Oracle Cloud Infrastructure Documentation

Viewing Critical Events

Use critical events to monitor instances to help identify and debug anomalies, errors, and operational failures.

Note

The Autonomous Linux critical events are different from events emitted by resources for the Events service. For events emitted by resources used in Autonomous Linux, see OS Management Hub Events.

Critical Event Types

Autonomous Linux triggers critical events for the following issues.

Critical Event Type Description
Fatal Kernel Error (Kernel Panic) A Fatal Kernel Error (Kernel Panic) event occurs when the kernel fails to load upon detecting a fatal internal error. This error prevents the system from booting up and triggers a reboot.
Kernel OOPS A Kernel OOPS event occurs when the kernel detects an exception and triggers a reboot.
Known exploit detection A known exploit detection event occurs if an attacker attempts to exploit a CVE that Autonomous Linux has patched.

What information is collected for critical events?

To monitor for critical events, the Autonomous Linux service collects specific information from the instance using the following tools:

SOSreport

This utility is automatically configured in Autonomous Linux to collect critical system information from the following modules.

Note

The module information is based on SOSreport Release 3.9 (sos-3.9).

SOSreport Module List
  • auditd
  • boot
  • cron
  • date
  • devicemapper
  • filesys
  • grub2
  • hardware
  • host
  • kernel
  • libraries
  • logs
  • lvm2
  • memory
  • networking
  • pam
  • pci
  • process
  • processor
  • rpm
  • sar
  • selinux
  • services
  • ssh
  • yum
SOSreport Module Details
SOSreport Module Information Type Included Files
auditd Audit log files 
/etc/audit/auditd.conf
/etc/audit/audit.rules
/var/log/audit/*
boot Bootup details 
/etc/milo.conf
/etc/silo.conf
/boot/efi/efi/redhat/elilo.conf
/etc/yaboot.conf
/boot/yaboot.conf
cron Root cron commands 
/etc/cron*
/etc/crontab
/var/log/cron
/var/spool/cron
date Context data 
/etc/localtime
devicemapper Hardware details
filesys List of all files in use 
/proc/fs/*
/proc/mounts
/proc/filesystems
/proc/self/mounts
/proc/self/mountinfo
/proc/self/mountstats
/proc/[0-9]*/mountinfo
/etc/mtab
/etc/fstab
grub2 Kernel setup and configuration 
/boot/efi/EFI/*/grub.cfg
/boot/grub2/grub.cfg
/boot/grub2/grubenv
/boot/grub/grub.cfg
/boot/loader/entries
/etc/default/grub
/etc/grub2.cfg
/etc/grub.d/*
hardware Hardware details 
/proc/interrupts
/proc/irq
/proc/dma
/proc/devices
/proc/rtc
/var/log/mcelog
/sys/class/dmi/id/*
/sys/class/drm/*/edid
host Host identification 
/etc/sos.conf
/etc/hostid
kernel System log files 
/etc/conf.modules
/etc/modules.conf
/etc/modprobe.conf
/etc/modprobe.d
/etc/sysctl.conf
/etc/sysctl.d
/lib/modules/*/modules.dep
/lib/sysctl.d
/proc/cmdline
/proc/driver
/proc/kallsyms
/proc/lock*
/proc/buddyinfo
/proc/misc
/proc/modules
/proc/slabinfo
/proc/softirqs
/proc/sys/kernel/random/boot_id
/proc/sys/kernel/tainted
/proc/timer*
/proc/zoneinfo
/sys/firmware/acpi/*
/sys/kernel/debug/tracing/* 
/sys/kernel/livepatch/*
/sys/module/*/parameters
/sys/module/*/initstate
/sys/module/*/refcnt
/sys/module/*/taint
/sys/module/*/version
/sys/devices/system/clocksource/*/available_clocksource
/sys/devices/system/clocksource/*/current_clocksource
/sys/fs/pstore
/var/log/dmesg
libraries List of shared libraries 
/etc/ld.so.conf
/etc/ld.so.conf.d/*
logs System log files 
/etc/syslog.conf
/etc/rsyslog.conf
/etc/rsyslog.d
/run/log/journal/*
/var/log/auth.log
/var/log/auth.log.1
/var/log/auth.log.2*
/var/log/boot.log
/var/log/dist-upgrade
/var/log/installer
/var/log/journal/*
/var/log/kern.log
/var/log/kern.log.1
/var/log/kern.log.2*
/var/log/messages*
/var/log/secure*
/var/log/syslog
/var/log/syslog.1
/var/log/syslog.2*
/var/log/udev
/var/log/unattended-upgrades
lvm2 Hardware details
memory Hardware details 
/proc/pci
/proc/meminfo
/proc/vmstat
/proc/swaps
/proc/slabinfo
/proc/pagetypeinfo
/proc/vmallocinfo
/sys/kernel/mm/ksm
/sys/kernel/mm/transparent_hugepage/enabled
networking Network Identification 
/etc/dnsmasq*
/etc/host*
/etc/inetd.conf
/etc/iproute2
/etc/network*
/etc/nftables
/etc/nftables.conf
/etc/nsswitch.conf
/etc/resolv.conf
/etc/sysconfig/nftables.conf
/etc/xinetd.conf
/etc/xinetd.d
/etc/yp.conf
/proc/net/*
/sys/class/net/*/device/numa_node
/sys/class/net/*/flags
/sys/class/net/*/statistics/*
pam Login security settings 
/etc/pam.d/*
/etc/security
pci Hardware details 
/proc/bus/pci
/proc/iomem
/proc/ioports
process All running process details 
/proc/sched_debug
/proc/stat
/proc/[0-9]*/smaps
processor Hardware details 
/proc/cpuinfo
/sys/class/cpuid
/sys/devices/system/cpu
rpm Installed software 
/var/lib/rpm/*
/var/log/rpmpkgs
sar Resource and usage data 
/var/log/sa/*
selinux Security settings 
/etc/sestatus.conf
/etc/selinux
/var/lib/selinux
services All defined services 
/etc/inittab
/etc/rc.d/*
/etc/rc.local
ssh SSH configuration 
/etc/ssh/ssh_config
/etc/ssh/sshd_config
yum Installed software 
/etc/pki/consumer/cert.pem
/etc/pki/entitlement/*.pem
/etc/pki/product/*.pem
/etc/yum/*
/etc/yum.repos.d/*
/etc/yum/pluginconf.d/*
/var/log/yum.log
OSWatcher

OSWatcher is automatically configured in Autonomous Linux to collect system information periodically. This utility runs common OS commands at regular intervals and outputs the information to a log file collected by the service. The commands tracked by the service are as follows.

OSWatcher Commands
  • buddyinfo
  • cpuinfo
  • ifconfig
  • iostat
  • lscpu
  • mpstat
  • netst
  • pagetype
  • slabinfo
  • top
  • vmstat
  • zoneinfo
Ksplice

The following information is collected and submitted to the service for debugging:

  • kernel symbols
  • kernel modules
  • Ksplice update details
  • Ksplice Uptrack logs