#!/usr/bin/env bash
# ESET Management Agent
#
# Copyright (c) 2025 ESET, spol. s r.o.
#set -ex
function paths_Linux
{
echo "BINDIR='/opt/$1/$2/bin'"
echo "SBINDIR='/opt/$1/$2/sbin'"
echo "LIBDIR='/opt/$1/$2/lib'"
echo "MANDIR='/opt/$1/$2/share/man'"
echo "EETCDIR='/etc/opt/$1/$2'"
echo "ELIBDIR='/opt/$1/$2/lib'"
echo "EDOCDIR='/opt/$1/$2/share/doc'"
echo "EBASEDIR='/var/opt/$1/$2/lib'"
echo "ECACHEDIR='/var/opt/$1/$2/cache'"
echo "EDUMPDIR='/var/opt/$1/$2/dumps'"
echo "LOGROTDDIR='/opt/$1/$2/etc/logrotate.d'"
echo "INITRCDIR='/opt/$1/$2/etc/init.d'"
echo "ELOGDIR='/var/log/$2'"
echo "LOCALEDIR='/opt/$1/$2/locale'"
echo "ESHAREDIR='/opt/$1/$2/share'"
echo "ERSRSDIR='/opt/$1/$2/lib/gui'"
echo "ERAAGENTDIAGNOSTICDIR='/opt/$1/RemoteAdministrator/Agent'"
echo "ERAPROXYDIAGNOSTICDIR='/opt/$1/RemoteAdministrator/Proxy'"
echo "ERASERVERDIAGNOSTICDIR='/opt/$1/RemoteAdministrator/Server'"
echo "ERARDSENSORDIAGNOSTICDIR='/opt/$1/RogueDetectionSensor'"
echo "ERAMDMDIAGNOSTICDIR='/opt/$1/RemoteAdministrator/MDMCore'"
echo "ERAVAHDIAGNOSTICDIR='/opt/$1/RemoteAdministrator/VAgentHost'"
}
function paths_Mac
{
local APPLE_INST_BASE_DIR="/Applications/.$2/Contents"
local APPLE_INST_APPSUP_DIR="/Library/Application Support/$3/$2"
echo "BINDIR='$APPLE_INST_BASE_DIR/MacOS'"
echo "SBINDIR='$APPLE_INST_BASE_DIR/MacOS'"
echo "LIBDIR='/usr/lib'"
echo "MANDIR='$APPLE_INST_BASE_DIR/Resources/share/man'"
echo "EETCDIR='$APPLE_INST_APPSUP_DIR/etc'"
echo "ELIBDIR='$APPLE_INST_BASE_DIR/MacOS'"
echo "EDOCDIR='$APPLE_INST_BASE_DIR/Resources/share/doc'"
echo "EBASEDIR='$APPLE_INST_APPSUP_DIR/modules'"
echo "ECACHEDIR='$APPLE_INST_APPSUP_DIR/cache'"
echo "EDUMPDIR='$APPLE_INST_APPSUP_DIR/dumps'"
echo "LOGROTDDIR='$APPLE_INST_APPSUP_DIR/etc/logrotate.d'"
echo "INITRCDIR='$APPLE_INST_APPSUP_DIR/etc/init.d'"
echo "ELOGDIR='$APPLE_INST_APPSUP_DIR/logs'"
echo "LOCALEDIR='$APPLE_INST_BASE_DIR/..'"
