xorg_event.conf000064400000001716147207416210007604 0ustar00EVENT=post-create analyzer=xorg # Blacklist known binary-only modules. # Generate duplicate detection hashes. abrt-action-analyze-xorg # # Get versions of binaries listed in Xorg backtrace abrt-action-list-dsos -m backtrace -o dso_list # test -f /var/log/Xorg.0.log && cp /var/log/Xorg.0.log . test -f /etc/X11/xorg.conf && cp /etc/X11/xorg.conf . test -d /etc/X11/xorg.conf.d && tar czf etc_X11_xorg_conf_d.tar.gz /etc/X11/xorg.conf.d test -d /usr/share/X11/xorg.conf.d && tar czf usr_share_xorg_conf_d.tar.gz /usr/share/X11/xorg.conf.d # # >> instead of > is due to bugzilla.redhat.com/show_bug.cgi?id=854266 dmesg >>dmesg # # save lspci -vvv output? EVENT=report_Bugzilla analyzer=xorg reporter-bugzilla -b # TODO? -F /etc/libreport/plugins/bugzilla_format_xorg.conf # Automatic/simple GUI-based xorg problems reporting will do this: EVENT=report-gui analyzer=xorg report-gtk -- "$DUMP_DIR" EVENT=report-cli analyzer=xorg report-cli -- "$DUMP_DIR" rhtsupport_event.conf000064400000000363147207416210011054 0ustar00# EVENT=report_RHTSupport # Submit an uReport and create a case in Red Hat Customer Portal # reporter-rhtsupport -u # EVENT=report_RHTSupport_AddData # Attach data to a case in Red Hat Customer Portal # reporter-rhtsupport -t ccpp_event.conf000064400000011317147207416210007550 0ustar00EVENT=post-create analyzer=CCpp if grep '^TracerPid:[[:space:]]*[123456789]' proc_pid_status >/dev/null 2>&1; then # We see 'TracerPid: " in /proc/PID/status # Process is ptraced (gdb, strace, ltrace) # Debuggers have wide variety of bugs where they leak SIGTRAP # to traced process and nuke it. Ignore this crash. echo "The crashed process was ptraced - not saving the crash" exit 1 # abrt will remove the problem directory fi if grep -q ^ABRT_IGNORE_ALL=1 environ \ || grep -q ^ABRT_IGNORE_CCPP=1 environ \ ; then echo "ABRT_IGNORE variable is 1 - not saving the crash" # abrtd will delete the problem directory when we exit nonzero: exit 1 fi # Try generating backtrace, if it fails we can still use # the hash generated by abrt-action-analyze-c [ ! -e core_backtrace ] && abrt-action-generate-core-backtrace # Run GDB plugin to see if crash looks exploitable [ -r coredump ] && abrt-action-analyze-vulnerability # Generate hash abrt-action-analyze-c && abrt-action-list-dsos -m maps -o dso_list && ( # Try to save relevant log lines. # Can't do it as analyzer step, non-root can't read log. executable=`cat executable` && base_executable=${executable##*/} && # Test if the current version of journalctl has --system switch journalctl --system -n1 >/dev/null if [ $? -ne 0 ]; then # It's not an error if /var/log/messages isn't readable: test -f /var/log/messages || exit 0 test -r /var/log/messages || exit 0 log=`grep -F -e "$base_executable" /var/log/messages | tail -99` else uid=`cat uid` && log="[System Logs]:\n" && log=$log`journalctl -b --system | grep -F -e "$base_executable" | tail -99` && log=$log"\n[User Logs]:\n" && log=$log`journalctl _UID="$uid" -b | grep -F -e "$base_executable" | tail -99` && log=`echo -e "$log"` fi if test -n "$log"; then printf "%s\n" "$log" >var_log_messages # echo "Element 'var_log_messages' saved" fi ) EVENT=collect_xsession_errors analyzer=CCpp dso_list~=.*/libX11.* # # Where is X session error log - traditional or new location? # xsession_errors=~/.xsession-errors test -f "$xsession_errors" || xsession_errors=~/.cache/gdm/session.log # # We do not want to abort further processing, # thus we do not fail (exit with nonzero) if the file isn't there: test -f "$xsession_errors" || { echo "No $xsession_errors"; exit 0; } test -r "$xsession_errors" || { echo "Can't read $xsession_errors"; exit 0; } executable=`cat executable` && base_executable=${executable##*/} && grep -F -e "$base_executable" "$xsession_errors" | tail -999 >xsession_errors && echo "Element 'xsession_errors' saved" # TODO: can we still specify additional directories to search for debuginfos, # or was this ability lost with move to python installer? EVENT=analyze_LocalGDB analyzer=CCpp # Run GDB plugin to see if crash looks exploitable abrt-action-analyze-vulnerability # Run GDB to genereate backtrace abrt-action-analyze-ccpp-local --without-bz # Bugzilla requires nonempty duphash EVENT=report_Bugzilla analyzer=CCpp duphash!