Hi,

Just wondering what you guys think about this video:

The Microservices Scam Nobody Talks About

https://youtu.be/6e9B7q3gvYY?si=gwnyG4RgE81eXJPm

Hi

For those in the know; the sos command has around 400 plugins and each one retrieves its own set of log files, config files and diagnostic commands.

When trying to customize sos command execution, is very hard to know what plugins to exclude or which are the correct ones to choose in order to get just what is needed and not the whole thing.

So I created a searchable and filtered table that will let you know exactly what each plugin will do, to what profiles it belongs to an additionally the options it supports.

You can search for a plugin name, for a file, for an specific command or for a profile.

I think this will be very handy if you use the sos report command frequently.

You may be interested in bookmark this link

The tool is in the link and you do not need to register or anything.

Hope it helps.

Hi

For those in the know; the sos command has around 400 plugins and each one retrieves its own set of log files, config files and diagnostic commands.

When trying to customize sos command execution, is very hard to know what plugins to exclude or which are the correct ones to choose in order to get just what is needed and not the whole thing.

So I created a searchable and filtered table that will let you know exactly what each plugin will do, to what profiles it belongs to an additionally the options it supports.

You can search for a plugin name, for a file, for an specific command or for a profile.

I think this will be very handy if you use the sos report command frequently.

You may be interested in bookmark this link

The tool is in the link and you do not need to register or anything.

Hope it helps.

sos-vault simplifies Linux system troubleshooting by providing powerful analysis tools. Here’s how it helps users quickly understand and resolve issues:

Upon successful unpacking of a sosreport archive, the Summary tool is automatically launched. This tools is a dashboard composed of a series of badges, that shows with alert colors the state of the main components of the system (memory, CPU, disks, processes, installed packages, firewall, network connections, etc.). Each badge can be clicked to dig deeper into the issue (if any) showing detailed information about the component.

The contents of an sosreport allow engineers to view a snapshot of the system across multiple layers of complexity.

When a sosreport file is unpacked, it creates a directory structure like this:

.
├── ./boot
├── ./etc
├── ./lib -> usr/lib
├── ./opt
├── ./proc
├── ./run
├── ./sos_commands
├── ./sos_logs
├── ./sos_reports
├── ./sos_strings
├── ./sys
├── ./usr
├── ./var
└── ./EXTRAS

13 directories

All these directories with the exception of sos_commands, sos_logs, sos_reports, sos_strings and EXTRAS are partial copies of a regular Linux system and the contents of these directories will be mostly configurations files.

To learn more about the sosreport structure please read this article

Exploring a sosreport is challenging due to the sheer volume of logs, configurations files, and system command outputs makes manual analysis time-consuming and inefficient. Security concerns and the need for log correlation further complicate the process.

To address these challenges, tools like sos-vault can significantly reduce the time and effort required to diagnose Linux system issues.

sos-vault 2.0 allows you to compare two sosreports to keep track of config changes, hardware/software or environment drift.

The following article describe in grat detail how to use the Compare tool inside sos-vault.

In operational engineering, transitions explain behavior. They expose risk, validate change, and accelerate troubleshooting. For Linux DevOps, SRE, and infrastructure engineers, systematic sos report comparison is not merely convenient — it is a method for converting system complexity into structured, actionable insight.

In a previous post I shared some impressive numbers and facts about sosreport, but only covered a fraction of its capabilities. For those unfamiliar with it, the sos command performs a deep scan of a Linux system and gathers diagnostics data such as logs, configuration files, and command outputs across the entire system.

One of the most important features of sos is that it is extensible through plugins.

Plugins allow sos to collect domain-specific data for particular subsystems, applications, or products. Plugins can be enabled or disabled individually, and some provide additional options for extra data collection.

The latest version of sos (4.11.1) supports around 400 plugins. About 250 are core plugins commonly used by default when generating a sosreport. These include plugins for memory, CPU, processes, networking, storage, kernel, filesystems, services, hardware, and more.

Each plugin gathers data related to its purpose. For example, the process plugin captures outputs from commands like ps, lsof, pstree, pidstat, iotop, and process information under /proc.

The remaining near 150 plugins focus on specific applications and platforms such as proxmox, ceph, docker, kubernetes, openshift, kafka, mongodb, grafana, vmware, ansible, AWS, and many others. Most of these are enabled explicitly from the command line.

There is also a special plugin called sos_extras that allows you to include your own commands, logs, and configuration files in the sosreport.

Since sos is open source, you can even create your own plugins in Python.

To learn how to enable or disable plugins, use sos_extras, and review a detailed list of available plugins, see this article:

https://sos-vault.com/blog/sos-command/10-sos-report-plugins

Once you understand plugins, you can customize sosreport size, scope, and execution time to match your operational needs. Combined with strong security features and automatic upload support, sos becomes an excellent tool for CI/CD pipelines and centralized diagnostics analysis platforms.

If you find this interesting, let me know in the comments and share the post. There are still many advanced sos features left to cover.

You can also explore a real AlmaLinux sosreport interactively at sos-vault.com just login wit your Google account.

Did you know that the Linux sos command is available in most Linux distributions and that in 53 seconds it generates a compressed and encrypted tar file of less than 15MB containing over 10,000 text files, including logs, output from more than 500 diagnostic commands, and over 1,800 configuration files? This file can then be transferred to a secure server so that the information can be analyzed by your team (or by an AI) making it easy to be integrated into your existing CI/CD pipeline.

In less than a minute, you have all the information needed to detect problems, find root causes (RCA), take inventory, review system security, or measure system performance without needing to establish a single server session. This translates to greater security and less exposure, and the ability to analyze the same information simultaneously by different teams (SRE, NetTeam, DBA, DevOps, SecOps, QA, etc.).

This compressed and encrypted tar file is known as a sosreport. And if you maintain a history of sosreports for each server, you can compare them or the same server over time to identify discrepancies in behavior, configuration changes, and keep an inventory of hardware and software.

sos is not a monitoring system or a SIEM. It's a diagnostic tool. And it's completely open-source.

I write articles about the sos command because there is much more to say about it. Visit my blog https://sos-vault.com/blog/sos-command

Do you use the sos command?