echo "ESHAREDIR='$APPLE_INST_BASE_DIR/Resources/share'"
echo "ERSRSDIR='$APPLE_INST_BASE_DIR/Resources'"
echo "HELPERS='$APPLE_INST_BASE_DIR/Helpers'"
echo "PLUGINS='$APPLE_INST_BASE_DIR/PlugIns'"
echo "NSPLUGINS='$APPLE_INST_APPSUP_DIR/PlugIns'"
echo "CMENU='$APPLE_INST_BASE_DIR/FinderMenu'"
echo "ERAAGENTDIAGNOSTICDIR='/Applications/ESET Remote Administrator Agent.app/Contents/MacOS'"
}
function paths_Darwin
{
paths_Mac "$@"
}
function paths_FreeBSD
{
echo "BINDIR='/usr/local/bin'"
echo "SBINDIR='/usr/local/sbin'"
echo "LIBDIR='/usr/local/lib'"
echo "MANDIR='/usr/local/man'"
echo "EETCDIR='/usr/local/etc/$2'"
echo "ELIBDIR='/usr/local/lib/$2'"
echo "EDOCDIR='/usr/local/share/doc/$2'"
echo "EBASEDIR='/var/lib/$2'"
echo "ECACHEDIR='/var/cache/$2'"
echo "EDUMPDIR='/var/dumps/$2'"
echo "ELOGDIR='/var/log/$2'"
echo "LOGROTDDIR='/usr/local/etc/logrotate.d'"
echo "INITRCDIR='/usr/local/etc/rc.d'"
echo "LOCALEDIR='/usr/local/share/locale'"
echo "ESHAREDIR='/usr/local/share/$2'"
echo "ERSRSDIR='/usr/local/lib/$2/gui'"
}
function paths_OpenBSD
{
echo "BINDIR='/usr/local/bin'"
echo "SBINDIR='/usr/local/sbin'"
echo "LIBDIR='/usr/local/lib'"
echo "MANDIR='/usr/local/man'"
echo "EETCDIR='/etc/$2'"
echo "ELIBDIR='/usr/local/lib/$2'"
echo "EDOCDIR='/usr/local/share/doc/$2'"
echo "EBASEDIR='/var/lib/$2'"
echo "ECACHEDIR='/var/cache/$2'"
echo "EDUMPDIR='/var/dumps/$2'"
echo "ELOGDIR='/var/log/$2'"
echo "LOGROTDDIR='/usr/local/etc/logrotate.d'"
#INITRCDIR=???
echo "LOCALEDIR='/usr/local/share/locale'"
echo "ESHAREDIR='/usr/local/share/$2'"
echo "ERSRSDIR='/usr/local/lib/$2/gui'"
}
function paths_NetBSD
{
echo "BINDIR='/usr/pkg/bin'"
echo "SBINDIR='/usr/pkg/sbin'"
echo "LIBDIR='/usr/pkg/lib'"
echo "MANDIR='/usr/pkg/man'"
echo "EETCDIR='/usr/pkg/etc/$2'"
echo "ELIBDIR='/usr/pkg/lib/$2'"
echo "EDOCDIR='/usr/pkg/share/doc/$2'"
echo "EBASEDIR='/var/lib/$2'"
echo "ECACHEDIR='/var/cache/$2'"
echo "EDUMPDIR='/var/dumps/$2'"
echo "ELOGDIR='/var/log/$2'"
echo "LOGROTDDIR='/usr/pkg/etc/logrotate.d'"
echo "LOCALEDIR='/usr/pkg/share/locale'"
echo "ESHAREDIR='/usr/pkg/share/$2'"
echo "INITRCDIR='/etc/rc.d'"
echo "ERSRSDIR='/usr/pkg/lib/$2/gui'"
}
function paths_SunOS
{
echo "BINDIR='/opt/$2/bin'"
echo "SBINDIR='/opt/$2/sbin'"
echo "LIBDIR='/opt/$2/lib'"
echo "MANDIR='/opt/$2/man'"
echo "EETCDIR='/etc/opt/$2'"
echo "ELIBDIR='/opt/$2/lib'"
echo "EDOCDIR='/opt/$2/share/doc'"
echo "EBASEDIR='/var/opt/$2/lib'"
echo "ECACHEDIR='/var/opt/$2/cache'"
echo "EDUMPDIR='/var/opt/$2/dumps'"
echo "ELOGDIR='/var/opt/$2/log'"
# LOGROTDDIR="/etc/opt/$2/logrotate.d"
echo "LOCALEDIR='/opt/$2/locale'"
echo "ESHAREDIR='/opt/$2/share'"
echo "INITRCDIR='/etc/opt/$2/init.d'"
echo "ERSRSDIR='/opt/$2/lib/gui'"
}
PROVIDER="eset"
PACKAGE="esets"
PROVIDER_TM="ESET"
function paths {
paths_`uname -s` "$PROVIDER" "$PACKAGE" "$PROVIDER_TM"
}
eval "`paths`"
#!/usr/bin/env bash
# Commands that should be run on customer system to collect required info about system, EAV,... for support purpose only.
