Loading...

VONDS ©

Lab 51: Generating a System SOS Report

Lab Index

Generate a complete system diagnostic bundle using sosreport so performance issues can be analyzed off-host without guesswork. Verify the resulting archive exists in the expected location and inspect its contents safely without extracting.

troubleshooting core

Scenario

You are a support engineer at a data center. A customer reports serious performance issues, and your manager asks you to generate a full SOS report for offline analysis. Your job is to install the required tooling, produce the archive, confirm where it was saved, and validate what it contains.

Operator context

A sosreport is often the fastest way to provide consistent, vendor-friendly evidence for escalation. Generate it early, before making risky changes that could destroy useful state.

Objective

  • Install the SOS tooling package.
  • Generate a sosreport archive as root.
  • Verify the archive exists in /var/tmp.
  • Inspect archive contents without extracting.

What You’ll Practice

  • Installing diagnostic tooling with dnf / yum .
  • Creating a standardized support bundle using sosreport .
  • Verifying output artifacts and locations using ls .
  • Listing archive contents safely using tar -tf .

Walkthrough

Step 1 : Install the sosreport package.
Command 
sudo dnf install -y sos
# OR
sudo yum install -y sos

The sos package provides sosreport, which collects system configuration and diagnostic data into a single archive. On RHEL-family systems, you typically install it using dnf (or yum on older workflows). 

sos package installed successfully.
Step 2 : Generate the sosreport archive.
Command 
sudo sosreport

Running sosreport as root allows it to collect the system-wide information support teams need. The tool may prompt for an identifying name and a case ID so the archive can be associated with a ticket. 

sosreport (version 4.5)
This utility will collect diagnostic and support data from this system.
...
Creating archive...this may take a few minutes.
sosreport saved to /var/tmp/sosreport-labuser-123456.tar.xz
Step 3 : Verify the report exists in the expected location.
Command 
ls /var/tmp

In many environments, sosreport writes the archive to /var/tmp. Confirm the artifact exists before attempting to transfer it or attach it to a case. 

sosreport-labuser-123456.tar.xz
Step 4 : List files inside the archive (non-destructive).
Command 
tar -tf /var/tmp/sosreport-labuser-123456.tar.xz

tar -tf lists archive contents without extracting. This is the safe way to validate that the report contains expected categories of evidence (host identity, system logs, proc data) before you hand it off for analysis. 

sosreport-labuser-123456/etc/hostname
sosreport-labuser-123456/var/log/messages
sosreport-labuser-123456/proc/cpuinfo
sosreport-labuser-123456/sys/kernel/debug

Reference

  • sudo dnf install -y sos : Installs the sos package (which provides sosreport) using DNF.
    • -y : Automatically answers “yes” to prompts.
  • sudo yum install -y sos : Installs the sos package using YUM (legacy workflow).
    • -y : Automatically answers “yes” to prompts.
  • sudo sosreport : Generates a diagnostic archive containing system and configuration evidence for support analysis.
  • ls /var/tmp : Lists files in /var/tmp to confirm the report archive exists.
  • tar -tf /var/tmp/<archive>.tar.xz : Lists files inside a tar archive without extracting.
    • -t : List contents.
    • -f : Read from the specified archive file.