Stay organized with collections
Save and categorize content based on your preferences.
Container-Optimized OS includes the sosreport utility, which collects
information on demand to help you debug problems in a Container-Optimized OS
virtual machine instance. The information is collected and stored locally on
the filesystem of the instance. Google does not collect or store this data
elsewhere.
If you open a support case with Google Cloud support
due to problems with your instance, you may be asked to provide the sosreport
data as part of the investigation. This page shows you how to collect this
information.
The output of sosreport is stored without encryption in a .tar.xz archive.
The archive may contain personally identifiable information (PII), because it
collects data from many critical system components (e.g. journald). The archive
can be inspected on the instance, and most content is in plain text. The
sosreport tool is open source, and you can
review its code.
Collecting the sosreport data
To generate a sosreport:
Connect to the instance using the gcloud compute ssh command.
Run the sos command that corresponds to your OS version:
COS 85 and earlier
Run the following sosreport command to collect the logs:
sudososreport--all-logs--batch--tmp-dir=/var
If the previous command fails with sosreport: command not found, install the
sosreport package and then run the previous sosreport command:
sudotoolbox
sudoaptinstallsosreport-y
COS 105 and later
Run the following sos command to collect the logs:
sudososreport--all-logs--batch--tmp-dir=/var
If the previous command fails with sos: command not found, install the
sosreport package and then run the previous sos report command:
sudotoolbox
sudoaptinstallsosreport-y
Ubuntu-18 and earlier
Run the following sosreport command to collect the logs:
sudososreport--all-logs--batch--tmp-dir=/var
If the previous command fails with sosreport: command not found, install the
sosreport package and then run the previous sosreport command:
sudoaptinstallsosreport
Ubuntu-20 and later
Run the following sos command to collect the logs:
sudososreport--all-logs--batch--tmp-dir=/var
If the previous command fails with sos: command not found, install the
sosreport package and then run the previous sos report command:
sudoaptinstallsosreport
You can change the directory where the report is stored by passing a
different directory to the --tmp-dir option. You can also change the command's
default behavior by editing /etc/sos.conf on the instance.
The output is stored in a .tar.xz file in the directory you specify using the
--tmp-dir option. The location and checksum of the .tar.xz file is shown on
STDOUT.
Your sosreport has been generated and saved in:
/var/sosreport-cos-20181106231224.tar.xz
The checksum is: 5a8b97c6020346a688254c8b04ef86ec
Viewing the collected data
The report is owned by root and is not readable by other users. Use the
following commands to change the owner to your current user and make it readable
by you. Do not make it world-readable.
Then, if you want to view the content of the report on the node, you can extract
it by running below command:
tarxvf$TARBALL
The individual report files are now available in a directory in the same
location as the .tar.xz. You can view the logs using commands such as less, or you
can use commands such as grep to find information in them.
Download the report
To download the report to your local machine, use the gcloud compute scp
command:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eContainer-Optimized OS includes the \u003ccode\u003esosreport\u003c/code\u003e utility for debugging, which gathers diagnostic information locally on a virtual machine instance without Google storing it.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003esosreport\u003c/code\u003e data, which may contain PII, is stored as an unencrypted \u003ccode\u003e.tar.xz\u003c/code\u003e archive and can be requested by Google Cloud support when investigating issues.\u003c/p\u003e\n"],["\u003cp\u003eGenerating a \u003ccode\u003esosreport\u003c/code\u003e consumes CPU, memory, disk space, and I/O resources, and its collection may be challenging during node availability or startup issues due to auto-repair.\u003c/p\u003e\n"],["\u003cp\u003eTo collect the \u003ccode\u003esosreport\u003c/code\u003e, users must connect to the instance via SSH, check the OS version, and run the appropriate \u003ccode\u003esosreport\u003c/code\u003e or \u003ccode\u003esos report\u003c/code\u003e command, installing the \u003ccode\u003esosreport\u003c/code\u003e package if needed.\u003c/p\u003e\n"],["\u003cp\u003eOnce generated, users can view and extract the report's contents locally using \u003ccode\u003etar\u003c/code\u003e, and they can download the report to their local machine using \u003ccode\u003egcloud compute scp\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Collecting debugging information using sosreport\n\nContainer-Optimized OS includes the `sosreport` utility, which collects\ninformation on demand to help you debug problems in a Container-Optimized OS\nvirtual machine instance. The information is collected and stored locally on\nthe filesystem of the instance. Google does not collect or store this data\nelsewhere.