What data is collected by Red Hat Lightspeed (Insights)?

Environment

• Red Hat® Lightspeed (Insights)
• Red Hat Enterprise Linux® RHEL 6.10 and later
• Red Hat Enterprise Linux® 7.x
• Red Hat Enterprise Linux® 8.x
• Red Hat Enterprise Linux® 9.x
• Red Hat Enterprise Linux® 10.x

Issue

• Before registering my systems with the insights-client and transmitting any data to Red Hat, I would like to generate an offline dump and inspect the data.
• How can I see what information has been collected?

Resolution

NOTE: It is NOT necessary to register the client with insights-client --register in order to perform this offline dump.

1. Generate the dump with insights-client --offline

   [root@test ~]# insights-client --offline
   Starting to collect Insights data for test.example.com
   Archive saved at /var/tmp/mbpH1q/insights-test.example.com-20201016192134.tar.gz
   

2. Extract the dump. In the example above this would be:

   #tar xzf /var/tmp/mbpH1q/insights-test.example.com-20201016192134.tar.gz
   

3. Inspect the extracted data. For example using tree,

  [root@test ~]# tree insights-test.example.com-20201016192134/
insights-test.example.com-20201016192134/
├── blacklist_report
├── boot
│   ├── config-3.10.0-1127.19.1.el7.x86_64
│   ├── config-3.10.0-1127.el7.x86_64
│   └── grub2
│       ├── grub.cfg
│       └── grubenv
├── branch_info
├── egg_release
├── etc
│   ├── audit
│   │   └── auditd.conf
│   ├── chrony.conf
│   ├── default
│   │   └── pulp_workers
│   ├── firewalld
│   │   └── firewalld.conf
│   ├── foreman-installer
│   │   └── custom-hiera.yaml
│   ├── fstab
│   ├── hosts
│   ├── httpd
.
.    <Output Omitted>
.
│   └── log
│       ├── audit
│       │   └── audit.log
│       ├── candlepin
│       │   └── candlepin.log
│       ├── dmesg
│       ├── messages
│       └── yum.log
└── version_info

  133 directories, 452 files

• Current list of files and commands can be viewed via the This content is not included.uploader.json leveraged by the client.

Root Cause

Red Hat Lightspeed (Insights) does not collect personal data, rather it collects data that is used to notify you of flaws or vulnerabilities. You can see exactly what data is collected by running the insights client in --offline mode, extracting the archive, and inspecting the contents.

Diagnostic Steps

• Helpful options can be found using the --help function.

    [root@test ~]# insights-client --help
  usage: insights-client [-h] [--test-connection] [--compliance] [--verbose]
                         [--net-debug] [--conf CONF] [--disable-schedule]
                         [--group GROUP] [--silent] [--support]
                         [--payload PAYLOAD] [--output-file OUTPUT_FILE]
                         [--version] [--output-dir OUTPUT_DIR] [--offline]
                         [--status] [--force-reregister] [--list-specs]
                         [--keep-archive] [--enable-schedule] [--no-upload]
                         [--content-type CONTENT_TYPE]
                         [--display-name DISPLAY_NAME] [--validate]
                         [--show-results] [--logging-file LOGGING_FILE]
                         [--retry RETRIES] [--unregister] [--register] [--quiet]
                         [--diagnosis [DIAGNOSIS]]
  
    optional arguments:
    -h, --help            show this help message and exit
    --verbose             DEBUG output to stdout
    --conf CONF, -c CONF  Pass a custom config file
    --group GROUP         Group to add this system to during registration
    --silent              Display no messages to stdout
    --output-file OUTPUT_FILE, -of OUTPUT_FILE
                          Specify a compressed archive file to write collected
                          data to.
    --version             Display version
    --output-dir OUTPUT_DIR, -od OUTPUT_DIR
                          Specify a directory to write collected data to (no
                          compression).
    --offline             offline mode for OSP use
    --content-type CONTENT_TYPE
                          Content type of the archive specified with --payload
    --display-name DISPLAY_NAME
                          Set a display name for this system.
    --logging-file LOGGING_FILE
                          Path to log file location
    --retry RETRIES       Number of times to retry uploading. 180 seconds
                          between tries
    --quiet               Only display error messages to stdout
  
    actions:
    --compliance          Scan the system using openscap and upload the report
    --disable-schedule    Disable automatic scheduling
    --payload PAYLOAD     Use the Insights Client to upload an archive
    --list-specs          Show insights-client collection specs
    --enable-schedule     Enable automatic scheduling for collection to run
    --validate            Validate remove.conf and tags.yaml
    --show-results        Show insights about this host
    --unregister          Unregister system from the Red Hat Insights Service
    --register            Register system to the Red Hat Insights Service
    --diagnosis [DIAGNOSIS]
                          Retrieve a diagnosis for this system
  
    optional debug arguments:
    --test-connection     Test connectivity to Red Hat
    --net-debug           Log the HTTP method and URL every time a network call
                          is made.
    --support             Create a support logfile for Red Hat Insights
    --status              Check this machine's registration status with Red Hat
                          Insights
    --force-reregister    Forcefully reregister this machine to Red Hat. Use
                          only as directed.
    --keep-archive        Do not delete archive after upload
    --no-upload           Do not upload the archive
  

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.