#
# Must be run under root user.
#
# checking user rights
SCP_VER="1.34"
export LC_ALL=C
Args=("$@")
PROVIDER_UPPER="`echo $PROVIDER | tr '[a-z]' '[A-Z]'`"
function call_stat
{
STAT="`which stat 2>/dev/null`"
if [ -x "$STAT" ]; then
$STAT "$1" >> "$2"
else
ls -ald "$1" >> "$2"
fi
}
function reexec_sudo
{
SUDO="`which sudo 2>/dev/null`"
if [ -x "$SUDO" ]; then
exec $SUDO $@
else
echo "You must run this script as root!"
exit 1
fi
}
function call_tar
{
SRC=$2
DST_PREFIX=$1
( tar -czf ${DST_PREFIX}.tgz $SRC 2>/dev/null && echo ${DST_PREFIX}.tgz ) || ( gtar -czf ${DST_PREFIX}.tgz $SRC 2>/dev/null && echo $DST_PREFIX.tgz ) || ( tar -cf ${DST_PREFIX}.tar $SRC && echo ${DST_PREFIX}.tar ) || echo ""
}
function get_child_pid
{
COMMAND=$1
EPPID=$2
echo `ps -Ao pid,ppid,comm | grep $COMMAND | awk '{ if ($2 == '$EPPID') {print $1} }'`
}
function call_lsof
{
EPID=$1
LSOF="`which lsof 2>/dev/null`"
if [ -x "$LSOF" ] ; then
$LSOF -p "$EPID"
else
LSOF="/usr/proc/bin/pfiles"
if [ -x "$LSOF" ] ; then
$LSOF "$EPID"
else
echo "lsof doesn't exists!"
fi
fi
}
if [ $UID != 0 ]; then
echo
echo "*********************************************************************************************************"
echo "* $PROVIDER_UPPER support data collector, v$SCP_VER *"
echo "*********************************************************************************************************"
echo "*"
echo "* Usage:"
echo "* info_get.command - collect all logs required by $PROVIDER_TM's Support"
echo "* info_get.command --no-productlogs - collect all logs required by $PROVIDER_TM's Support without"
echo "* product's logs"
echo "*"
echo "* Script execution needs approx. 120sec to collect all required data, please do not interrupt it."
echo "* NOTE: only user with admin privileges could run this script!"
echo "*"
echo "*********************************************************************************************************"
# collect user id & groups info as current user
echo "id:" `id` > /tmp/user_info.txt;
echo "HDIR:" $HOME >> /tmp/user_info.txt;
echo "SHL:" $SHELL >> /tmp/user_info.txt;
call_stat $HOME /tmp/user_info.txt
# re-execute itself under root user
reexec_sudo "$0" $@
fi
function collect_logs1 {
echo "Collecting logs1..."
FNAME="./elog1.txt"
echo `date` " - print output" > $FNAME
# get mount files
echo "mount:" >> $FNAME
mount >> $FNAME
echo "" >> $FNAME
echo "df:" >> $FNAME
df >> $FNAME
if [ -f "/var/run/${PACKAGE}_daemon.pid" ]; then
EPPID="`cat /var/run/${PACKAGE}_daemon.pid`"
# get pid of child ${PACKAGE}_daemon process
EPID="`get_child_pid ${PACKAGE}_daemon $EPPID`"
if [ "$EPID" != "" ]; then
echo "" >> $FNAME
ps -Aj | grep $PACKAGE >> $FNAME
echo "" >> $FNAME
$SBINDIR/${PACKAGE}_daemon --status 2>/dev/null >> $FNAME
# make it several times
COUNT=0
while [ $COUNT -lt 3 ]; do
echo "" >> $FNAME
echo `date` " - $COUNT. print open files for process ${PACKAGE}_daemon[$EPID]" >> $FNAME
call_lsof $EPID >> $FNAME
let COUNT=COUNT+1;
