

Collecting sosreport from rescue mode

If the system does not boot, sosreport can be collected from rescue environment for troubleshooting purpose.

Refer: How to generate sosreport from the rescue environment?

Generate sosreport to an alternative location

If there is any space constraints in /tmp, it is possible to force sosreport to an alternative location.

Refer: How do I make sosreport write to an alternative location?

Collecting sosreport manually

If all else fails and it is not possible to generate sosreport at all, the following solution goes over collecting the files manually:

Refer: Sosreport fails. What data should I provide in its place?