Working with Snap Files

Edit: Still a valuable technique.

Originally posted June 28, 2016 on AIXchange

Awhile ago Russell Adams posted an interesting message to the AIX mailing list. He wrote about working with AIX snap files and included a link to his website, which provides some background:

“I frequently work with customer systems where I need a systems inventory. This could be for troubleshooting or just to save the final state of a system for later reference.

I have worked with many consultants who have an inventory script they give customers but I have found that I prefer to use the tools native to the platform when they are available. On AIX I use IBM’s native snap command. If you’ve ever been on the phone with IBM support before, you know they barely wait to ask your name before they ask for you to upload a snap.”

The command he runs on all LPARs in the environment is snap -cfgGiknLt. As he explains:

“This gives a good overview of the system without including a system dump. Most of the time the snap files range from 5 MB to 25 MB.

Always run ‘snap -r’ to clear the snap cache in /tmp/ibmsupt before taking a new snap. This is generally safe as the only files it will remove are files snap knows that it wrote.

By renaming the snap file as follows, you can run a couple of scripts to manipulate the data:

    mv /tmp/ibmsupt/snap.pax.Z /tmp/ibmsupt/$(hostname)_$(date +%Y%m%d).snap.pax.Z”

Russell runs his scripts on his Linux machine, but he’s confident that, with a few tweaks, this could run on AIX as well. Hopefully an enterprising reader will take this on and share the results.

There are two scripts: This one uncompresses and normalizes the snaps, while this one extracts the commands.

His site has numerous examples of extracting snap files and running basic commands. Here’s a small subset:

    % ls -l snap.pax.Z
    -rw-rw-r– 1 adamsrl adamsrl 6748366 May 26 17:20 snap.pax.Z

    % ~/scripts/NormalizeSnap.sh snap.pax.Z
    ========================================
    Untarring, # of files: snap.pax.Z
    pax: ustar vol 1, 199 files, 5775360 bytes read, 0 bytes written.
    Checking general exists.
    ./snapRtvZKUtV/general
    Moving subdirs.
    Opening subsnaps.
    Fixing perms.
    Cleaning empty dirs.
    rmdir ./snapRtvZKUtV/testcase ./snapRtvZKUtV/scraid ./snapRtvZKUtV/other     ./snapRtvZKUtV/hacmp
    Collecting data.
    Cleaning dump and security.
    Renaming to final destination
    Retarring files into: ./7044-170_0110BDC8C_GILSAIX_5300-06-00-    0000_20071205_203526.snap.tar.bz2
    Number of files compressed: 194
    Successfully extracted snap to: ./7044-170_0110BDC8C_GILSAIX_5300-06-00-0000_20071205_203526.snap

He adds:

“Now I can also use standard UNIX text utilities to run aggregate reports on the data from the snaps.

Imagine checking 15 hosts for no_reserve on hdisks, or iostat set to true on sys0. This method of working with snaps can be very powerful even in an offline manner.”

I think this is where the real power of this methodology comes into play. With up-to-date snap information from your systems, you can find out quite a bit about an environment without needing to be VPNed in or logged in at all.

In his mailing list post, Russell explains, “In the spirit of cooperation I wanted to share some of the methods I use for working with AIX snap files. I won’t repeat the full article here but it documents a technique I use for offline data mining for AIX systems including ready to run scripts.”

I would hope — as you make your own changes to these methods — that you would also share your improvements.

Are you already using a method like this in your environment? Can you think of ways to enhance it?