SCA Pattern Development
The Supportconfig Analysis (SCA) Tools are support features that analyze supportconfig archives for known issues with the purpose of reducing problem resolution time. The SCA Tools require patterns and comes with a wide variety of existing patterns. However, you may want to include your own troubleshooting patterns for your specific environment, or to contribute back to SUSE. This document will explain what patterns are, how to create and test them, and finally how to activate your patterns in your environment.
What is an SCA Pattern?
A SCA pattern is a script or program that parses supportconfig archives for a known issue. Each pattern evaluates a supportconfig archive for one specific known issue. The pattern provides the solution links that will be included in the SCA Report. These links include the detailed solution(s) to the problem found, and may include knowledge base articles, bug reports or any other web resource. The pattern also determines the severity of the issue found.
Pattern Requirements
Each SCA Pattern must meet the following requirements.
- Written in any programming or scripting language
- Have execute permissions and owned by root
- Accept a -p startup parameter for the path to the extracted archive directory
- Write to stdout a case sensitive, order dependent output string with predefined key/value pairs
- Include at least one solution link
- Return an overall status value between 0 and 6
Output String
The output string is written to stdout and includes the following case sensitive, order dependent key/value pairs separated by a pipe character “|”.
- META_CLASS=<string>
- META_CATEGORY=<string>
- META_COMPONENT=<string>
- PATTERN_ID=<pattern_filename>
- PRIMARY_LINK=META_LINK_<TAG>
- OVERALL=[0-6]
- OVERALL_INFO=<message_string>
- META_LINK_<TAG>=<URL>
A sample output string might look like this:
META_CLASS=SLE|META_CATEGORY=Filesystem|META_COMPONENT=XFS|PATTERN_ID=xfs-7014242.py|PRIMARY_LINK=META_LINK_TID|OVERALL=5|OVERALL_INFO=Outside kernel scope, skipping xlog_space_left test|META_LINK_TID=https://www.suse.com/support/kb/doc.php?id=7014242|META_LINK_BUG=https://bugzilla.novell.com/show_bug.cgi?id=849950
Multiple META_LINK_<TAG> key/value pairs are allowed.
Libraries
The SCA Appliance Server includes libraries for pattern development. The libraries speed up pattern development time by including several functions for parsing supportconfig archive files. Currently there are Bash, Perl and Python libraries. The most commonly used library is Python. Bash is used least due to the increased run time for each bash pattern.
Create a Pattern
The SCA Pattern Database is used to start the pattern creation process. To create a pattern, do the following:
- Confirm the pattern doesn’t already exist
- Go to the SCA Appliance pattern database
- Click “Create a Pattern”
- Fill in the fields, including the Owner field
- Click “Submit Pattern”
- Click on the pattern title from the index page to edit it
- Click “Generate Template”
- Finish the pattern in an editor of your choice
- Save the pattern with the filename test.py for this example
- Make sure the pattern meets the requirements above
Test the Pattern
Once the pattern is complete, you need to test it. I will use a pattern filename called test.py in this example.
- Extract the supportconfig archives you want to test against in the /var/log/archives directory
- Copy the test.py pattern to /root of your SCA Appliance Server
- Change to the /root directory
- Make the pattern executable (chmod 755 /root/test.py)
- Run pat test.py
- The pat script will test your pattern against all extracted supportconfig archives in the /var/log/archives directory
- Make sure there are no failures reported by the pat script.
Activate the Pattern
When your pattern is complete and ready for production, you need to activate it. Once activated, the SCA Appliance Server will use this pattern when analyzing all future supportconfig archives uploaded to the server. To activate your pattern, simply move it to the /usr/lib/sca/patterns/local directory and make sure it is owned by root and has execute permissions.
Related Articles
Feb 15th, 2023
Ransomware Attacks – Part 3, Container Security
Aug 29th, 2024
No comments yet