Less known Solaris features: About crashes and cores - Part 2: Forcing a dump
Okay, a dumps are not only a consequence of errors. You can force the generation of both kinds. This is really useful when you want to freeze the current state of the system or an application for further examination.
Forcing a core dump
Let´s assume you want to have an core dump of a process running on your system:
Okay, now we can trigger the core dump by using the process id of the process.
Okay, but the kicker is the fact, that the process still runs afterwards. So you can get an core dump of your process for analysis without interrupting it.
Neat isn´t it. Now you can use the mdb
to analyse it, for example to print out the backtrace:
Forcing a crash dump
Okay, you can force a crash dump, too. It´s quite easy. You can trigger it with the uadmin
command.
Why should you do something like that? Well, there are several reasons. For example, when you want to stop a system right at this moment. There is an effect in clusters called “split brain” . This happens, when both nodes of a cluster believe they are the surviving one, because they´ve lost the cluster interconnect(simplification warning ;) ). Sun Cluster can prevent this situation by something called quorum. In a high availability situation the nodes of a cluster try to get this quorum. Whoever gets the quorum, runs the service. But you have to ensure that the other nodes don´t even try to write something to disks. The simplest method: Panic the machine. Another use case would be the detection of an security breach. Let´s assume, your developer integrated a security hole as large as the Rhine into a web applicaiton by accident and now someone else owns your machine. The false reaction would be: Switch the system off or trigger a normal reboot. Both would lead to the loss of the memory content and perhaps the hacker had integrated a tool in the shutdown procedure to erase logs. A more feasible possibility: Trigger a crash dump. You keep the content of the memory and you can analyse it for traces to the attacker.