Linux下日志的采集和分析是一个非常重要的工作,一般厂商在你需要技术支持的时候,都需要你通过对应指令收集系统的信息,我这边列举下常用的两个Linux厂商的收集命令(Redhat Linux以及SuSe Linux),便于收集后,对系统进行全面分析。
sosreport是一个类型于supportconfig 的工具,sosreport是python编写的一个工具,适用于centos(和redhat一样,包名为sos)。supportconfig由于是shell 语言编写的一个工具,对版本的依赖相对少些 ,但对一些工具的依赖相对多些(适用于SuSe Linux)。
在红帽系列下,收取日志支持信息(sosreport)
[root@ip-172-31-22-8 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.2 (Maipo) [root@ip-172-31-22-8 ~]# yum -y install sos [root@ip-172-31-22-8 ~]# sosreport sosreport (version 3.2) This command will collect diagnostic and configuration information from this Red Hat Enterprise Linux system and installed applications. An archive containing the collected information will be generated in /var/tmp/sos.HbPFQB and may be provided to a Red Hat support representative. Any information provided to Red Hat will be treated in accordance with the published support policies at: https://access.redhat.com/support/ The generated archive may contain data considered sensitive and its content should be reviewed by the originating organization before being passed to any third party. No changes will be made to system configuration. Press ENTER to continue, or CTRL-C to quit.(1、默认情况下我们直接回车) Please enter your first initial and last name [ip-172-31-22-8.us-west-2.compute.internal]: (2、保持默认) Please enter the case id that you are generating this report for []: (3、保持默认) Setting up archive ... Setting up plugins ... Running plugins. Please wait ... Running 73/73: yum... Creating compressed archive... Your sosreport has been generated and saved in: /var/tmp/sosreport-ip-172-31-22-8.us-west-2.compute.internal-20160705094442.tar.xz(4、生成的文件所在的位置及文件名) The checksum is: 6ff5127ef6e524cb68a2f60f06cd00d1 Please send this file to your support representative. [root@ip-172-31-22-8 ~]# cd /var/tmp/ [root@ip-172-31-22-8 tmp]# tar xvJf sosreport-ip-172-31-22-8.us-west-2.compute.internal-20160705094442.tar.xz [root@ip-172-31-22-8 tmp]# ls sosreport-ip-172-31-22-8.us-west-2.compute.internal-20160705094442 sosreport-ip-172-31-22-8.us-west-2.compute.internal-20160705094442.tar.xz sosreport-ip-172-31-22-8.us-west-2.compute.internal-20160705094442.tar.xz.md5 [root@ip-172-31-22-8 tmp]# cd sosreport-ip-172-31-22-8.us-west-2.compute.internal-20160705094442 [root@ip-172-31-22-8 sosreport-ip-172-31-22-8.us-west-2.compute.internal-20160705094442]# ls boot date df etc hostname ip_addr last lsmod netstat ps route sos_commands sos_reports uname usr version.txt chkconfig dev dmidecode free installed-rpms java lib mount proc root run sos_logs sys uptime var # 如上面命令可知,均是收集到的信息的信息 [root@ip-172-31-22-8 sosreport-ip-172-31-22-8.us-west-2.compute.internal-20160705094442]# cat route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.31.16.1 0.0.0.0 UG 100 0 0 eth0 172.31.16.0 0.0.0.0 255.255.240.0 U 100 0 0 eth0 [root@ip-172-31-22-8 sosreport-ip-172-31-22-8.us-west-2.compute.internal-20160705094442]# cat uptime 09:44:47 up 13 days, 23:16, 1 user, load average: 0.08, 0.04, 0.05
在SuSe下收集日志信息
