Technical Blog Post
Ever wondered why IBM asks for ITM pdcollects and why they are so large?
One of the first things we often ask when we look at a Case is a pdcollect.
I know that this is sometimes frustrating to have to send as it can be large and it can be hard to get from non local machines.
Well I am going to try and explain why we need the pdcollects and what we do with them when we get them.
Usually we ask for a full pdcollect so we have everything that we need and so we do not have to keep asking for different files or information about the environment.
It is now possible with the later releases (starting at 6.23 ) to use the command tacmd pdcollect which will allow you to collect the pdcollect from a remote system and save them locally. The old command pdcollect does still work, but may be removed at a later release.
You can also cut down what output that is sent, however if you do remove something we need we will just have to ask for the pdcollect again.
So let’s go through what is in a pdcollect:
Once a pdcollect is uncompressed, and dived into, we are given a set of files and directories something like this:
What names are used depends on operating system and what ITM products are installed.
The above output has been taken from a windows environment which has TEPS and TEMS installed.
The files listed give us a lot of information about the general setup, so
cinfo.info gives us what ITM products are installed and what versions
dir.info gives a list of all the files in the ITM install directory which can be very useful as the pdcollect does not collect all the files, but we can check date, permissions and such from this file .
I will not go through all of those files, but they give us some system information that we sometimes need to refer to for checking configuration. This stops us asking a large number of questions about the environment!
The directories sent are linked to ITM information.
Obviously logs is a very important directory to send, as that is usually the starting place for any investigation.
The conf directory generally gives the configuration files for the ITM components.
However there can be logs and config files elsewhere in these directories; it depends so much on setup.
On a TEMS environment there will also be a directory containing the TEMS database tables (CMS on windows; hub name on unix/linux) ; these we can extract and this can give us extra information that is not in the logs.
So everything we ask for in a pdcollect is useful, it does save us time as we may not know when we first start reviewing the logs what other pieces of information we need or need to rule out. We also do not like to assume anything so even if you have sent this information a month ago on a different pmr , we will need it again so that we can see any changes.
Running tacmd pdcollect:
It is still possible to run pdcollect as a command but the tacmd version now has a number of options, these are listed and explained in full in the Command Reference guide.
Things to note;
-s allows you to run the command on a remote machine, if not given it will be the local machine. If a remote machine is used a user and password will be needed.
-c is needed if the install directory is not the default.
-d allows the location of the pdcollect tar file to be set, as default the local temp folder is used.
-a sets the tar file name. Default is pdcollect-HOSTNAME, however to send to IBM the file needs to have the pmr number at the start for example 62064.499.000-pdcollect-HOSTNAME
-0 allows some files not to be collected and this can reduce the size of the pdcollect, these are:
noapp Specifies that application event log data is not to be collected.
nosec Specifies that security event log data is not to be collected.
nosys Specifies that system event log data is not to be collected.
noevent Specifies that no event log data is to be collected. Equivalent to specifying noapp, nosec and nosys.
nohist Specifies that history files are not to be collected. These are not needed unless historical data is being looked at.
nologs Specifies that IBM Tivoli Monitoring log and trace files are not to be collected. If nologs is specified, neither logs or audit logs are collected. This is not recommended as the logs are usually what we need to look at first.
noprompt Specifies that all interactions with the user are suppressed.
noaudit Specifies that IBM Tivoli Monitoring audit log files are not to be collected.
Note: The options noapp, nosec, nosys, and noevent apply only if the target machine is Windows.
Here is a screen shot of a tacmd pdcollect running with no options:
As before you can review the files in the directory stated before they are archived and remove any files that you do not want sent.
To reduce the size of the pdcollect, one area to look at is the logs directory. If you generally keep this tidy and do not keep too many logs, this will help. Obviously if tracing has been set the logs will be larger.
Please do not just delete all older files, as it is useful to check back install logs from when ever they were done.
As with the options above if there are a lot of history files collected on the machine (be it TEMS or agent ) and the Case is not about historical data, this can be stopped from being collected, or removed in a review.
You may be tempted just to send some of the ras1 logs, especially if you have seen an error in one. If you do this please send the whole set of logs.
For example sj-itm63_ms_4c5a87d5-03.log might be the log with the error, but we would need at least
sj-itm63_ms_4c5a87d5-0x.log where x is the any other number
that would allow us to start to look at the issue, but we may ask for a full pdcollect once the logs are reviewed.
For full details of the pdcollect command see the command Reference Guide here: