summaryrefslogtreecommitdiff
path: root/functions/tech-support
blob: 0599c89a167efc0955145479f3752c52f69cd7f3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
# implement "show tech-support"
# usage: tech-support [ save [ <filename> ] ]
# usage: tech-support [ save-uncompressed [ <filename> ] ] 
# NOTE: this file is sourced, NOT executed

function header {
    echo
    echo ----------------
    echo "$*"
    echo ----------------
}

# by default send to stdout
OUT=1
FLAG=0
REMOTE=0
DEFAULT_PATH=/config/support
DEFAULT_GROUP=users

do_rotate ()
{
  local count=`ls -t $DEFAULT_PATH/*.tech-support.* 2>/dev/null |wc -l`
  if (( count >= 100 )); then
    local dfile=`ls -t $DEFAULT_PATH/*.tech-support.* 2>/dev/null |tail -1`
    rm -f $dfile >&/dev/null \
      && echo "Removed old tech-support output file '$dfile'"
  fi
}

HOSTNAME=`hostname`
CURTIME=`date +%F-%H%M%S`
   if [ "$1" == "save-uncompressed" ]; then
    FLAG="1"
   elif [ "$1" == "save" ]; then
    FLAG="0"
   fi

 if [ "$1" == "save" ] || [ "$1" == "save-uncompressed" ]; then
  # "save" or save-uncompressed is specified. save output to file.
  OUT="$HOSTNAME.tech-support.$CURTIME.txt"
  if [ -n "$2" ]; then
    if [[ "$2" =~ scp:///* || "$2" =~ ftp:///* ]]; then  
      REMOTE="1" 
    else
      #file to be save locally
      OUT="$2.$OUT"
    fi
  fi
  
if [[ $OUT != /* ]]; then
    # it's not absolute path. save in default path.
    mkdir -p $DEFAULT_PATH >& /dev/null
    chgrp $DEFAULT_GROUP $DEFAULT_PATH >& /dev/null
    chmod 775 $DEFAULT_PATH >& /dev/null
    OUT="$DEFAULT_PATH/$OUT"
    do_rotate
  fi
  if ! touch $OUT >& /dev/null; then
    echo "Cannot create tech-support file '$OUT'"
    exit 1
  fi
  if [ $REMOTE != "1" ]; then   
   echo "Saving output to $OUT ..."
  fi
fi

(
export PATH=/sbin:/usr/sbin:$PATH

header Show Tech-Support  
header CONFIGURATION 


header Vyatta Version and Package Changes
show version all

header Configuration File 
cat /opt/vyatta/etc/config/config.boot

header Running configuration
show configuration

header Package Repository Configuration File 
cat /etc/apt/sources.list

header User Startup Scripts 
cat /etc/rc.local

header Quagga Configuration
vtysh -c 'show run'

header INTERFACES


header Interfaces
show interfaces

header Ethernet

header Interface statistics
ip -s link show

for eth in $(cd /sys/class/net; echo eth*)
do header "Physical Interface statistics for $eth"
   sudo ethtool -S $eth
done

for eth in $(cd /sys/class/net; echo eth*)
do header "Physical Interface Details for $eth"
   show interfaces ethernet $eth physical 
done

header Physical Interface Offload Settings and Capabilities
sudo ethtool -K
 
header "ARP Table (Total entries)"
show arp

header Number of incomplete entries in ARP table
show arp | grep incomplete | wc -l  
header Serial

header "WAN Interface Hardware Information (wanrouter hwprobe)" 
is_sangoma='lspci -n -d '1923:*''
is_adsl='lspci -n -d '14bc:*''
if [ -z "$is_sangoma" -a -z "$is_adsl" ]; then

 sudo wanrouter hwprobe

header "WAN Interface Software Version (wanrouter version)"
wanrouter version

header "WAN Interface Debugging Information (wanrouter debug)" 
wanrouter debug

header "WAN Interface Connection Status Information (wanrouter summary)" 
wanrouter summary

header "WAN Interface Information Summary (wanrouter status)" 
wanrouter status

header "WAN Interface Driver Information (wanrouter modules)"
wanrouter modules

if [ -e /etc/wanpipe/wanrouter.rc ]; then
   header "WAN Interface Startup Script (/etc/wanpipe/wanrouter.rc)" 
   cat /etc/wanpipe/wanrouter.rc
fi

header WAN Interfaces
wanifs=( /sys/class/net/wan* )
wanifs=`echo -n ${wanifs[@]##*/}`

echo "wanifs are $wanifs"

for ifname in $wanifs ; do
    header "wanpipemon -i $ifname -c sc"
    sudo wanpipemon -i $ifname -c sc

    header "wanpipemon -i $ifname -c so"
    sudo wanpipemon -i $ifname -c so

    header "wanpipemon -i $ifname -c xcv"
    sudo wanpipemon -i $ifname -c xcv

    header "wanpipemon -i $ifname -c xru"
    sudo wanpipemon -i $ifname -c xru

    header "wanpipemon -i $ifname -c xm"
    sudo wanpipemon -i $ifname -c xm

    header "wanpipemon -i $ifname -c xl"
    sudo wanpipemon -i $ifname -c xl

    header "wanpipemon -i $ifname -c Ta"
    sudo wanpipemon -i $ifname -c Ta
done

for i in /etc/wanpipe/wanpipe*.conf ; do
    if [ -e $i ]; then
       header $i
       cat $i
    fi
done

header "WAN Interface Configuration Log (wanrouter conflog)"
wanrouter conflog

else
echo "Wanpipe not configured"
fi

header ROUTING


function show_route_limit ()
{
   NUM=$(show $1 route $2 | wc -l)
   # subtract 3 lines of header
   [ $NUM -gt 3 ] &&  NUM=$[$NUM - 3]
   OUTPUT=$(echo show $1 route $2 \(total $NUM\))
   CMD="show $1 route $2"
   if [ $3 -eq 0 ]
   then
      header $OUTPUT
      vtysh -c "$CMD"
   else
      header "$OUTPUT- limit $3"
      vtysh -c "$CMD" | head -n $3
   fi
}

#
# show all connected/static, limit the output others and include a total
#
show_route_limit ip connected 0
show_route_limit ip static    0
show_route_limit ip rip  500
show_route_limit ip ospf 500
show_route_limit ip bgp  500
show_route_limit ip ''   500

show_route_limit ipv6 connected 0
show_route_limit ipv6 static    0
show_route_limit ipv6 ripng 500
show_route_limit ipv6 ospf6 500
show_route_limit ipv6 bgp   500
show_route_limit ipv6 ''    500


header IPTABLES 


header Filter Chain Details 
sudo /sbin/iptables -L -vn

header Nat Chain Details 
sudo /sbin/iptables -t nat -L -vn

header Mangle Chain Details 
sudo /sbin/iptables -t mangle -L -vn

header Raw Chain Details 
sudo /sbin/iptables -t raw -L -vn

header Save Iptables Rule-Set
sudo iptables-save -c

header SYSTEM

header Show System Image Version 
show system image version

header Show System Image Storage
show system image storage

header Current Time
date
 
header Installed Packages
dpkg -l

header Loaded Modules
cat /proc/modules

header CPU

header Installed CPU/s 
lscpu

header Cumulative CPU Time Used by Running Processes
top -n1 -b -S

header Hardware Interrupt Counters
cat /proc/interrupts
 
header Load Average
cat /proc/loadavg

header Running Processes
ps -ef

header Memory

header Installed Memory 
cat /proc/meminfo

header Memory Usage
free

header Storage

header Devices
cat /proc/devices

header Partitions
cat /proc/partitions

disks=`cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | egrep -v "[0-9]$" | egrep -v "^$"`

for disk in $disks; do
    header "Partitioning for disk $disk"
    fdisk -l /dev/$disk
done