\n\nIf you open a support case with [Google Cloud support](/support)\ndue to problems with your instance, you may be asked to provide the `sosreport`\ndata as part of the investigation. This page shows you how to collect this\ninformation.\n| **Note:** Creating the report consumes CPU and memory resource, and storing the report consumes disk space and disk I/O bandwidth resource on the node. The amount of resource consumed cannot be easily estimated.\n| **Note:** When troubleshooting node availability and startup issues, collecting `sosreport` might be challenging. Node auto-repair will terminate and re-create the node after some time of unavailability. See [Disabling node auto-repair](/kubernetes-engine/docs/how-to/node-auto-repair#disable) if `sosreport` collection cannot be done before the node is terminated by auto-repair. If auto-repair cannot be disabled because the cluster is in release channel, contact Cloud Customer Care for assistance.\n\nThe output of `sosreport` is stored without encryption in a `.tar.xz` archive.\nThe archive may contain personally identifiable information (PII), because it\ncollects data from many critical system components (e.g. journald). The archive\ncan be inspected on the instance, and most content is in plain text. The\n`sosreport` tool is open source, and you can\n[review its code](https://cos.googlesource.com/cos/overlays/board-overlays/+/refs/heads/master/project-lakitu/app-admin/sosreport/).\n\nCollecting the sosreport data\n-----------------------------\n\nTo generate a sosreport:\n\n1. Connect to the instance using the `gcloud compute ssh` command.\n\n ```\n gcloud compute ssh [INSTANCE_NAME] --zone [ZONE] --project [PROJECT_ID]\n ```\n2. Check the OS version:\n\n sudo cat /etc/os-release| egrep -w 'NAME|VERSION'\n\n The output is similar to the following: \n\n NAME=\"Container-Optimized OS\"\n VERSION=105\n\n3. Run the `sos` command that corresponds to your OS version:\n\n### COS 85 and earlier\n\nRun the following `sosreport` command to collect the logs: \n\n sudo sosreport --all-logs --batch --tmp-dir=/var\n\nIf the previous command fails with `sosreport: command not found`, install the\n`sosreport` package and then run the previous `sosreport` command: \n\n sudo toolbox\n sudo apt install sosreport -y\n\n### COS 105 and later\n\nRun the following `sos` command to collect the logs: \n\n sudo sos report --all-logs --batch --tmp-dir=/var\n\nIf the previous command fails with `sos: command not found`, install the\n`sosreport` package and then run the previous `sos report` command: \n\n sudo toolbox\n sudo apt install sosreport -y\n\n### Ubuntu-18 and earlier\n\nRun the following `sosreport` command to collect the logs: \n\n sudo sosreport --all-logs --batch --tmp-dir=/var\n\nIf the previous command fails with `sosreport: command not found`, install the\n`sosreport` package and then run the previous `sosreport` command: \n\n sudo apt install sosreport\n\n### Ubuntu-20 and later\n\nRun the following `sos` command to collect the logs: \n\n sudo sos report --all-logs --batch --tmp-dir=/var\n\nIf the previous command fails with `sos: command not found`, install the\n`sosreport` package and then run the previous `sos report` command: \n\n sudo apt install sosreport\n\nYou can change the directory where the report is stored by passing a\ndifferent directory to the `--tmp-dir` option. You can also change the command's\ndefault behavior by editing `/etc/sos.conf` on the instance.\n\nThe output is stored in a `.tar.xz` file in the directory you specify using the\n`--tmp-dir` option. The location and checksum of the `.tar.xz` file is shown on\nSTDOUT. \n\n Your sosreport has been generated and saved in:\n /var/sosreport-cos-20181106231224.tar.xz\n\n The checksum is: 5a8b97c6020346a688254c8b04ef86ec\n\nViewing the collected data\n--------------------------\n\nThe report is owned by `root` and is not readable by other users. Use the\nfollowing commands to change the owner to your current user and make it readable\nby you. Do not make it world-readable. \n\n```\nTARBALL=[PATH/TO/TARBALL]\nsudo chown $(whoami) $TARBALL\nchmod +r $TARBALL\n```\n\nThen, if you want to view the content of the report on the node, you can extract\nit by running below command: \n\n tar xvf $TARBALL\n\nThe individual report files are now available in a directory in the same\nlocation as the `.tar.xz`. You can view the logs using commands such as `less`, or you\ncan use commands such as `grep` to find information in them.\n| **Note:** If you plan to share the report with Google, please do not modify any files in the report. If you have to modify some files, please also tell us what was modified when sharing the report.\n\nDownload the report\n-------------------\n\nTo download the report to your local machine, use the `gcloud compute scp`\ncommand: \n\n```\ngcloud compute scp $(whoami)@[INSTANCE_NAME]:[PATH/TO/FILE] [LOCAL/PATH/TO/DIRECTORY]\n```"]]