# must be greater then 10 sec.
sleep 11;
done
fi
else
echo "" >> $FNAME
echo "WARNING: ${PROVIDER} daemon is not runnig, er=1" >> $FNAME
fi
if [ -f "/selinux/enforcing" ]; then
echo "" >> $FNAME
echo "SELinux: `cat /selinux/enforcing`" >> $FNAME
else
echo "" >> $FNAME
echo "No '/selinux/enforcing' found" >> $FNAME
fi
echo "" >> $FNAME
echo `date` " - finished" >> $FNAME
}
function collect_logs2 {
echo "Collecting logs2..."
# do not change output file name!!!
# products with ver 4.0.xx doesn't supports interrupt
VER_MAJOR="`$SBINDIR/${PACKAGE}_daemon --version 2>/dev/null | cut -d " " -f 3 | cut -d "." -f 1`"
VER_MINOR="`$SBINDIR/${PACKAGE}_daemon --version 2>/dev/null | cut -d " " -f 3 | cut -d "." -f 2`"
if [ $VER_MAJOR ] && [ $VER_MINOR ]; then
VER=$[$[$VER_MAJOR*1000]+$[$VER_MINOR]]
if [ $VER -gt 4000 ]; then
FNAME="/tmp/escan_files"
if [ -f "/var/run/${PACKAGE}_daemon.pid" ]; then
EPPID="`cat /var/run/${PACKAGE}_daemon.pid`"
# get pid of child ${PACKAGE}_daemon process
EPID="`get_child_pid ${PACKAGE}_daemon $EPPID`"
if [ "$EPID" != "" ]; then
echo `date` " - print output ps -Aj" > $FNAME
ps -Aj | grep ${PACKAGE} >> $FNAME
# make it several times
COUNT=0
while [ $COUNT -lt 3 ]; do
echo "" >> $FNAME
echo `date` " - $COUNT. send INT to ${PACKAGE}_daemon[$EPID]" >> $FNAME
kill -INT $EPID 2>/dev/null;
let COUNT=COUNT+1;
# must be greater then 10 sec.
sleep 11;
done
echo "" >> $FNAME
echo `date` " - finished" >> $FNAME
fi
else
echo "" >> $FNAME
echo "WARNING: ${PACKAGE} daemon is not runnig, er=2" >> $FNAME
fi
test -f $FNAME && cp -Rf $FNAME ./elog2.txt
test -f $FNAME && unlink $FNAME
fi
fi
}
function collect_eea {
FILE_EEA=/opt/eset/eea/sbin/collect_logs.sh
if [ -f "$FILE_EEA" ]; then
echo "Log collecting script for EEA found. Initializing log collection..."
sh $FILE_EEA
fi
}
function collect_efs {
FILE_EFS=/opt/eset/efs/sbin/collect_logs.sh
if [ -f "$FILE_EFS" ]; then
echo "Log collecting script for EFS found. Initializing log collection..."
sh $FILE_EFS
fi
}
function collect_bridge {
FILE_BRIDGE=/opt/eset/bridge/lib/scripts/collect_logs.sh
if [ -f "$FILE_BRIDGE" ]; then
echo "Log collecting script for Bridge found. Initializing log collection..."