header Mounts
cat /proc/mounts

header Diskstats
cat /proc/diskstats

header Hard Drive Usage 
df -h -x squashfs

header General System

header Boot Messages 
cat /var/log/dmesg

header "Recent Kernel messages (dmesg)"
dmesg

header PCI Info
sudo lspci -vvx

header PCI Vendor and Device Codes
sudo lspci -nn
 
header System Info
${vyatta_bindir}/vyatta-show-dmi

header GRUB Command line
cat /proc/cmdline

header Open Ports 
sudo lsof -P -n -i

header System Startup Files 
ls -l /etc/rc?.d

header Bash History
eval "cfg_users=($(cli-shell-api listActiveNodes system login user))"
for user in "${cfg_users[@]}"; do
   header "Bash History for $user"; 
   case $user in 
      root) file="/root/.bash_history";;
      *) file="/home/$user/.bash_history";; 
   esac; 
  sudo cat $file | gawk '/^#[0-9]*/ {t = substr($0,2); next} {print strftime("%FT%T%z", t) " " $0}' | sort -u
done

header Login History 
last -ix

header Recent Log Messages 
tail -n 250 /var/log/messages

header Entitlement
show entitlement

header NTP
show ntp

header Zebra
show zebra


###
# End of Core section
###


header BGP 
if cli-shell-api existsActive protocols bgp; then
  header BGP Summary
  show ip bgp summary
  header BGP Neighbors
  show ip bgp neighbors
  header BGP Debugging Information 
  show debugging bgp 
else
  echo "BGP is not configured"
fi

header CLUSTERING
if cli-shell-api existsActive cluster; then
  header Cluster Status
  show cluster status
else
  echo "Clustering is not configured"
fi

header DHCP Server 
if cli-shell-api existsActive service dhcp-server; then
  header DHCP Leases
  show dhcp leases
  header DHCP Statistics
  show dhcp statistics
else
  echo "DHCP server is not configured"
fi

header DHCP Client
is_dhcp=`show dhcp client leases | wc -l`
if [ "$is_dhcp" == "1" ]; then
echo "DHCP client is not configured"
else
header DHCP Client Leases
show dhcp client leases
fi

header DHCPV6 Server 
if cli-shell-api existsActive service dhcpv6-server; then
  header DHCPV6 Server Status
  show dhcpv6 server status 
  header DHCPV6 Server Leases
  show dhcpv6 server leases
else
  echo "DHCPV6 Server is not configured"
fi

header DHCPV6 Relay 
if cli-shell-api existsActive service dhcpv6-relay; then
  header DHCPV6 Relay Status
  show dhcpv6 relay-agent status 
else
  echo "DHCPV6 Relay is not configured"
fi

header DHCPV6 Client
is_dhcp=`show dhcpv6 client leases | wc -l`
if [ "$is_dhcp" == "1" ]; then
echo "DHCPV6 client is not configured"
else
header DHCPV6 Client Leases 
show dhcpv6 client leases
fi

header DNS 
if cli-shell-api existsActive service dns; then
  header DNS Dynamic Status
  show dns dynamic status
  header DNS Forwarding Statistics
  show dns forwarding statistics
  header DNS Forwarding Nameservers  
  show dns forwarding nameservers
else
  echo "DNS is not configured"
fi


header FIREWALL 
if cli-shell-api existsActive firewall; then
  header Firewall Group
  show firewall group
  header Firewall Detail
  show firewall detail
  header Firewall Statistics
  show firewall statistics 
else
  echo "Firewall is not configured"
fi

header IPS
if cli-shell-api existsActive content-inspection; then
  header IPS log
  show ips log
  header IPS Update-Log
  show ips update-log
else
  echo "IPS is not configured"
fi

header IPSec
if cli-shell-api existsActive vpn ipsec; then
  header IPSec Status
  show vpn ipsec status
  header IPSec sa
  show vpn ipsec sa
  header IPSec sa Detail
  show vpn ipsec sa detail
  header IPSec sa Statistics
  show vpn ipsec sa statistics
   
  header /etc/ipsec.conf
  cat /etc/ipsec.conf

  if [ -r /etc/ipsec.secrets ]; then
    header /etc/ipsec.secrets
    cat /etc/ipsec.secrets
  fi
else
  echo "IPSec is not configured"
fi

header NAT
if cli-shell-api existsActive service nat; then
  header NAT Rules
  show nat rules
  header NAT Statistics
  show nat statistics
  header NAT Translations Detail
  show nat translations detail
else
  echo "NAT is not configured"
fi


header NETFLOW
if cli-shell-api existsActive system flow-accounting netflow; then
  header NetFlow Accounting
  show flow-accounting 
else
  echo "Netflow is not configured"
fi