= test -f component || abrt-action-save-package-data component="`cat component`" format="bugzilla_format.conf" test -f "/etc/libreport/plugins/bugzilla_format_$component.conf" \ && format="bugzilla_format_$component.conf" formatdup="bugzilla_formatdup.conf" test -f "/etc/libreport/plugins/bugzilla_formatdup_$component.conf" \ && formatdup="bugzilla_formatdup_$component.conf" reporter-bugzilla -b \ -c /etc/libreport/plugins/bugzilla.conf \ -F "/etc/libreport/plugins/$format" \ -A "/etc/libreport/plugins/$formatdup" # Send micro report EVENT=report_uReport analyzer=CCpp /usr/libexec/abrt-action-ureport # update ABRT database after successful report to bugzilla EVENT=post_report analyzer=CCpp reporter-ureport -A -B exit 0 EVENT=analyze_CCpp analyzer=CCpp abrt-action-perform-ccpp-analysis # Reporting of C/Cpp problems EVENT=report-gui analyzer=CCpp report-gtk -- "$DUMP_DIR" EVENT=report-cli analyzer=CCpp report-cli -- "$DUMP_DIR" mdadm_event.conf000064400000000235147207416210007702 0ustar00# Save /proc/mdstat in case of crash in mdadm/mdmon EVENT=post-create component=mdadm cat /proc/mdstat >> mdstat_data echo "Saved output of /proc/mdstat" ccpp_retrace_event.conf000064400000000231147207416210011246 0ustar00EVENT=analyze_RetraceServer analyzer=CCpp abrt-retrace-client batch --dir "$DUMP_DIR" --status-delay 10 && abrt-action-analyze-backtrace koops_event.conf000064400000003164147207416210007757 0ustar00# Analyze EVENT=post-create analyzer=Kerneloops # >> instead of > is due to bugzilla.redhat.com/show_bug.cgi?id=854266 # 'dmesg' file is required by check-oops-for-hw-error dmesg >>dmesg # Do not fail the event (->do not delete problem dir) # if check-oops-for-hw-error exits nonzero: { abrt-action-check-oops-for-hw-error || true } && { # run abrt-action-analyze-oops only if check-hw-error didn't create the # required files if test ! -f uuid -a ! -f duphash; then abrt-action-analyze-oops || exit 1 fi } && abrt-action-save-kernel-data # If you want behavior similar to one provided by kerneloops daemon # distributed by kerneloops.org - that is, if you want # oopses to be reported automatically and immediately without # user interaction, uncomment this line: #EVENT=post-create analyzer=Kerneloops reporter-kerneloops # Report #EVENT=report_Kerneloops analyzer=Kerneloops reporter-kerneloops EVENT=report_Bugzilla analyzer=Kerneloops reporter-bugzilla -b \ -F /etc/libreport/plugins/bugzilla_format_kernel.conf # Send micro report EVENT=report_uReport analyzer=Kerneloops /usr/libexec/abrt-action-ureport # Update ABRT database after successful report to bugzilla EVENT=post_report analyzer=Kerneloops reporter-ureport -A -B exit 0 # Automatic/simple GUI-based kernel oopses reporting will do this: EVENT=report-gui analyzer=Kerneloops report-gtk -- "$DUMP_DIR" EVENT=report-cli analyzer=Kerneloops report-cli -- "$DUMP_DIR" vimrc_event.conf000064400000002677147207416210007754 0ustar00# Exemple events that allow the reporter to attach vim configuration files # whenever vim crash is reported. EVENT=collect_vimrc_user component=vim # there has to be a comment here, otherwise # the next line is interpreted as a condition vimrc=~/.vimrc gvimrc=~/.gvimrc saved=none if [ -r $vimrc -a -f $vimrc ]; then cp $vimrc user_vimrc || exit $? saved="$saved, user_vimrc" else echo "File $vimrc not found" fi if [ -r $gvimrc -a -f $gvimrc ]; then