blob: 5c619d6750359f4b5d73c272d3ab567b906b9b09 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
|
# implement "show tech-support"
# usage: tech-support [ save [ <filename> ] ]
# usage: tech-support [ save-uncompressed [ <filename> ] ]
# NOTE: this file is sourced, NOT executed
function header {
echo
echo ----------------
echo "$*"
echo ----------------
}
# by default send to stdout
OUT=1
FLAG=0
REMOTE=0
DEFAULT_PATH=/config/support
DEFAULT_GROUP=users
do_rotate ()
{
local count=`ls -t $DEFAULT_PATH/*.tech-support.* 2>/dev/null |wc -l`
if (( count >= 100 )); then
local dfile=`ls -t $DEFAULT_PATH/*.tech-support.* 2>/dev/null |tail -1`
rm -f $dfile >&/dev/null \
&& echo "Removed old tech-support output file '$dfile'"
fi
}
HOSTNAME=`hostname`
CURTIME=`date +%F-%H%M%S`
if [ "$1" == "save-uncompressed" ]; then
FLAG="1"
elif [ "$1" == "save" ]; then
FLAG="0"
fi
if [ "$1" == "save" ] || [ "$1" == "save-uncompressed" ]; then
# "save" or save-uncompressed is specified. save output to file.
OUT="$HOSTNAME.tech-support.$CURTIME.txt"
if [ -n "$2" ]; then
if [[ "$2" =~ scp:///* || "$2" =~ ftp:///* ]]; then
REMOTE="1"
else
#file to be save locally
OUT="$2.$OUT"
fi
fi
if [[ $OUT != /* ]]; then
# it's not absolute path. save in default path.
mkdir -p $DEFAULT_PATH >& /dev/null
chgrp $DEFAULT_GROUP $DEFAULT_PATH >& /dev/null
chmod 775 $DEFAULT_PATH >& /dev/null
OUT="$DEFAULT_PATH/$OUT"
do_rotate
fi
if ! touch $OUT >& /dev/null; then
echo "Cannot create tech-support file '$OUT'"
exit 1
fi
if [ $REMOTE != "1" ]; then
echo "Saving output to $OUT ..."
fi
fi
(
export PATH=/sbin:/usr/sbin:$PATH
header Show Tech-Support
header CONFIGURATION
if cli-shell-api validateTmplPath entitlement; then
header Entitlement
show entitlement
fi
header VyOS Version and Package Changes
show version all
header Configuration File
cat /opt/vyatta/etc/config/config.boot
header Running configuration
show configuration
header Package Repository Configuration File
cat /etc/apt/sources.list
header User Startup Scripts
cat /etc/rc.local
header Quagga Configuration
vtysh -c 'show run'
header INTERFACES
header Interfaces
show interfaces
header Ethernet
header Interface statistics
ip -s link show
for eth in $(${vyos_completion_dir}/list_interfaces.py --type=ethernet)
do header "Physical Interface statistics for $eth"
sudo ethtool -S $eth
done
for eth in $(${vyos_completion_dir}/list_interfaces.py --type=ethernet)
do header "Physical Interface Details for $eth"
show interfaces ethernet $eth physical
/sbin/ethtool -k $eth
done
header "ARP Table (Total entries)"
show arp
header Number of incomplete entries in ARP table
show arp | grep incomplete | wc -l
header Bridge
/sbin/brctl show
for br in $(${vyos_completion_dir}/list_interfaces.py --type=bridge)
do header "Bridge Information for $br"
/sbin/brctl showstp $br
/sbin/brctl showmacs $br
done
header ROUTING
function show_route_limit ()
{
NUM=$(show $1 route $2 | wc -l)
# subtract 3 lines of header
[ $NUM -gt 3 ] && NUM=$[$NUM - 3]
OUTPUT=$(echo show $1 route $2 \(total $NUM\))
CMD="show $1 route $2"
if [ $3 -eq 0 ]
then
header $OUTPUT
vtysh -c "$CMD"
else
header "$OUTPUT- limit $3"
vtysh -c "$CMD" | head -n $3
fi
}
#
# show all connected/static, limit the output others and include a total
#
show_route_limit ip connected 0
show_route_limit ip static 0
show_route_limit ip rip 500
show_route_limit ip ospf 500
show_route_limit ip bgp 500
show_route_limit ip '' 500
show_route_limit ipv6 connected 0
show_route_limit ipv6 static 0
show_route_limit ipv6 ripng 500
show_route_limit ipv6 ospf6 500
show_route_limit ipv6 bgp 500
show_route_limit ipv6 '' 500
header IPTABLES
header Filter Chain Details
sudo /sbin/iptables -L -vn
header Nat Chain Details
sudo /sbin/iptables -t nat -L -vn
header Mangle Chain Details
sudo /sbin/iptables -t mangle -L -vn
header Raw Chain Details
sudo /sbin/iptables -t raw -L -vn
