Oracle Cloud Infrastructure Documentation

Autonomous Linux Events

Use Autonomous Linux events to monitor instances to help identify and debug errors, anomalies, operational failures, reboots, and changes made to instances.

About
Viewing Events
Configuring Events
Note

Autonomous Linux events are different from events emitted by Autonomous Linux resources for the OCI Events service. For events emitted by resources, see OCI Events for OS Management Hub.

Critical Event Types

Autonomous Linux records critical events for the following issues. See also: What information is collected for critical events?.

Critical Event Type Description
Fatal Kernel Error (Kernel Panic) A Fatal Kernel Error (Kernel Panic) event occurs when the kernel fails to load upon detecting a fatal internal error. This error prevents the system from booting up and triggers a reboot.
Kernel OOPS A Kernel OOPS event occurs when the kernel detects an exception and triggers a reboot.
Known exploit detection A known exploit detection event occurs if an attacker attempts to exploit a CVE that Autonomous Linux has patched.

General Event Types

Autonomous Linux records events for the following issues.

Event Type Description
Agent

An agent event occurs when the agent on the instance:

  • Provides the service with the instance's package inventory
  • Uploads diagnostic content to the service for a critical event (when event collection is enabled)

An agent event occurs when:

  • There were changes made to the event collection settings
Ksplice update

A Ksplice update events occurs when the service:

  • Applies a Ksplice kernel update
  • Applies a Ksplice userspace update
Reboot

When a system is rebooted using Autonomous Linux, the service generates an event to reflect the status of the reboot operation. Possible statuses include:

  • Started
  • Succeeded
  • Failed
  • Succeeded after the timeout
Software update

A software update event occurs when the service:

  • Installs or removes packages
  • Applies updates
System administration Autonomous Linux detects an error that requires DNF or YUM cache cleanup, removal of locks, or RPM database rebuild. The service automatically corrects the issue and reports the results.

What information is collected for critical events?

To monitor for critical events, the Autonomous Linux service collects specific information from the instance using the following tools:

SOSreport

This utility is automatically configured in Autonomous Linux to collect critical system information from the following modules.

Note

The module information is based on SOSreport Release 3.9 (sos-3.9).

