@@ -323,6 +323,94 @@ reference ID, stratum, time offsets, frequency, and root delay.
323323> The system uses ` chronyd ` Network Time Protocol (NTP) daemon. The
324324> output shown here is best explained in the [ Chrony documentation] [ 4 ] .
325325
326+ ## Support Data Collection
327+
328+ When troubleshooting issues or seeking support, the ` support ` command
329+ provides a convenient way to collect comprehensive system diagnostics.
330+ This command gathers configuration files, logs, network state, and other
331+ system information into a single compressed archive.
332+
333+ ### Collecting Support Data
334+
335+ To collect support data and save it to a file:
336+
337+ ``` bash
338+ admin@host:~ $ support collect > support-data.tar.gz
339+ (admin@host) Password: ***********
340+ Starting support data collection from host...
341+ This may take up to a minute. Please wait...
342+ Tailing /var/log/messages for 30 seconds (please wait)...
343+ Log tail complete.
344+ Collection complete. Creating archive...
345+ admin@host:~ $ ls -l support-data.tar.gz
346+ -rw-rw-r-- 1 admin admin 508362 nov 30 13:05 support-data.tar.gz
347+ ```
348+
349+ The command can also be run remotely via SSH from your workstation:
350+
351+ ``` bash
352+ $ ssh admin@host support collect > support-data.tar.gz
353+ ...
354+ ```
355+
356+ The collection process may take up to a minute depending on system load
357+ and the amount of logging data. Progress messages are shown during the
358+ collection process.
359+
360+ ### Encrypted Collection
361+
362+ For secure transmission of support data, the archive can be encrypted
363+ with GPG using a password:
364+
365+ ``` bash
366+ admin@host:~ $ support collect -p mypassword > support-data.tar.gz.gpg
367+ Starting support data collection from host...
368+ This may take up to a minute. Please wait...
369+ ...
370+ Collection complete. Creating archive...
371+ Encrypting with GPG...
372+ ```
373+
374+ The ` support collect ` command even supports omitting ` mypassword ` and
375+ will then prompt interactively for the password. This works over SSH too,
376+ but the local ssh client may then echo the password.
377+
378+ > [ !TIP]
379+ > To hide the encryption password for an SSH session, the script supports reading from stdin:
380+ > ` echo "$MYSECRET" | ssh user@device support collect -p > file.tar.gz.gpg `
381+
382+ After transferring the resulting file to your workstation, decrypt it
383+ with the password:
384+
385+ ``` bash
386+ $ gpg -d support-data.tar.gz.gpg > support-data.tar.gz
387+ $ tar xzf support-data.tar.gz
388+ ```
389+
390+ or
391+
392+ ``` bash
393+ $ gpg -d support-data.tar.gz.gpg | tar xz
394+ ```
395+
396+ > [ !IMPORTANT]
397+ > Make sure to share ` mypassword ` out-of-band from the encrypted data
398+ > with the recipient of the data. I.e., avoid sending both in the same
399+ > plain-text email for example.
400+
401+ ### What is Collected
402+
403+ The support archive includes:
404+
405+ - System identification (hostname, uptime, kernel version)
406+ - Running and operational configuration (sysrepo datastores)
407+ - System logs (` /var/log ` directory and live tail of messages log)
408+ - Network configuration and state (interfaces, routes, neighbors, bridges)
409+ - FRRouting information (OSPF, BFD status)
410+ - Container information (podman containers and their configuration)
411+ - System resource usage (CPU, memory, disk, processes)
412+ - Hardware information (PCI, USB devices, network interfaces)
413+
326414[ 1 ] : https://www.rfc-editor.org/rfc/rfc7317
327415[ 2 ] : https://github.com/kernelkit/infix/blob/main/src/confd/yang/infix-system%402024-02-29.yang
328416[ 3 ] : https://www.rfc-editor.org/rfc/rfc8341
0 commit comments