sh $FILE_BRIDGE
fi
}
function check_3rd_party_sw {
PRODUCT_TABLE=(
# INTEGO
'/Library/LaunchDaemons/com.intego.personalantispam.daemon.plist'
'/Library/LaunchDaemons/com.intego.PersonalBackup.daemon.plist'
'/Library/LaunchDaemons/com.intego.ContentBarrier.daemon.plist'
'/Library/LaunchDaemons/com.intego.VirusBarrierX6.daemon.plist'
'/Library/LaunchDaemons/com.intego.VirusBarrierX6.scanner.daemon.plist'
'/Library/LaunchDaemons/com.intego.commonservices.daemon.plist'
'/Library/LaunchDaemons/com.intego.commonservices.icalserver.plist'
'/Library/LaunchDaemons/com.intego.netupdate.daemon.plist'
'/Library/LaunchDaemons/com.intego.task.manager.daemon.plist'
# KASPERSKY
'/Library/LaunchDaemons/com.kaspersky.kav.plist'
# NORTON
'/Library/LaunchDaemons/com.symantec.npfbootstrap.plist'
'/Library/LaunchDaemons/com.symantec.deepsight-extractor.plist'
'/Library/LaunchDaemons/com.symantec.symdaemon.plist'
# SOPHOS
'/Library/LaunchDaemons/com.sophos.notification.plist'
# BITDEFENDER
'/Library/LaunchDaemons/com.bitdefender.avp.Enterprise.plist'
'/Library/LaunchDaemons/com.bitdefender.avp.AuthHelperTool.plist'
'/Library/LaunchDaemons/com.bitdefender.avp.UpgDaemon.plist'
# CLAM
'/usr/local/clamXav'
# MCAFEE
'/usr/local/McAfee/AppProtection'
'/usr/local/McAfee/Firewall'
'/usr/local/McAfee/AntiMalware'
'/Library/LaunchDaemons/com.mcafee.virusscan.fmpd.plist'
'/Library/LaunchDaemons/com.mcafee.virusscan.ScanManager.plist'
'/Library/LaunchDaemons/com.mcafee.virusscan.VShieldEPOInterface.plist'
'/Library/LaunchDaemons/com.mcafee.virusscan.eupdate.plist'
# TREND
'/Library/StartupItems/iCoreService'
#AVAST
'/Library/LaunchDaemons/com.avast.MacAvast.LaunchDaemon.plist'
'/Applications/avast!.app'
# DRWEB
'/Library/LaunchDaemons/com.drweb.drwebd.plist'
# FSECURE
'/Library/LaunchDaemons/com.f-secure.aua.plist'
'/Library/LaunchDaemons/com.f-secure.fsavd.plist'
# IAV
'/Library/iAntiVirus/iavd'
# PANDA
'/Library/LaunchDaemons/com.pandasecurity.panda_av_daemon.plist'
# MACSCAN
'/Applications/MacScan 2'
)
echo "Collecting 3rd party SW..."
AVFNAME="./av_vendor_check.txt"
echo `date` " - checking 3rd party SW:" > $AVFNAME
ELEMENTS=${#PRODUCT_TABLE[@]}
for (( i=0;i<$ELEMENTS;i++)); do
test -f "${PRODUCT_TABLE[${i}]}" && echo "${PRODUCT_TABLE[${i}]}" >> $AVFNAME
test -d "${PRODUCT_TABLE[${i}]}" && echo "${PRODUCT_TABLE[${i}]}" >> $AVFNAME
done
}
function collect_datadir {
#if [ "$COLLECT_PRODUCT_LOGS" = "NO" ]; then
# return 0
#fi
DATAFILE="./data.txt"
if [ ! -d "$EBASEDIR" ]; then
echo "Directory ${EBASEDIR} does not exist" > $DATAFILE
return 0
fi
pushd "$EBASEDIR" > /dev/null 2>&1 # switch to $EBASEDIR
echo "modules:" > $DATAFILE
for i in `ls -1 em0*.dat 2>/dev/null`;
do
grep -HanE "^(type|build|version)" $i >> $DATAFILE
done
popd > /dev/null 2>&1 # return to old directory
mv "$EBASEDIR/$DATAFILE" .
echo "" >> $DATAFILE
echo "listing:" >> $DATAFILE
ls -RGl "$EBASEDIR" >> $DATAFILE
echo "" >> $DATAFILE
echo "content:" >> $DATAFILE
cat "$EBASEDIR/data/data.txt" >> $DATAFILE
}
function collect_diskutil {
echo "Collecting disklogs..."
