Re: Analysing a REDHAT ES4 crash

From: Jan Gerrit Kootstra <jan.gerrit@xxxxxxxxxxxxxxx>
Date: Wed, 22 Feb 2006 04:51:20 +0100

parvinderb@xxxxxxxxx wrote:

In addition: inside the var/log/messages I don't find anything
misbehaving:

its between these two time the crash happened:

Feb 20 23:01:01 LSAGG151 crond(pam_unix)[4183]: session closed for user
root
Feb 21 00:54:41 LSAGG151 syslogd 1.4.1: restart.

Here is little bit more:

Feb 20 21:01:02 LSAGG151 crond(pam_unix)[4163]: session opened for user
root by (uid=0)
Feb 20 21:01:02 LSAGG151 crond(pam_unix)[4163]: session closed for user
root
Feb 20 21:30:01 LSAGG151 crond(pam_unix)[4165]: session opened for user
root by (uid=0)
Feb 20 21:30:00 LSAGG151 crond(pam_unix)[4165]: session closed for user
root
Feb 20 22:00:01 LSAGG151 crond(pam_unix)[4169]: session opened for user
root by (uid=0)
Feb 20 22:00:00 LSAGG151 crond(pam_unix)[4169]: session closed for user
root
Feb 20 22:01:02 LSAGG151 crond(pam_unix)[4173]: session opened for user
root by (uid=0)
Feb 20 22:01:02 LSAGG151 crond(pam_unix)[4173]: session closed for user
root
Feb 20 22:30:01 LSAGG151 crond(pam_unix)[4175]: session opened for user
root by (uid=0)
Feb 20 22:30:00 LSAGG151 crond(pam_unix)[4175]: session closed for user
root
Feb 20 23:00:01 LSAGG151 crond(pam_unix)[4179]: session opened for user
root by (uid=0)
Feb 20 23:00:00 LSAGG151 crond(pam_unix)[4179]: session closed for user
root
Feb 20 23:01:01 LSAGG151 crond(pam_unix)[4183]: session opened for user
root by (uid=0)
Feb 20 23:01:01 LSAGG151 crond(pam_unix)[4183]: session closed for user
root
Feb 21 00:54:41 LSAGG151 syslogd 1.4.1: restart.
Feb 21 00:54:41 LSAGG151 syslog: syslogd startup succeeded
Feb 21 00:54:42 LSAGG151 kernel: klogd 1.4.1, log source = /proc/kmsg
started.
Feb 21 00:54:42 LSAGG151 kernel: Bootdata ok (command line is ro
root=LABEL=/)
Feb 21 00:54:42 LSAGG151 kernel: Linux version 2.6.9-11.ELsmp
(bhcompile@xxxxxxxxxxxxxxxxxxxxxx) (gcc version 3.4.3 20050227 (Re
d Hat 3.4.3-22)) #1 SMP Fri May 20 18:25:30 EDT 2005
Feb 21 00:54:42 LSAGG151 kernel: BIOS-provided physical RAM map:
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 0000000000000000 -
000000000009a000 (usable)
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 000000000009a000 -
00000000000a0000 (reserved)
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 00000000000d0000 -
0000000000100000 (reserved)
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 0000000000100000 -
00000000fbf70000 (usable)
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 00000000fbf70000 -
00000000fbf77000 (ACPI data)
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 00000000fbf77000 -
00000000fbf80000 (ACPI NVS)
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 00000000fbf80000 -
00000000fc000000 (reserved)
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 00000000fec00000 -
00000000fec00400 (reserved)
Feb 21 00:54:42 LSAGG151 syslog: klogd startup succeeded
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 00000000fee00000 -
00000000fee01000 (reserved)
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 00000000fff80000 -
0000000100000000 (reserved)
Feb 21 00:54:42 LSAGG151 kernel: BIOS-e820: 0000000100000000 -
0000000200000000 (usable)
Feb 21 00:54:42 LSAGG151 irqbalance: irqbalance startup succeeded

Parvinderb,

I do not see strange things happening.

I changed the configuration of the syslog daemon to get more messages in a logfile

in /etc/syslog.conf I added the following lines

# everything
*.* /var/log/debug

Hint I got from a collegue some years ago.

To add it to the logrotate cycle, edit /etc/logrotate.d/syslog
put /var/log/debug in the first line.

Also activate compression in /etc/logrotate.conf

Then restart the syslog daemon to make the changes active.

service syslog restart

Hopefully a new crash analysis will be easier, having more data available.

Kind regards,

Jan Gerrit Kootstra
.

References:
- Analysing a REDHAT ES4 crash
  - From: parvinderb
- Re: Analysing a REDHAT ES4 crash
  - From: Jan Gerrit Kootstra
- Re: Analysing a REDHAT ES4 crash
  - From: ynotssor
- Re: Analysing a REDHAT ES4 crash
  - From: parvinderb

Prev by Date: Re: Silly questions on FC4 - TELNET Service.
Next by Date: Re: take a look
Previous by thread: Re: Analysing a REDHAT ES4 crash
Next by thread: setting default permissions
Index(es):
- Date
- Thread

Relevant Pages

Re: Annoying system logging problem...
... >> logging seems to get all jammed up. ... When it crams up, I can't log in as root, or anyone else. ... as does anything else that uses the syslog facility. ... Any relevant and/or useful help would be much appreciated. ...
(alt.os.linux)
Re: syslog logging
... > Sudo is fairly easy - logging via syslog is compiled in. ... > A keystroke logger only activated when root logs in? ... Freedom is a well armed sheep contesting the results of the ...
(Focus-SUN)
Re: Seeing who has su-ed
... >who do an su to become root, then rather than exiting, they su again to go ... A typical default would direct logging to syslog, ...
(Focus-Linux)
syslog logging
... - All sudo activities ... Anything that could be related with "root" command ... Sudo is fairly easy - logging via syslog is compiled in. ...
(Focus-SUN)
RE: Logging HP Laserjet Printer to a linux machine
... You'll need to have y your RHEL 3 machine accept syslog messages from ... Verify the syslog daemon is accepting connections ...
(RedHat)