header Save Iptables Rule-Set
sudo iptables-save -c
header SYSTEM
header Show System Image Version
show system image version
header Show System Image Storage
show system image storage
header Current Time
date
header Installed Packages
dpkg -l
header Loaded Modules
cat /proc/modules
header CPU
header Installed CPU/s
lscpu
header Cumulative CPU Time Used by Running Processes
top -n1 -b -S
header Hardware Interrupt Counters
cat /proc/interrupts
header Load Average
cat /proc/loadavg
header Running Processes
ps -ef
header Memory
header Installed Memory
cat /proc/meminfo
header Memory Usage
free
header Storage
header Devices
cat /proc/devices
header Partitions
cat /proc/partitions
disks=`cat /proc/partitions | awk '{ if ($4!="name") { print $4 } }' | egrep -v "[0-9]$" | egrep -v "^$"`
for disk in $disks; do
header "Partitioning for disk $disk"
fdisk -l /dev/$disk
done
header Mounts
cat /proc/mounts
header Diskstats
cat /proc/diskstats
header Hard Drive Usage
df -h -x squashfs
header General System
header Boot Messages
cat /var/log/dmesg
header "Recent Kernel messages (dmesg)"
dmesg
header PCI Info
sudo lspci -vvx
header PCI Vendor and Device Codes
sudo lspci -nn
header System Info
${vyatta_bindir}/vyatta-show-dmi
header GRUB Command line
cat /proc/cmdline
header Open Ports
sudo lsof -P -n -i
header System Startup Files
ls -l /etc/rc?.d
header Bash History
eval "cfg_users=($(cli-shell-api listActiveNodes system login user))"
for user in "${cfg_users[@]}"; do
header "Bash History for $user";
case $user in
root) file="/root/.bash_history";;
*) file="/home/$user/.bash_history";;
esac;
sudo cat $file | gawk '/^#[0-9]*/ {t = substr($0,2); next} {print strftime("%FT%T%z", t) " " $0}' | sort -u
done
header Login History
last -ix
header Recent Log Messages
tail -n 250 /var/log/messages
header NTP
show ntp
###
# End of Core section
###
header BGP
if cli-shell-api existsActive protocols bgp; then
header BGP Summary
show ip bgp summary
header BGP Neighbors
show ip bgp neighbors
header BGP Debugging Information
show monitoring protocols bgp
else
echo "BGP is not configured"
fi
header CLUSTERING
if cli-shell-api existsActive cluster; then
header Cluster Status
show cluster status
else
echo "Clustering is not configured"
fi
header DHCP Server
if cli-shell-api existsActive service dhcp-server; then
header DHCP Leases
show dhcp server leases
header DHCP Statistics
show dhcp server statistics
else
echo "DHCP server is not configured"
fi
header DHCP Client
is_dhcp=`show dhcp client leases | wc -l`
if [ "$is_dhcp" == "1" ]; then
echo "DHCP client is not configured"
else
header DHCP Client Leases
show dhcp client leases
fi
header DHCPV6 Server
if cli-shell-api existsActive service dhcpv6-server; then
header DHCPV6 Server Status
show dhcpv6 server status
header DHCPV6 Server Leases
show dhcpv6 server leases
else
echo "DHCPV6 Server is not configured"
fi
header DHCPV6 Relay
if cli-shell-api existsActive service dhcpv6-relay; then
header DHCPV6 Relay Status
show dhcpv6 relay-agent status
else
echo "DHCPV6 Relay is not configured"
fi
header DHCPV6 Client
is_dhcp=`show dhcpv6 client leases | wc -l`
if [ "$is_dhcp" == "1" ]; then
echo "DHCPV6 client is not configured"
else
header DHCPV6 Client Leases
show dhcpv6 client leases
fi
header DNS
if cli-shell-api existsActive service dns; then
header DNS Dynamic Status
show dns dynamic status
header DNS Forwarding Statistics
show dns forwarding statistics
header DNS Forwarding Nameservers
show dns forwarding nameservers
else
echo "DNS is not configured"
fi
header FIREWALL
if cli-shell-api existsActive firewall; then
header Firewall Group
show firewall group
header Firewall Summary
show firewall summary
header Firewall Statistics
show firewall statistics
else
echo "Firewall is not configured"
fi
header IPSec
if cli-shell-api existsActive vpn ipsec; then
header IPSec Status
show vpn ipsec status
