One Hat Cyber Team

Your IP : 3.148.145.200

Server IP : 192.145.235.60

Server : Linux ngx365.inmotionhosting.com 5.14.0-427.33.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Aug 30 09:45:56 EDT 2024 x86_64

Server Software : Apache

PHP Version : 8.2.27

Buat File | Buat Folder

Dir : ~/opt/sharedrads/

View File Name : postmortem

#!/bin/bash
# Automate the gathering of relevant information for diagnosis of QOS event

# Confirm root privs
if [[ "${UID}" -ne "0" ]]
then
    echo "This script requires root privilege please elevate and try again"
    exit 1
fi

# Set some Variables
LOGPATH=/var/log/postmortem
EVENTDATE=$(date -Ihours)
MLOGDATE=$(date +'%b %-d')
# MLOGHSTART=$(date --date='10 minutes ago' +%I)
# MLOGHEND=$(date +%I)

# if [[ "${MLOGHSTART}" -eq "${MLOGHEND}" ]]
# then
#     MHOUR="${MLOGHEND}"
# else
#     MHOUR="'$MLOGHSTART|$MLOGHEND'"
# fi

# Confirm directory exists and create timestamped log file
if [[ ! -d "$LOGPATH" ]]
then
    mkdir $LOGPATH
fi

echo "=== PostMortem $HOSTNAME $EVENTDATE ===" > $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE

# Log sar data for RAM and CPU usage leading up to event
echo "Sar CPU Output" >> $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE
sar -q | tail -50 >> $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE
echo "Sar RAM Output" >> $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE
sar -r | tail -50 >> $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE

# Gather Kernel events logged for the period leading up to reboot
echo "Kernel events for past hour from message log" >> $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE
grep kernel /var/log/messages | grep  -E "'$MLOGDATE'" | tail -50 >> $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE

# Check for earlyoom logs
echo "Earlyoom output" >> $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE
grep earlyoom /var/log/messages | grep  -E "'$MLOGDATE'" | tail -50 >> $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE

# Log info from RADS (check_user and recent-cp)
echo "RADS output"  >> $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE
/opt/sharedrads/check_user >> $LOGPATH/postmortem-$EVENTDATE
echo  >> $LOGPATH/postmortem-$EVENTDATE
/opt/sharedrads/recent-cp  >> $LOGPATH/postmortem-$EVENTDATE