search

sosreport / sos

A unified tool for collecting system logs and other debug information
http://sos.rtfd.org
GNU General Public License v2.0
508 stars 543 forks source link

sos report --all-logs does not gather all rotated logs in ubuntu #3224

Open nkshirsagar opened 1 year ago

nkshirsagar commented 1 year ago

--all-logs option has been broken in Ubuntu for a while. This is likely related to commit https://github.com/sosreport/sos/commit/745b4a236a0255ea76ffd273f3e2028ac46b4a89

What we notice is the rotated (.1 , .2 etc) and .tar.gz'd logs aren't collected from /var/log even with --all-logs specified. None of the ubuntu-advantage logs are collected either. the rotated boot logs are also not collected.

So we need a fix on ubuntu because any services that do not use the journal but add their own rotated logs in /var/log and do not have a sos plugin end up with those files not collected.

For eg in my own laptop, i ran sos report --all-logs using 4.5.3 jammy, and see the difference in whats in /var/log and what the sosreport has in /var/log

:/tmp/sosreport-**-iexjnrn/var/log# ls
apport.log apport.log.2.gz apport.log.4.gz apport.log.6.gz apt boot.log dist-upgrade dpkg.log dpkg.log.2.gz dpkg.log.4.gz journal syslog unattended-upgrades
apport.log.1 apport.log.3.gz apport.log.5.gz apport.log.7.gz auth.log cups dmesg dpkg.log.1 dpkg.log.3.gz installer kern.log ubuntu-advantage.log

Compare those collected files to what actually is in /var/log on the machine,

:/tmp/sosreport-***-iexjnrn/var/log# ls /var/log
alternatives.log apport.log.3.gz auth.log.2.gz boot.log.5 dmesg dpkg.log.2.gz hp lastlog syslog.4.gz wtmp
alternatives.log.1 apport.log.4.gz auth.log.3.gz boot.log.6 dmesg.0 dpkg.log.3.gz installer openvpn ubuntu-advantage.log
alternatives.log.2.gz apport.log.5.gz auth.log.4.gz boot.log.7 dmesg.1.gz dpkg.log.4.gz journal private ubuntu-advantage-timer.log
alternatives.log.3.gz apport.log.6.gz boot.log bootstrap.log dmesg.2.gz faillog kern.log speech-dispatcher ubuntu-advantage-timer.log.1
alternatives.log.4.gz apport.log.7.gz boot.log.1 btmp dmesg.3.gz fontconfig.log kern.log.1 syslog ubuntu-advantage-timer.log.2.gz
apport.log apt boot.log.2 btmp.1 dmesg.4.gz gdm3 kern.log.2.gz syslog.1 ubuntu-advantage-timer.log.3.gz
apport.log.1 auth.log boot.log.3 cups dpkg.log gpu-manager.log kern.log.3.gz syslog.2.gz ubuntu-advantage-timer.log.4.gz
apport.log.2.gz auth.log.1 boot.log.4 dist-upgrade dpkg.log.1 gpu-manager-switch.log kern.log.4.gz syslog.3.gz unattended-upgrades
TurboTurtle commented 1 year ago

--all-logs doesn't capture logs that aren't specified in plugins. It is meant to be used to signal to plugins "it is okay to capture more that you typically would", not "please capture every log on the filesystem" to sos in general.

In your example for instance, the alternatives plugin would need to have logic around capturing alternatives.log, and optionally any rotated logs if --all-logs is used. There is currently no such logic (and in fact no logic to capture any log files) in that plugin. Similarly for ubuntu-advantage logs, the ubuntu plugin does not specify ubuntu-advantage-timer.log in its collections, only ubuntu-advantage.log*, which would not match the timer logs.