DUFILE="./diskutil.txt"
echo "list:" > $DUFILE
diskutil List >> $DUFILE
echo "====================" >> $DUFILE
echo "appleRaidList:" >> $DUFILE
diskutil AppleRaid list >> $DUFILE
echo "====================" >> $DUFILE
echo "CoreStorageList:" >> $DUFILE
diskutil CoreStorage list >> $DUFILE
}
function collect_system_info {
FILE="./system_info.spx"
system_profiler -xml > $FILE 2> /dev/null
}
function collect_ioreg {
FILE="./ioreg.txt"
ioreg -l > $FILE;
FILE="./ioreg_eset.txt"
ioreg -l -p IOEsetPlane > $FILE
}
function collect_netstat {
FILE=".netstat_root_table.txt"
netstat -rn > $FILE
}
function collect_old_paths
{
# here should be old versions of runtime collected paths, example:
# test -d <old_path> && cp -RLf <old_path> ./<old_path_out>
echo "Collecting obsolete path logs..."
EETCDIR_OLD="$BINDIR/../etc"
test -f "$EETCDIR_OLD/${PACKAGE}.cfg" && cp -f "$EETCDIR_OLD/${PACKAGE}.cfg" ./${PACKAGE}.cfg.old # get CFG from ECS 6.0.13 or EAVBE4.1.96.0 or older
if [ "$COLLECT_PRODUCT_LOGS" = "YES" ]; then
ELOGDIR_OLD="$BINDIR/../var/log"
test -d "$ELOGDIR_OLD" && mkdir -p ./${PACKAGE}_logs.old
test -d "$ELOGDIR_OLD" && cp -Rf "$ELOGDIR_OLD/" ./${PACKAGE}_logs.old # get product logs from ECS 6.0.13 or EAVBE4.1.96.0 or older
fi
}
function run_diagnostic_tool
{
DIAGNOSTIC_DIR="$1"
DIAGNOSTIC_EXE="$2"
DST_DIR="$3"
if ! [ -z ${DIAGNOSTIC_DIR+x} ]; then
test -f "$DIAGNOSTIC_DIR/$DIAGNOSTIC_EXE" && cd "$DIAGNOSTIC_DIR" && "$DIAGNOSTIC_DIR/$DIAGNOSTIC_EXE" --zippath="$DST_DIR/era" --actions=1 > /dev/null
fi
}
function collect_era
{
echo "Collecting logs3..."
CURRENT_DIR="`pwd`"
run_diagnostic_tool "$ERAAGENTDIAGNOSTICDIR" "DiagnosticAgent" "$CURRENT_DIR" || run_diagnostic_tool "$ERAAGENTDIAGNOSTICDIR" "Diagnostic" "$CURRENT_DIR"
run_diagnostic_tool "$ERAPROXYDIAGNOSTICDIR" "DiagnosticProxy" "$CURRENT_DIR" || run_diagnostic_tool "$ERAPROXYDIAGNOSTICDIR" "Diagnostic" "$CURRENT_DIR"
run_diagnostic_tool "$ERASERVERDIAGNOSTICDIR" "DiagnosticServer" "$CURRENT_DIR" || run_diagnostic_tool "$ERASERVERDIAGNOSTICDIR" "Diagnostic" "$CURRENT_DIR"
run_diagnostic_tool "$ERARDSENSORDIAGNOSTICDIR" "DiagnosticRDSensor" "$CURRENT_DIR" || run_diagnostic_tool "$ERARDSENSORDIAGNOSTICDIR" "Diagnostic" "$CURRENT_DIR"
run_diagnostic_tool "$ERAMDMDIAGNOSTICDIR" "DiagnosticMDM" "$CURRENT_DIR" || run_diagnostic_tool "$ERAMDMDIAGNOSTICDIR" "Diagnostic" "$CURRENT_DIR"
run_diagnostic_tool "$ERAVAHDIAGNOSTICDIR" "DiagnosticVAH" "$CURRENT_DIR" || run_diagnostic_tool "$ERAVAHDIAGNOSTICDIR" "Diagnostic" "$CURRENT_DIR"
cd "$CURRENT_DIR"
}
function collect_product
{
echo "Collecting products logs..."