cp $gvimrc user_gvimrc || exit $? saved="$saved, user_gvimrc" else echo "File $gvimrc not found" fi echo "Elements saved: ${saved#none, }" EVENT=collect_vimrc_system component=vim # there has to be a comment here, otherwise # the next line is interpreted as a condition vimrc=/etc/vimrc gvimrc=/etc/gvimrc saved=none if [ -r $vimrc -a -f $vimrc ]; then cp $vimrc system_vimrc || exit $? saved="$saved, system_vimrc" else echo "File $vimrc not found" fi if [ -r $gvimrc -a -f $gvimrc ]; then cp $gvimrc system_gvimrc || exit $? saved="$saved, system_gvimrc" else echo "File $gvimrc not found" fi echo "Elements saved: ${saved#none, }" smart_event.conf000064400000001711147207416210007746 0ustar00# Access to /dev/sda usually requires root. # skdump is usually in /usr/sbin. # Therefore we run it as post-create event, thus: under root. # # The code is identical for all three packages. # # To be moved to the packages, so that it is (de)installed # together with these packages. EVENT=post-create component=gnome-disk-utility which skdump >/dev/null 2>&1 || exit 0 for f in /dev/[sh]d[a-z]; do test -e "$f" || continue skdump "$f" echo done >smart_data EVENT=post-create component=libatasmart which skdump >/dev/null 2>&1 || exit 0 for f in /dev/[sh]d[a-z]; do test -e "$f" || continue skdump "$f" echo done >smart_data EVENT=post-create component=udisks which skdump >/dev/null 2>&1 || exit 0 for f in /dev/[sh]d[a-z]; do test -e "$f" || continue skdump "$f" echo done >smart_data mailx_event.conf000064400000000313147207416210007727 0ustar00EVENT=notify reporter-mailx --notify-only -c /etc/libreport/plugins/mailx.conf EVENT=notify-dup reporter-mailx --notify-only -c /etc/libreport/plugins/mailx.conf EVENT=report_Mailx reporter-mailx abrt_event.conf000064400000011546147207416210007557 0ustar00# This configuration file specifies which programs should be run # when the specified event occurs in problem directory lifetime. # # It consists of directives and rules. # # Directives start with a reserved word. Currently, there is only one # directive, "include". Its format is "include FILE". # It causes files which match FILE to be read and # parsed as if they are inserted textually where this directive # occurs. FILE can use shell pattern metacharacters (*,?,etc) to # specify multiple files. Relative paths are interpreted relative # to current file. # # Rule starts with a line with non-space leading character. # All subsequent lines which start with space or tab form one rule. # Note that separating newline is *retained*. Example: # EVENT=post-create date >/tmp/dt # semicolon is not needed here! # echo $HOSTNAME `uname -r` # # Rules may be commented out with #. One # is sufficient to comment out # even a multi-line rule (no need to comment out every line). # # Rules specify which programs to run on the problem directory. # Each rule may have conditions to be checked before the program is run. # # Conditions have form VAR[!]=VAL or VAL~=REGEX, where VAR is either # word "EVENT" or a name of problem directory element to be checked # (for example, "executable", "package", hostname" etc). # # If all conditions match, the remaining part of the rule # (the "program" part) is run in the shell. # All shell language constructs are valid. # All stdout and stderr output is captured and passed to abrt # and possibly to abrt's frontends and shown to the user. # # If the program terminates with nonzero exit code, # the event processing is considered unsuccessful and is stopped. # Last captured output line, if any, is considered to be # the error message indicating the reason of the failure, # and may be used by abrt as such. # # If the program terminates successfully, next rule is read # and processed. This process is repeated until the end of this file. # Determine in which package/component the crash happened (if not yet done): EVENT=post-create component= remote!