test

System Administration Guide

Chapter 69 Generating and Saving System Crash Information

This section contains information about enabling and disabling crash dumps, and how to view and collect system messages.

This is a list of the step-by-step instructions in this chapter.

System Crashes

System crashes can occur due to hardware malfunctions, power failures, I/O (input/output) problems, and software errors. If a software glitch, such as a fatal kernel error caused by an operating system bug, causes a system to crash, the system writes an image of its physical memory into a core file at the end of the swap slice of the disk. This file is a snapshot of the state of the kernel, including its program text, data, and control structures, captured at the time of the crash.

Crash Dump (or Core) Files

The crash dump or core file written when a UNIX system crashes can provide clues about what caused the crash if it is examined by an experienced kernel debugger. However, when a UNIX system reboots after a crash, it generally overwrites any core file that may have been produced--unless you have enabled the system to save the core file in a crash dump file.

See "Using Crash Dumps Task Map" for detailed instructions on how to enable a system to save crash dump files. Crash dump files can be very big, so do not retain them longer than necessary.

Saving Crash Dumps

You can examine the control structures, active tables, memory images of a live or crashed system kernel, and other information about the operation of the kernel by using the crash utility. Using crash to its full potential requires a detailed knowledge of the kernel, and is beyond the scope of this manual. See crash(1M)for more details on the operation of the crash utility.

Additionally, crash dumps saved by crash can be useful to send to a customer service representative for analysis of why the system is crashing. If you will be sending crash dump files to a customer service representative, perform the first three tasks listed in "Using Crash Dumps Task Map".

Using Crash Dumps Task Map

Table 69-1 Task Map: Using Crash Dumps
 

Task 

 

Description 

 

For Instructions, Go To 
 

Create a Crash Dump Directory 

 

Create the /var/crash/system-name directory to store crash dump files.

 

"How to Create a Crash Dump Directory"

 
        
 

Reserve Space for Crash Dump Files 

 

Define how much disk space to allow for a crash dump file. 

 

"How to Reserve Space for Crash Dump Files"

 
          
 

Enable Crash Dump Files  

 

Edit the /etc/init.d/sysetup file to activate the saving of crash dump files.

 

"How to Enable Crash Dump Files"

 
          
 

Examine a Crash Dump File  

 

Use the crash command to view crash dump files.

 

"How to Examine a Crash Dump"

 
          
 

Disable Crash Dump Files  

 

Optional.

Edit the /etc/init.d/sysetup file to deactivate the saving of crash dump files.

 

"How to Disable Crash Dump Files"

 
   

Enabling and Disabling Crash Dumps

Enabling a system to save crash dumps involves:

Disabling your system from saving crash dumps involves reversing these procedures.

How to Create a Crash Dump Directory

  1. Become superuser.

  2. Create the /var/crash directory.


    # mkdir /var/crash

  3. Change to the /var/crash directory.


    # cd /var/crash

  4. Create a directory with the name of the system.


    # mkdir system-name

    system-name

    The system for which you want to save crash dump files. 

  5. Verify the directory has been created.


    # ls system-name

Example--Creating a Directory to Save Crash Dump Files

The following example shows how to create a directory to save crash dump files for the system saturn. 


# mkdir /var/crash
# cd /var/crash
# mkdir saturn
# ls
 saturn

How to Reserve Space for Crash Dump Files

  1. Be sure you have completed any required tasks identified in Table 69-1.

  2. Become superuser.

  3. Change to the /var/crash/system-name directory. 


    # cd /var/crash/system-name

    system-name

    The system for which you want to save crash dump files. 

  4. Using the editor of your choice, create a file named minfree that contains a number specifying the minimum available free space (in kilobytes) that must remain available for crash dumps.

  5. Exit the file, saving changes.

Example--Reserving Space for Crash Dump Files

The following example shows the contents of a minfree file that reserves 500 Kbytes of available free space to contain crash dump files for the system saturn.


$ more /var/crash/saturn/minfree
500

How to Enable Crash Dump Files

  1. Be sure you have completed any required tasks identified in Table 69-1.

  2. Become superuser.

  3. Using the editor of your choice, edit the /etc/init.d/sysetup file, activating the lines that enable the crash dumps by deleting the comment marks (#) from the beginning of those lines.

  4. Exit the file, saving the changes.

Example--Enabling Crash Dump Files

The following example shows the appropriate section of the /etc/init.d/sysetup file that has been edited to enable crash dumps. 


##
## Default is to not do a savecore
##
If [ ! -d /var/crash/`uname -n` ]
then mkdir -m 0700 -p /var/crash/`uname -n`
fi
     echo 'checking for crash dump...\c '
savecore /var/crash/`uname -n`
     echo ''

How to Examine a Crash Dump

  1. Become superuser.

  2. Examine a crash dumps by using the crash utility. 


    # /usr/sbin/crash [-d crashdump-file] [-n name-list] [-w output-file]

    -d crashdump-file

    Specifies a file to contain the system memory image. The default crash dump file is /dev/mem.

    -n name-list

    Specifies a text file to contain symbol table information if you want to examine symbolic access to the system memory image. The default file name is /dev/ksyms.

    -w output-file

    Specifies a file to contain output from a crash session. The default is standard output. 

  3. Display crash status information.


    # /usr/sbin/crash
dumpfile = /dev/mem, namelist = /dev/ksyms, outfile = stdout
> status
   .
   .
   .
> size buf proc queue
   .
   .
   .

Example--Examining a Crash Dump

The following example shows sample output from the crash utility. Information about status, and about the buffer, process, and queue size is displayed. 


# /usr/sbin/crash
dumpfile = /dev/mem, namelist = /dev/ksyms, outfile = stdout
> status
system name:    SunOS
release:        5.6
node name:      saturn
version:        Generic
machine name:   sun4m
time of crash:  Fri Jan 10 14:14:39 1997
age of system:  60 day, 5 hr., 24 min.
panicstr:
panic registers:
        eip: 0     esp: 0
> size buf proc queue
120
1552
88

How to Disable Crash Dump Files

  1. Become superuser.

  2. Edit the /etc/init.d/sysetup file, inserting a comment mark (#) at the beginning of each of the lines shown below. 


    #if [ ! -d /var/crash/`uname -n` ]
#then mkdir -p /var/crash/`uname -n`
#fi
#                echo `checking for crash dump...\c `
#savecore /var/crash/`uname -n`
#                echo ''

  3. Save the changes.

  4. Remove the file set up for crash dumps from the /var/crash directory.


    # rm -rf /var/crash/system-name

    system-name

    Name of the system which will no longer save crash dump files.