DYDMSQAAP01:~ # supportconfig -A ============================================================================= Support Utilities - Supportconfig Script Version: 2.25-197 Script Date: 2010 04 02 ============================================================================= Gathering system information Data Directory: /var/log/nts_DYDMSQAAP01_160706_0851(生成的文件所在的目录) Basic Server Health Check... Done RPM Database... Done Basic Environment... Done Basic Health Report... Done System Modules... Done Memory Details... Done Disk I/O... Done System Logs... Done YaST Files... Done Auditing... Done Crash Info... Done NTP... Done PROC... Done Boot Files... Done SLERT... Skipped Updates... Done SMT... Skipped Novell eDirectory... Please Wait... Skipped Novell LUM... Skipped Novell NCP... Skipped Novell NSS... Skipped Novell DFS... Skipped Novell SMS... Skipped Novell NCS... Skipped Novell AFP... Skipped Novell CIFS... Skipped HA Cluster... Skipped OCFS2... Skipped PAM... Done LDAP... Done CIMOM... Done Open Files... Done Environment... Done ETC... Done SYSCONFIG... Done SYSFS... Done System Daemons... Done CRON... Done AT... Done UDEV... Done LVM... Please Wait... Base Detail Done EVMS... Skipped Software Raid... Done Multipathing... Done Networking... Done Web... Done InfiniBand... Done DNS... Done DHCP... Done SLP... Please Wait... Services Done SSH... Done iSCSI... Done Samba... Done NFS... Done AUTOFS... Done SAR Files... Skipped AppArmor... Done Xen... Skipped X... Done Printing... Done SMART Disks... Done Hardware... Please Wait... Done File System List... Please Wait... Done Supportability Analysis... Please Wait... Done Creating Tar Ball ==[ DONE ]=================================================================== Log file tar ball: /var/log/nts_DYDMSQAAP01_160706_0851.tbz Log file size: 6.1M Log file md5sum: 795ead2be91d0caf956df417df47a3e8 Please attach the log file tar ball to your open Service Request at the following URL: https://secure-support.novell.com/eService_enu You can also upload the tar ball to ftp.novell.com/incoming, or just use supportconfig -ur <srnum>, to upload the tar ball automatically. If you cannot attach the tar ball to the SR, then email it to the engineer. ============================================================================= DYDMSQAAP01:/var/log # file nts_DYDMSQAAP01_160706_0851.tbz nts_DYDMSQAAP01_160706_0851.tbz: bzip2 compressed data, block size = 900k DYDMSQAAP01:/var/log # bzip2 -d nts_DYDMSQAAP01_160706_0851.tbz DYDMSQAAP01:/var/log # file nts_DYDMSQAAP01_160706_0851.tar nts_DYDMSQAAP01_160706_0851.tar: POSIX tar archive (GNU) DYDMSQAAP01:/var/log # tar -xf nts_DYDMSQAAP01_160706_0851.tar DYDMSQAAP01:/var/log # cd nts_DYDMSQAAP01_160706_0851/ DYDMSQAAP01:/var/log/nts_DYDMSQAAP01_160706_0851 # ls -l total 96300 -rw------- 1 root root 1734 Jul 6 08:52 basic-environment.txt -rw------- 1 root root 21527 Jul 6 08:51 basic-health-check.txt -rw------- 1 root root 1347 Jul 6 08:52 basic-health-report.txt -rw------- 1 root root 261427 Jul 6 08:54 boot.txt -rw------- 1 root root 31110 Jul 6 08:55 chkconfig.txt -rw------- 1 root root 9767 Jul 6 08:54 cimom.txt -rw------- 1 root root 16498 Jul 6 08:52 crash.txt -rw------- 1 root root 38903 Jul 6 08:55 cron.txt -rw------- 1 