cockroach debug zip command connects to your cluster and gathers information from each active node into a single file (inactive nodes are not included):
- Log files
- Secondary log files (e.g., storage engine logs, execution logs, slow query logs)
- Cluster events
- Schema change events
- Node liveness
- Gossip data
- Stack traces
- Range lists
- A list of databases and tables
- Cluster Settings
- Heap profiles
- Problem ranges
- Thread stack traces (Linux only)
- CPU profiles
Additionally, you can run the
debug merge-logs command to merge the collected logs in one file, making it easier to parse them to locate an issue with your cluster.
The file produced by
cockroach debug zip can contain highly sensitive, identifiable information, such as usernames, hashed passwords, and possibly your table's data. You can use the
--redact-logs flag to redact the sensitive data out of log files and crash reports before sharing them with Cockroach Labs.
There are two scenarios in which
debug zip is useful:
To collect all of your nodes' logs, which you can then parse to locate issues. It's important to note, though, that
debug zipcan only access logs from active nodes. For more information, see Collecting log files below.
If you experience severe or difficult-to-reproduce issues with your cluster, Cockroach Labs might ask you to send us your cluster's debugging information using
cockroach debug zip.
Collecting log files
When you issue the
debug zip command, the node that receives the request connects to each other node in the cluster. Once it's connected, the node requests the content of all log files stored on the node, the location of which is determined by the
--log-dir value when you started the node.
debug zip relies on CockroachDB's distributed architecture, this means that nodes not currently connected to the cluster cannot respond to the request, so their log files are not included. In such situations, we recommend using the
--host flag to point
debug zip at individual nodes until data has been gathered for the entire cluster.
After receiving the log files from all of the active nodes, the requesting node aggregates the files and writes them to an archive file you specify.
You can locate logs in the unarchived file's
debug/nodes/[node dir]/logs directories.
debug subcommands are useful only to CockroachDB's developers and contributors.
$ cockroach debug zip [ZIP file destination] [flags]
It's important to understand that the
[flags] here are used to connect to CockroachDB nodes. This means the values you use in those flags must connect to an active node. If no nodes are live, you must start at least one node.
||The path to the certificate directory. The directory must contain valid certificates if running in secure mode.
||The server host to connect to. This can be the address of any node in the cluster.
||The cluster name to use to verify the cluster's identity. If the cluster has a cluster name, you must include this flag. For more information, see
||Disables the cluster name check for this command. This flag must be paired with
||Run in insecure mode. If this flag is not set, the
||The server port to connect to.
||New in v20.2: Specify nodes to inspect as a comma-separated list or range of node IDs. For example:
||New in v20.2: Specify nodes to exclude from inspection as a comma-separated list or range of node IDs. For example:
||Redact sensitive data from the log files. Note that this flag removes sensitive information only from the log files. The other items (listed above) collected by the
||A connection URL to use instead of the other arguments.
Default: no URL
By default, the
debug zip command logs errors it experiences to
stderr. Note that these are errors executing
debug zip; these are not errors that the logs collected by
debug zip contain.
If you need to troubleshoot this command's behavior, you can also change its logging behavior.
Generate a debug zip file
Generate the debug zip file for an insecure cluster:
$ cockroach debug zip ./cockroach-data/logs/debug.zip --insecure --host=22.214.171.124
Generate the debug zip file for a secure cluster:
$ cockroach debug zip ./cockroach-data/logs/debug.zip --host=126.96.36.199
Redact sensitive information from the logs
Example of a log string without redaction enabled:
server/server.go:1423 ⋮ password of user ‹admin› was set to ‹"s3cr34?!@x_"›
Enable log redaction:
$ cockroach debug zip ./cockroach-data/logs/debug.zip -- redact-logs --insecure --host=188.8.131.52
server/server.go:1423 ⋮ password of user ‹×› was set to ‹×›