Hang:-
potentially limited or no forensic information
System is up or unresponsive
crash:-
Potentially Limited forensic information
system down or rebooted
Panics:-
Maximum potentially forensic information
system down or rebooted
=================================================
Forensic Information sources
:-console
:-syslog, typically loged to
/var/adm/messages
:-corefile or crash dumps
===============================================
Core File
A dump of contents of all memory allocated to the process
intert and static state of state.
process core files are dumped to the working directory by default.
Core file properties managed via coreadm
requires the same libraries to be read.
=================================================
Crash dump
A dump of contents of all memory allocates to the kernel
Inert and static record of state
Written to pre-specified dump device or swap partition.
:-Written Backwards.
Reading requires the same OS version.
Kernel core file facility Managed via dumpadm.
=================================================
PANIC
-Kernel detected inconsistency
-Protected by exiting
-Three major taks to be performed in a system panic:
Record information about tha panic in memory (making it part of crash dump)
synchronise the filesystem to preserve user file data
generated the crash dump
=================================================
No comments:
Post a Comment