root root 7815 Jul 6 08:55 dhcp.txt -rw------- 1 root root 10417 Jul 6 08:55 dns.txt -rw------- 1 root root 230829 Jul 6 08:54 env.txt -rw------- 1 root root 1102736 Jul 6 08:54 etc.txt -rw------- 1 root root 81 Jul 6 08:55 evms.txt -rw------- 1 root root 4010 Jul 6 08:55 fs-autofs.txt -rw------- 1 root root 4282 Jul 6 08:52 fs-diskio.txt -rw------- 1 root root 32670989 Jul 6 08:56 fs-files.txt -rw------- 1 root root 12013 Jul 6 08:55 fs-iscsi.txt -rw------- 1 root root 7814 Jul 6 08:55 fs-smartmon.txt -rw------- 1 root root 572 Jul 6 08:55 fs-softraid.txt -rw------- 1 root root 86 Jul 6 08:54 ha.txt -rw------- 1 root root 734341 Jul 6 08:55 hardware.txt -rw------- 1 root root 15000 Jul 6 08:55 ib.txt -rw------- 1 root root 22657 Jul 6 08:54 ldap.txt -rw------- 1 root root 216738 Jul 6 08:55 lvm.txt -rw------- 1 root root 23718 Jul 6 08:52 memory.txt -rw------- 1 root root 4476203 Jul 6 08:52 messages.txt -rw------- 1 root root 440234 Jul 6 09:08 modules.txt -rw------- 1 root root 21196 Jul 6 08:55 mpio.txt -rw------- 1 root root 107521 Jul 6 08:55 network.txt -rw------- 1 root root 3120 Jul 6 08:55 nfs.txt -rw------- 1 root root 91 Jul 6 08:54 novell-afp.txt -rw------- 1 root root 88 Jul 6 08:54 novell-cifs.txt -rw------- 1 root root 87 Jul 6 08:54 novell-dfs.txt -rw------- 1 root root 175 Jul 6 08:54 novell-edir.txt -rw------- 1 root root 87 Jul 6 08:54 novell-lum.txt -rw------- 1 root root 91 Jul 6 08:54 novell-ncp.txt -rw------- 1 root root 100 Jul 6 08:54 novell-ncs.txt -rw------- 1 root root 87 Jul 6 08:54 novell-nss.txt -rw------- 1 root root 87 Jul 6 08:54 novell-sms.txt -rw------- 1 root root 345825 Jul 6 08:52 ntp.txt -rw------- 1 root root 88 Jul 6 08:54 ocfs2.txt -rw------- 1 root root 919369 Jul 6 08:54 open-files.txt -rw------- 1 root root 48449 Jul 6 08:54 pam.txt -rw------- 1 root root 37464 Jul 6 08:55 print.txt -rw------- 1 root root 123950 Jul 6 08:52 proc.txt -rw------- 1 root root 347020 Jul 6 08:52 rpm.txt -rw------- 1 root root 11372907 Jul 6 09:08 sam.html -rw------- 1 root root 20565977 Jul 6 09:08 sam.txt -rw------- 1 root root 20861 Jul 6 08:55 samba.txt -rw------- 1 root root 115 Jul 6 08:55 sar.txt -rw------- 1 root root 328932 Jul 6 08:55 security-apparmor.txt -rw------- 1 root root 319217 Jul 6 08:52 security-audit.txt -rw------- 1 root root 86 Jul 6 08:54 slert.txt -rw------- 1 root root 19265 Jul 6 08:55 slp.txt -rw------- 1 root root 80 Jul 6 08:54 smt.txt -rw------- 1 root root 7749 Jul 6 08:55 ssh.txt -rw------- 1 root root 13105 Jul 6 09:08 supportconfig.txt -rw------- 1 root root 1350213 Jul 6 08:54 sysconfig.txt -rw------- 1 root root 1054696 Jul 6 08:54 sysfs.txt -rw------- 1 root root 204323 Jul 6 08:55 udev.txt -rw------- 1 root root 6626599 Jul 6 08:54 updates.txt -rw------- 1 root root 51104 Jul 6 08:55 web.txt -rw------- 1 root root 62111 Jul 6 08:55 x.txt -rw------- 1 root root 86 Jul 6 08:55 xen.txt -rw------- 1 root root 14045856 Jul 6 08:52 y2log.txt 我们可以看出,相关的文件全部是txt文件,而且日志信息也是非常详细的。
注意事项:supportconfig -A,收集日志起来没有sosreport那么快,有可能会出现卡住的状态,耐心等待下,一般情况下,是没有问题的。
原创文章,作者:Net21-冰冻vs西瓜,如若转载,请注明出处:http://www.178linux.com/22468