header IPSec sa
show vpn ipsec sa
header IPSec sa Detail
show vpn ipsec sa detail
header IPSec sa Statistics
show vpn ipsec sa statistics
header /etc/ipsec.conf
cat /etc/ipsec.conf
if [ -r /etc/ipsec.secrets ]; then
header /etc/ipsec.secrets
cat /etc/ipsec.secrets
fi
else
echo "IPSec is not configured"
fi
header NAT
if cli-shell-api existsActive nat; then
header NAT Rules
show nat rules
header NAT Statistics
show nat statistics
header NAT Translations Detail
show nat translations detail
else
echo "NAT is not configured"
fi
header FlowAccounting
if cli-shell-api existsActive system flow-accounting; then
show flow-accounting
else
echo "Flow accounting is not configured"
fi
header OPENVPN
if cli-shell-api existsActive interfaces openvpn; then
header OpenVPN Interfaces
show interfaces openvpn detail
header OpenVPN Server Status
show openvpn status server
else
echo "OpenVPN is not configured"
fi
header OSPF
if cli-shell-api existsActive protocols ospf; then
header OSPF Neighbor
show ip ospf neighbor
header OSPF Route
show ip ospf route
header OSPF Debugging Information
show monitoring protocols ospf
else
echo "OSPF is not configured"
fi
header OSPFV3
if cli-shell-api existsActive protocols ospfv3; then
header OSPFV3 Debugging Information
show monitoring protocols ospfv3
else
echo "OSPFV3 is not configured"
fi
header Policy
if cli-shell-api existsActive policy; then
header IP Route Maps
show ip protocol
header Route-Map
show route-map
#header IP Access Lists
#show ip access-lists
header IP Community List
show ip community-list
else
echo "Policy is not configured"
fi
header Traffic Policy
if cli-shell-api existsActive traffic-policy; then
header Current Traffic Policies
show queueing
else
echo "Traffic-Policy is not configured"
fi
header RIP
if cli-shell-api existsActive protocols rip; then
header IP RIP
show ip rip
header RIP Status
show ip rip status
header RIP Debugging Information
show monitoring protocols rip
else
echo "RIP is not configured"
fi
header RIPNG
if cli-shell-api existsActive protocols ripng; then
header RIPNG Debugging Information
show monitoring protocols ripng
else
echo "RIPNG is not configured"
fi
header VPN-L2TP
if cli-shell-api existsActive vpn l2tp; then
header VPN ike secrets
show vpn ike secrets
header VPN rsa-keys
show vpn ike rsa-keys
header VPN ike sa
show vpn ike sa
header VPN ike Status
show vpn ike status
header VPN Remote-Access
show vpn remote-access
header VPN Debug Detail
show vpn debug detail
else
echo "VPN L2TP is not configured"
fi
header VPN-PPTP
if cli-shell-api existsActive vpn pptp; then
header VPN Remote-Access
show vpn remote-access
else
echo "VPN PPTP is not configured"
fi
header VRRP
# XXX: not checking if configured, we'd have to walk all VIFs
show vrrp detail
header WAN LOAD BALANCING
if cli-shell-api existsActive load-balancing wan; then
header Wan Load Balance
show wan-load-balance
header Wan Load Balance Status
show wan-load-balance status
header Wan Load Balance Connection
show wan-load-balance connection
else
echo "Wan Load Balance is not configured"
fi
header "WEBPROXY/URL-FILTERING"
if cli-shell-api existsActive service webproxy url-filtering; then
header WebProxy Blacklist Categories
show webproxy blacklist categories
header WebProxy Blacklist Domains
show webproxy blacklist domains
header WebProxy Blacklist URLs
show webproxy blacklist urls
header WebProxy Blacklist Log
show webproxy blacklist log summary
else
echo "Webproxy/URL-filtering is not configured"
fi
header "END OF TECH-SUPPORT FILE"
) 1>&$OUT 2>&1
if [ $OUT != "1" ]; then
chgrp $DEFAULT_GROUP $OUT >& /dev/null
chmod 664 $OUT >& /dev/null
if [ $FLAG == "0" ]; then
gzip $OUT
OUT=$OUT.gz
if [ $REMOTE != "1" ]; then
echo "File $OUT is the compressed file."
fi
fi
if [ $REMOTE != "1" ]; then
echo "Done"
fi
fi
if [ $REMOTE == "1" ]; then
perl /opt/vyatta/bin/vyatta-remote-copy.pl $2 $OUT $FLAG
fi
|
