DEV Community: Jorge Luis Rueda Beirana

𝗜𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗼𝗻 𝗼𝗳 𝘀𝗼𝘀 𝗿𝗲𝗽𝗼𝗿𝘁 𝗶𝗻 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗣𝗶𝗽𝗲𝗹𝗶𝗻𝗲𝘀.

Jorge Luis Rueda Beirana — Wed, 20 May 2026 10:11:19 +0000

Monitoring and observability tools — Grafana, Prometheus, traces, logs — tell you that something is wrong and where. They do not tell you what the host operating system was doing at that moment: which processes were consuming memory, what the kernel OOM killer decided, whether a filesystem was having an I/O contention problem, what the block device queue looked like, what firewall rules were in effect. That data lives on the node, is often ephemeral, and disappears or changes as the system recovers.

The purpose of integrating the widely available open-source 𝘀𝗼𝘀 𝗿𝗲𝗽𝗼𝗿𝘁 Linux command into the pipeline is to 𝗰𝗮𝗽𝘁𝘂𝗿𝗲 𝘁𝗵𝗮𝘁 𝗢𝗦-𝗹𝗲𝘃𝗲𝗹 𝘀𝗻𝗮𝗽𝘀𝗵𝗼𝘁 𝗮𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗰𝗮𝗹𝗹𝘆, 𝗮𝘁 𝘁𝗵𝗲 𝗺𝗼𝗺𝗲𝗻𝘁 𝗼𝗳 𝘁𝗵𝗲 𝗮𝗹𝗲𝗿𝘁, 𝗯𝗲𝗳𝗼𝗿𝗲 𝘁𝗵𝗲 𝗲𝘃𝗶𝗱𝗲𝗻𝗰𝗲 𝗱𝗲𝗴𝗿𝗮𝗱𝗲𝘀 without requiring a human to log into the node and collect it manually.

More specifically it achieves four things:

𝗦𝗽𝗲𝗲𝗱 𝗼𝗳 𝗱𝗶𝗮𝗴𝗻𝗼𝘀𝗶𝘀. The data is already collected and analysed by the time the SRE opens the alert. They review findings instead of gathering evidence.

𝗘𝘃𝗶𝗱𝗲𝗻𝗰𝗲 𝗽𝗿𝗲𝘀𝗲𝗿𝘃𝗮𝘁𝗶𝗼𝗻. Memory state, kernel ring buffer entries, and process tables are ephemeral. Automated collection catches them before the system recovers and overwrites them.

𝗥𝗲𝗱𝘂𝗰𝗲𝗱 𝘁𝗼𝗶𝗹. Manual OS diagnostics during an incident are slow, error-prone, and inconsistent between engineers. Presets make the collection reproducible and automatic.

𝗖𝗼𝗺𝗽𝗹𝗲𝘁𝗲𝗻𝗲𝘀𝘀. Every incident of the same type produces the same shape of data, making cross-incident comparison and pattern recognition — including by an AI analysis tool meaningful and reliable.

In short: monitoring tells you the what, tracing tells you the where, and sos report presets tell you the why automatically, consistently, and fast enough to be useful during the incident rather than after it.

The best part is that you do not need to install anything.

If you like to know how can this be done, this article contains detailed instructions on how can this be achieved for a concrete production environment involving Kubernetes, Grafana and Ansible

visit sos-vault for a complete reference on how to use sos report command effectivley

Did you know these facts about the sos command?

Jorge Luis Rueda Beirana — Fri, 01 May 2026 09:53:44 +0000

Did you know that the Linux sos command is available in most Linux distributions and that in 53 seconds it generates a compressed and encrypted tar file of less than 15MB containing over 10,000 text files, including logs, output from more than 500 diagnostic commands, and over 1,800 configuration files? This file can then be transferred to a secure server so that the information can be analyzed by your team (or by an AI) making it easy to be integrated into your existing CI/CD pipeline.

In less than a minute, you have all the information needed to detect problems, find root causes (RCA), take inventory, review system security, or measure system performance without needing to establish a single server session. This translates to greater security and less exposure, and the ability to analyze the same information simultaneously by different teams (SRE, NetTeam, DBA, DevOps, SecOps, QA, etc.).

This compressed and encrypted tar file is known as a sosreport. And if you maintain a history of sosreports for each server, you can compare them or the same server over time to identify discrepancies in behavior, configuration changes, and keep an inventory of hardware and software.

sos is not a monitoring system or a SIEM. It's a diagnostic tool. And it's completely open-source.

I write articles about the sos command because there is much more to say about it. Visit my blog https://sos-vault.com/blog/sos-command

sos-vault is the solution that helps you archive, manage, and keep your sosreports organized and secure, as well as providing tools that allow you to more easily compare and analyze the information contained in the reports. Soon, you'll also be able to use your favorite LLM to automatically and efficiently analyze a sosreport using an agent.

Visit https://sos-vault.com to see how it works or if you want to know more about the sos command.

A Structured Framework for Linux Troubleshooting

Jorge Luis Rueda Beirana — Mon, 12 May 2025 09:53:54 +0000

At its core, Linux troubleshooting is a process; -one that can be standardized, documented, and even automated.

Here's an article that describes a proven five-step methodology that will save you so much time and effort while looking for root cause and that can be applied to almost any Linux problem without the need of third party software or extra packages:

https://medium.com/@linuxjedi2000/automating-linux-troubleshooting-from-art-to-engineering-d78a42d381fc

Please let me know in the comments if you have applied it and if is working for you. Thanks for sharing.

#Linux #Troubleshooting #Support #DevOps #SRE #Automation

One Linux Command to Rule Them All

Jorge Luis Rueda Beirana — Thu, 24 Apr 2025 07:52:58 +0000

The Combined Power of sos report and sos-vault

Troubleshooting a Linux system can be hard and sosreport makes it a lot simpler, however navigating through the complexity of a sosreport, and fully exploiting its benefits demands expertise and sos-vault makes it much easier. If you are not using sosreport you should take a look to this article. It will save you hours of frustration.