=1 abrt-action-save-package-data # Example: if you want all users (not just root) to be able to see some problems: #EVENT=post-create rm uid; chmod a+rX . # uid file is missing for problems visible to all users # (oops scanner is often set up to not create it). # Record username only if uid element is present: EVENT=post-create if [ -f uid ]; then getent passwd "`cat uid`" | cut -d: -f1 >username; fi # Record runlevel (if not yet done) and don't return non-0 if it fails: EVENT=post-create runlevel= runlevel >runlevel 2>&1 exit 0 # Example: if you want to save sosreport immediately at the moment of a crash: # (alternatively, you can add similar command to EVENT=analyze_foo's, # if you would rather perform this collection later): #EVENT=post-create nice sosreport --tmp-dir "$DUMP_DIR" --batch \ --only=anaconda --only=boot --only=devicemapper \ --only=filesys --only=hardware --only=kernel --only=libraries \ --only=memory --only=networking --only=nfs --only=pam \ --only=process --only=rpm -k rpm.rpmva=off --only=ssh \ --only=services --only=yum --only=date --only=host --only=x11 \ --only=cups --only=logs --only=grub2 --only=cron --only=pci \ --only=auditd --only=selinux --only=lvm2 --only=sar \ --only=processor \ >sosreport.log 2>&1 \ && { rm sosreport.log rm sosreport*.md5 mv sosreport*.tar.bz2 sosreport.tar.bz2 mv sosreport*.tar.xz sosreport.tar.xz exit 0 } 2>/dev/null # Error in sosreport run. Let user see the problem. echo "sosreport run failed with exit code $?, log follows:" # sosreport prints many useless empty lines, nuke them: # it looks awful in syslog otherwise. cat sosreport.log | sed 's/ *$//' | grep -v '^$' rm sosreport.log exit 1 # Example: if you want to include *machineid* in dump directories: EVENT=post-create /usr/libexec/abrt-action-generate-machine-id -o $DUMP_DIR/machineid >>event_log 2>&1 || : # Example: if you want to upload data immediately at the moment of a crash: #EVENT=post-create reporter-upload -u scp://user:password@server.name/var/spool/abrt-upload || : #open-gui event is used by abrt-gui's "Edit"->"Open problem data" EVENT=open-gui report-gtk -x -- "$DUMP_DIR" # Notify a new crash EVENT=notify package!= abrt-action-notify -d $DUMP_DIR true # ignore failures because we want to run all 'notify' events # Notify a new occurrence of a single crash EVENT=notify-dup package!= abrt-action-notify -d $DUMP_DIR true # ignore failures because we want to run all 'notify' events python_event.conf000064400000002305147207416210010141 0ustar00EVENT=post-create analyzer=Python # (For now this has no effect since python hook doesn't save environ) if grep -q ^ABRT_IGNORE_ALL=1 environ \ || grep -q ^ABRT_IGNORE_PYTHON=1 environ \ ; then echo "ABRT_IGNORE variable is 1 - not saving the crash" # abrtd will delete the problem directory when we exit nonzero: exit 1 fi abrt-action-analyze-python EVENT=report_Bugzilla analyzer=Python component!=anaconda test -f component || abrt-action-save-package-data reporter-bugzilla -b \ -c /etc/libreport/plugins/bugzilla.conf \ -F /etc/libreport/plugins/bugzilla_format.conf \ -A /etc/libreport/plugins/bugzilla_formatdup.conf # Send micro report EVENT=report_uReport analyzer=Python /usr/libexec/abrt-action-ureport # update ABRT database after successful report to bugzilla EVENT=post_report analyzer=Python reporter-ureport -A -B exit 0 # Reporting of python exceptions EVENT=report-gui analyzer=Python component!=anaconda report-gtk -- "$DUMP_DIR" EVENT=report-cli analyzer=Python component!=anaconda report-cli -- "$DUMP_DIR" gconf_event.conf000064400000000734147207416210007720 0ustar00EVENT=collect_GConf analyzer=CCpp dso_list~=.*/libgconf-2.