SOSreport Module List
  • auditd
  • boot
  • cron
  • date
  • devicemapper
  • filesys
  • grub2
  • hardware
  • host
  • kernel
  • libraries
  • logs
  • lvm2
  • memory
  • networking
  • pam
  • pci
  • process
  • processor
  • rpm
  • sar
  • selinux
  • services
  • ssh
  • yum
SOSreport Module Details
SOSreport Module Information Type Included Files
auditd Audit log files 
/etc/audit/auditd.conf
/etc/audit/audit.rules
/var/log/audit/*
boot Bootup details 
/etc/milo.conf
/etc/silo.conf
/boot/efi/efi/redhat/elilo.conf
/etc/yaboot.conf
/boot/yaboot.conf
cron Root cron commands 
/etc/cron*
/etc/crontab
/var/log/cron
/var/spool/cron
date Context data 
/etc/localtime
devicemapper Hardware details
filesys List of all files in use 
/proc/fs/*
/proc/mounts
/proc/filesystems
/proc/self/mounts
/proc/self/mountinfo
/proc/self/mountstats
/proc/[0-9]*/mountinfo
/etc/mtab
/etc/fstab
grub2 Kernel setup and configuration 
/boot/efi/EFI/*/grub.cfg
/boot/grub2/grub.cfg
/boot/grub2/grubenv
/boot/grub/grub.cfg
/boot/loader/entries
/etc/default/grub
/etc/grub2.cfg
/etc/grub.d/*
hardware Hardware details 
/proc/interrupts
/proc/irq
/proc/dma
/proc/devices
/proc/rtc
/var/log/mcelog
/sys/class/dmi/id/*
/sys/class/drm/*/edid
host Host identification 
/etc/sos.conf
/etc/hostid
kernel System log files 
/etc/conf.modules
/etc/modules.conf
/etc/modprobe.conf
/etc/modprobe.d
/etc/sysctl.conf
/etc/sysctl.d
/lib/modules/*/modules.dep
/lib/sysctl.d
/proc/cmdline
/proc/driver
/proc/kallsyms
/proc/lock*
/proc/buddyinfo
/proc/misc
/proc/modules
/proc/slabinfo
/proc/softirqs
/proc/sys/kernel/random/boot_id
/proc/sys/kernel/tainted
/proc/timer*
/proc/zoneinfo
/sys/firmware/acpi/*
/sys/kernel/debug/tracing/* 
/sys/kernel/livepatch/*
/sys/module/*/parameters
/sys/module/*/initstate
/sys/module/*/refcnt
/sys/module/*/taint
/sys/module/*/version
/sys/devices/system/clocksource/*/available_clocksource
/sys/devices/system/clocksource/*/current_clocksource
/sys/fs/pstore
/var/log/dmesg
libraries List of shared libraries 
/etc/ld.so.conf
/etc/ld.so.conf.d/*
logs System log files 
/etc/syslog.conf
/etc/rsyslog.conf
/etc/rsyslog.d
/run/log/journal/*
/var/log/auth.log
/var/log/auth.log.1
/var/log/auth.log.2*
/var/log/boot.log
/var/log/dist-upgrade
/var/log/installer
/var/log/journal/*
/var/log/kern.log
/var/log/kern.log.1
/var/log/kern.log.2*
/var/log/messages*
/var/log/secure*
/var/log/syslog
/var/log/syslog.1
/var/log/syslog.2*
/var/log/udev
/var/log/unattended-upgrades
lvm2 Hardware details
memory Hardware details 
/proc/pci
/proc/meminfo
/proc/vmstat
/proc/swaps
/proc/slabinfo
/proc/pagetypeinfo
/proc/vmallocinfo
/sys/kernel/mm/ksm
/sys/kernel/mm/transparent_hugepage/enabled
networking Network Identification 
/etc/dnsmasq*
/etc/host*
/etc/inetd.conf
/etc/iproute2
/etc/network*
/etc/nftables
/etc/nftables.conf
/etc/nsswitch.conf
/etc/resolv.conf
/etc/sysconfig/nftables.conf
/etc/xinetd.conf
/etc/xinetd.d
/etc/yp.conf
/proc/net/*
/sys/class/net/*/device/numa_node
/sys/class/net/*/flags
/sys/class/net/*/statistics/*
pam Login security settings 
/etc/pam.d/*
/etc/security
pci Hardware details 
/proc/bus/pci
/proc/iomem
/proc/ioports
process All running process details 
/proc/sched_debug
/proc/stat
/proc/[0-9]*/smaps
processor Hardware details 
/proc/cpuinfo
/sys/class/cpuid
/sys/devices/system/cpu
rpm Installed software 
/var/lib/rpm/*
/var/log/rpmpkgs
sar Resource and usage data 
/var/log/sa/*
selinux Security settings 
/etc/sestatus.conf
/etc/selinux
/var/lib/selinux
services All defined services 
/etc/inittab
/etc/rc.d/*
/etc/rc.local
ssh SSH configuration 
/etc/ssh/ssh_config
/etc/ssh/sshd_config
yum Installed software 
/etc/pki/consumer/cert.pem
/etc/pki/entitlement/*.pem
/etc/pki/product/*.pem
/etc/yum/*
/etc/yum.repos.d/*
/etc/yum/pluginconf.d/*
/var/log/yum.log
Ksplice

The following information is collected and submitted to the service for debugging:

  • kernel symbols
  • kernel modules
  • Ksplice update details
  • Ksplice Uptrack logs
OSWatcher

OSWatcher is automatically configured in Autonomous Linux 7 and 8 to collect system information periodically. This utility runs common OS commands at regular intervals and outputs the information to a log file collected by the service. The commands tracked by the service are as follows.

OSWatcher Commands
  • buddyinfo
  • cpuinfo
  • ifconfig
  • iostat
  • lscpu
  • mpstat
  • netstat
  • pagetype
  • slabinfo
  • top
  • vmstat
  • zoneinfo