test -f "$EETCDIR/${PACKAGE}.cfg" && cp -f "$EETCDIR/${PACKAGE}.cfg" .
test -d "$ECACHEDIR/data" && cp -RLf "$ECACHEDIR/data" ./${PACKAGE}_cache
test -f "$SBINDIR/${PACKAGE}_daemon" && "$SBINDIR/${PACKAGE}_daemon" --version > ./${PACKAGE}_daemon_version.txt
test -f "$SBINDIR/${PACKAGE}_daemon" && $SBINDIR/${PACKAGE}_daemon --modules_info 2>/dev/null > modules_info.txt
if [ "$COLLECT_PRODUCT_LOGS" = "YES" ]; then
test -d "$ELOGDIR" && mkdir -p ./${PACKAGE}_logs
test -d "$ELOGDIR" && cp -Rf "$ELOGDIR/" ./${PACKAGE}_logs
test -d "$EDUMPDIR" && cp -RLf "$EDUMPDIR" ./${PACKAGE}_dumps
test -f /tmp/bt.${PACKAGE}* && cp -f /tmp/bt.${PACKAGE}* .
fi
collect_era
collect_eea
collect_efs
collect_datadir
collect_bridge
}
function collect_journal
{
local FNAME="journal.txt"
if [ -x /usr/bin/journalctl ]; then
local cmd="journalctl -n 100000"
echo `date` " - $cmd" > $FNAME
$cmd >> $FNAME
fi
}
function collect_system_Linux
{
for ((i=0;i<8;i++)) ; do
(echo "%PID %PPID %CPU %MEM ARGS $(date)" && ps -e -o pid,ppid,pcpu,pmem,args --sort=pcpu | cut -d" " -f1-50| tail -n 80) >> ps.txt
sleep 1;
done
test -d /var/log/audit && cp -RLf /var/log/audit .
iptables-save > iptables-save.txt 2>/dev/null
collect_journal
}
function collect_system_FreeBSD
{
echo > /dev/null
}
function collect_system_OpenBSD
{
echo > /dev/null
}
function collect_system_NetBSD
{
echo > /dev/null
}
function collect_system_SunOS
{
echo > /dev/null
SVC_LOG="`ls -d /var/svc/log/* | grep $PACKAGE`"
if [ "$SVC_LOG" ] ; then
mkdir svc
cp $SVC_LOG ./svc
fi
}
function collect_system_Mac
{
top -o cpu -F -R -l 8 -c a > top.txt
kextstat > kextstat.txt
sw_vers > ./sw_vers.txt
ls -Gl /Applications/ > ./apps.txt
ls -Gl /Library/ > ./library.txt
test -d /Library/Server && ls -Gl /Library/Server/ > ./library_server.txt
ls -Gl /var/db/receipts/ > ./var_db_receipts.txt
echo "serveradmin presence test:" > serveradmin_v.txt; serveradmin -v >> serveradmin_v.txt 2>> serveradmin_v.txt
ls -Gle $HOME/ > ./home.txt
test -d $HOME/Library/Logs/CrashReporter && cp -RLf $HOME/Library/Logs/CrashReporter ./User
test -d ./User/CrashReporter/MobileDevice && rm -Rf ./User/CrashReporter/MobileDevice
test -d $HOME/Library/Logs/DiagnosticReports && cp -RLf $HOME/Library/Logs/DiagnosticReports ./User
test -d /Library/Logs/CrashReporter && cp -RLf /Library/Logs/CrashReporter ./System
test -d ./System/CrashReporter/MobileDevice && rm -Rf ./System/CrashReporter/MobileDevice
test -d /Library/Logs/PanicReporter && cp -RLf /Library/Logs/PanicReporter ./System
test -d /Library/Logs/HangReporter && cp -RLf /Library/Logs/HangReporter ./System
test -d /Library/Logs/DiagnosticReports && cp -RLf /Library/Logs/DiagnosticReports ./System
test -d /Library/StartupItems && ls -Gl /Library/StartupItems/ > ./start_up_items.txt
test -d /Library/LaunchAgents && ls -Gl /Library/LaunchAgents/ > ./launched_agents.txt
test -d $HOME/Library/LaunchAgents && ls -Gl $HOME/Library/LaunchAgents/ > ./launched_agents_user.txt
test -d /Library/LaunchDaemons && ls -Gl /Library/LaunchDaemons/ > ./launched_daemons.txt
if [ -f /usr/bin/log ]; then
echo "Collecting system logs from macOS 10.12+ ..."
