Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

How to set up a Linux system for a kdump to produce a kernel crash log

How to set up a Linux system for a kdump to produce a kernel crash log

Version

7.2.x (Linux only)

Topic

This document describes how to set up a Linux system for a kdump to produce a kernel crash log

Steps

  1. IMPORTANT: Provide results of following commands. Core file can not be analyzed until the results of the following commands are supplied:
    uname –r
    rpm -qa | grep `uname -r`
  2. Steps to enable kdump are addressed in following document. When kernel crashes, the core file is put in /var/crash subdirectory by default.
    https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-kd...
     
    Run following commands to verify kdump is set and running:

service kdump status
cat /sys/kernel/kexec_crash_loaded (should return 1)
cat /proc/iomem | grep Crash (should return "<some-address> : Crash kernel"

  1. Please check if magic keys for Sysrq is enabled:
    cat /proc/sys/kernel/sysrq
    It should show 1. If not, enable magic keys on the systems. This is the command to enable Sysrq:
    echo 1 > /proc/sys/kernel/sysrq
    Force crash can also be generated using Alt-SysRq-c key combination or using “echo 0 > /proc/sysrq-trigger. The core file should be in /var/crash.
  2. Once you have enabled the kdump and sysrq, and the machine crashes again, please collect and attach to this case the logs from the following locations:
    1. /var/crash/
    2. /srv/bit9/data
Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-06-2015
Views:
759
Contributors