header OPENVPN
if cli-shell-api existsActive interfaces openvpn; then
  header OpenVPN Interfaces
  show interfaces openvpn detail 
  header OpenVPN Server Status
  show openvpn server-status
else
  echo "OpenVPN is not configured"
fi

header OSPF
if cli-shell-api existsActive protocols ospf; then
  header OSPF Neighbor
  show ip ospf neighbor
  header OSPF Route
  show ip ospf route
  header OSPF Debugging Information
  show debugging ospf 
else
  echo "OSPF is not configured"
fi

header OSPFV3
if cli-shell-api existsActive protocols ospfv3; then
  header OSPFV3 Debugging Information
  show debugging ospfv3
else
  echo "OSPFV3 is not configured" 
fi

header Policy
if cli-shell-api existsActive policy; then
  header IP Route Maps
  show ip protocol 
  header Route-Map
  show route-map
  #header IP Access Lists
  #show ip access-lists
  header IP Community List
  show ip community-list 
else
  echo "Policy is not configured"
fi
 
header Traffic Policy 
if cli-shell-api existsActive traffic-policy; then
  header Current Traffic Policies
  show queueing
else
  echo "Traffic-Policy is not configured"
fi

header RIP
if cli-shell-api existsActive protocols rip; then
  header IP RIP
  show ip rip 
  header RIP Status
  show ip rip status
  header RIP Debugging Information
  show debugging rip 
else
  echo "RIP is not configured"
fi

header RIPNG 
if cli-shell-api existsActive protocols ripng; then
  header RIPNG Debugging Information
  show debugging ripng
else
  echo "RIPNG is not configured"
fi

header VPN-L2TP 
if cli-shell-api existsActive vpn l2tp; then
  header VPN ike secrets
  show vpn ike secrets
  header VPN rsa-keys
  show vpn ike rsa-keys  
  header VPN ike sa
  show vpn ike sa
  header VPN ike Status
  show vpn ike status
  header VPN Remote-Access
  show vpn remote-access

  header VPN Debug Detail
  show vpn debug detail
else
  echo "VPN L2TP is not configured"
fi

header VPN-PPTP 
if cli-shell-api existsActive vpn pptp; then
  header VPN Remote-Access
  show vpn remote-access
else
  echo "VPN PPTP is not configured"
fi

header VRRP
found=0
for eth in $(cd /sys/class/net; echo eth*); do
  if cli-shell-api existsActive interfaces ethernet $eth vrrp; then
    header \''show vrrp'\'
    show vrrp
    found=1
  fi
done
if [ $found -eq 0 ]; then
  echo "VRRP is not configured"
fi

header WAN LOAD BALANCING
if cli-shell-api existsActive load-balancing wan; then
  header Wan Load Balance
  show wan-load-balance 
  header Wan Load Balance Status 
  show wan-load-balance status
  header Wan Load Balance Connection
  show wan-load-balance connection
else
  echo "Wan Load Balance is not configured"
fi

header "WEBPROXY/URL-FILTERING" 
if cli-shell-api existsActive service webproxy url-filtering; then
  header WebProxy Blacklist Categories
  show webproxy blacklist categories
  header WebProxy Blacklist Domains
  show webproxy blacklist domains
  header WebProxy Blacklist URLs
  show webproxy blacklist urls
  header WebProxy Blacklist Log 
  show webproxy blacklist log summary
else
  echo "Webproxy/URL-filtering is not configured"
fi
 
header "END OF TECH-SUPPORT FILE"
) 1>&$OUT 2>&1

if [ $OUT != "1" ]; then
  chgrp $DEFAULT_GROUP $OUT >& /dev/null
  chmod 664 $OUT >& /dev/null
  if [ $FLAG == "0" ]; then 
    gzip $OUT
    OUT=$OUT.gz 
    if [ $REMOTE != "1" ]; then 
    echo "File $OUT is the compressed file."
    fi 
  fi 
  
  if [ $REMOTE != "1" ]; then 
   echo "Done"
  fi
fi
if [ $REMOTE == "1" ]; then 
  perl /opt/vyatta/bin/vyatta-remote-copy.pl $2 $OUT $FLAG 
fi