# for macOS 10.12+, generate last 3 days logs history
# log show --last 3d --source --info --debug > /tmp/syslogs-dump.log
log show --last 3d --source --style syslog --info --debug > /tmp/syslogs-dump.syslogstyle.log
# log show --last 3d --source --style json --info --debug > /tmp/syslogs-dump.jsonstyle.log
test -f /tmp/syslogs-dump.log && cp -f /tmp/syslogs-dump.log ./syslogs-dump.log
test -f /tmp/syslogs-dump.syslogstyle.log && cp -f /tmp/syslogs-dump.syslogstyle.log ./syslogs-dump.syslogstyle.log
test -f /tmp/syslogs-dump.jsonstyle.log && cp -f /tmp/syslogs-dump.jsonstyle.log ./syslogs-dump.jsonstyle.log
fi
collect_diskutil
collect_system_info
collect_ioreg
collect_netstat
check_3rd_party_sw
}
function collect_system_Darwin
{
collect_system_Mac "$@"
}
function collect_system_common
{
uname -a > uname.txt
test -f /tmp/user_info.txt && cp -f /tmp/user_info.txt ./user_info.txt
test -f /var/log/system.log && cp -f /var/log/system.log* .
test -f /var/log/mail.log && cp -f /var/log/mail.log* .
test -f /var/log/kernel.log && cp -f /var/log/kernel.log* .
test -f /var/log/install.log && cp -f /var/log/install.log* .
test -f /var/log/daemon.log && cp -f /var/log/daemon.log* .
test -f /var/log/syslog && cp -f /var/log/syslog* .
test -f /var/log/messages && cp -f /var/log/messages* .
test -f /etc/ld.so.preload && cp -f /etc/ld.so.preload .
}
function collect_system
{
echo "Collecting system logs..."
collect_system_common
collect_system_`uname -s` "$@"
}
# pre-cleaning
echo ""
echo "Cleaning..."
rm -rf /tmp/customer_info.*
rm -rf ~/customer_info.*
#
mkdir -p /tmp/customer_info.${PROVIDER}/User
mkdir -p /tmp/customer_info.${PROVIDER}/System
mkdir -p /tmp/customer_info.${PROVIDER}/${PACKAGE}_cache
cd /tmp/customer_info.${PROVIDER}/
# collecting currently processed file's data
collect_logs1
collect_logs2
# collect system logs
collect_system
#collect configuration & product version
echo "$PROVIDER_UPPER support data collector, v$SCP_VER" > scp_ver.txt
COLLECT_PRODUCT_LOGS="YES"
if [ ${#Args[@]} -gt 0 ]; then
# there is some input arguments
if [ "${Args[0]}" = "-no_productlogs" \
-o "${Args[0]}" = "-no-productlogs" \
-o "${Args[0]}" = "--no-productlogs" ]; then
COLLECT_PRODUCT_LOGS="NO"
fi
fi
collect_product
collect_old_paths
# packing data
PKG="`call_tar /tmp/customer_info .`"
if [ -z "$PKG" ] ; then
echo "Cannot call tar for customer_info in `pwd`"
exit 1
fi
DEST_DIR=~
if [ -d ~/Desktop ] ; then
DEST_DIR=~/Desktop
fi
mv $PKG $DEST_DIR/
# cleaning
cd /tmp
test -d /tmp/customer_info.${PROVIDER}/ && rm -Rf /tmp/customer_info.${PROVIDER}/
PKG="`basename $PKG`"
# inform about sending the result to ${PROVIDER} support
echo
echo
echo "Send file '${DEST_DIR}/${PKG}' to ${PROVIDER_UPPER}'s support"
echo