* # assumption: gconftool-2 is present because libgconf is executable=`cat executable` && gconfdir="/apps/${executable##*/}" && { gconftool-2 --dir-exists=$gconfdir || { echo "GConf directory $gconfdir does not exist"; exit 0; } } && gconftool-2 --recursive-list $gconfdir >gconf_subtree && echo "Element 'gconf_subtree' saved" vmcore_event.conf000064400000004505147207416210010117 0ustar00EVENT=post-create analyzer=vmcore ( # If kdump machinery already extracted dmesg... if test -f vmcore-dmesg.txt; then # ...use that abrt-dump-oops -u $DUMP_DIR vmcore-dmesg.txt || exit $? # # Does "kernel" element exist? test -f kernel && exit 0 # # Try creating it from vmcore-dmesg.txt: # MCE oopses don't have kernel version in them, # but it should be specified earlier in the log. k=`sed -n '/Linux version/ s/.*Linux version \([^ ]*\) .*/\1/p' vmcore-dmesg.txt | tail -n1` test "$k" != "" && printf "%s" "$k" >kernel else # No vmcore-dmesg.txt, do it the hard way: abrt-action-analyze-vmcore || exit $? # # Does "kernel" element exist? test -f kernel && exit 0 # # Try creating it from dmesg_log (created by abrt-action-analyze-vmcore): test -f dmesg_log || exit 0 k=`sed -n '/Linux version/ s/.*Linux version \([^ ]*\) .*/\1/p' dmesg_log | tail -n1` test "$k" != "" && printf "%s" "$k" >kernel fi ) # Do not fail the event (->do not delete problem dir) # if check-oops-for-hw-error exits nonzero: { abrt-action-check-oops-for-hw-error || true; } # analyze EVENT=analyze_VMcore analyzer=vmcore abrt-action-analyze-oops && abrt-action-save-kernel-data # If you want behavior similar to one provided by kerneloops daemon # distributed by kerneloops.org - that is, if you want # oopses to be reported automatically and immediately without # user interaction, uncomment this line: #EVENT=post-create analyzer=vmcore reporter-kerneloops # report EVENT=report_Kerneloops analyzer=vmcore reporter-kerneloops EVENT=report_Bugzilla analyzer=vmcore reporter-bugzilla -b \ -F /etc/libreport/plugins/bugzilla_format_kernel.conf # update ABRT database after successful report to bugzilla EVENT=post_report analyzer=vmcore reporter-ureport -A -B exit 0 # Send micro report EVENT=report_uReport analyzer=vmcore /usr/libexec/abrt-action-ureport EVENT=report-gui analyzer=vmcore report-gtk -- "$DUMP_DIR" EVENT=report-cli analyzer=vmcore report-cli -- "$DUMP_DIR" centos_report_event.conf000064400000003532147207416210011511 0ustar00EVENT=report_CentOSBugTracker analyzer=xorg reporter-mantisbt EVENT=report_CentOSBugTracker analyzer=Kerneloops reporter-mantisbt EVENT=report_CentOSBugTracker analyzer=vmcore reporter-mantisbt EVENT=report_CentOSBugTracker analyzer=Python component!=anaconda test -f component || abrt-action-save-package-data reporter-mantisbt \ -c /etc/libreport/plugins/mantisbt.conf \ -F /etc/libreport/plugins/mantisbt_format.conf \ -A /etc/libreport/plugins/mantisbt_formatdup.conf EVENT=report_CentOSBugTracker analyzer=Python3 component!=anaconda test -f component || abrt-action-save-package-data reporter-mantisbt \ -c /etc/libreport/plugins/mantisbt.conf \ -F /etc/libreport/plugins/mantisbt_format.conf \ -A /etc/libreport/plugins/mantisbt_formatdup.conf EVENT=report_CentOSBugTracker analyzer=CCpp duphash!= test -f component || abrt-action-save-package-data component="`cat component`" format="mantisbt_format.conf" test -f "/etc/libreport/plugins/mantisbt_format_$component.conf" \ && format="mantisbt_format_$component.conf" formatdup="mantisbt_formatdup.conf" test -f "/etc/libreport/plugins/mantisbt_formatdup_$component.conf" \ && formatdup="mantisbt_formatdup_$component.conf" reporter-mantisbt \ -c /etc/libreport/plugins/mantisbt.conf \ -F "/etc/libreport/plugins/$format" \ -A "/etc/libreport/plugins/$formatdup" EVENT=report_CentOSBugTracker analyzer=libreport reporter-mantisbt \ -c /etc/libreport/plugins/mantisbt.conf \ -F /etc/libreport/plugins/mantisbt_format_analyzer_libreport.conf \ -A /etc/libreport/plugins/mantisbt_formatdup_analyzer_libreport.conf