From owner-freebsd-questions@FreeBSD.ORG Tue Apr 17 16:44:24 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7E0F716A408 for ; Tue, 17 Apr 2007 16:44:24 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id 6B81813C484 for ; Tue, 17 Apr 2007 16:44:24 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 90C4A1A4D82; Tue, 17 Apr 2007 09:44:38 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id A3EF151446; Tue, 17 Apr 2007 12:44:22 -0400 (EDT) Date: Tue, 17 Apr 2007 12:44:22 -0400 From: Kris Kennaway To: Jeffrey Goldberg Message-ID: <20070417164422.GB2664@xor.obsecurity.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ADZbWkCsHQ7r3kzd" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.2i Cc: questions@freebsd.org Subject: Re: Identifying cause of crash X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Apr 2007 16:44:24 -0000 --ADZbWkCsHQ7r3kzd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 17, 2007 at 11:16:17AM -0500, Jeffrey Goldberg wrote: > I had a complete system crash this morning sometime shortly after 17/=20 > Apr/2007:08:51:22 -0500. (from my most active apache log). >=20 > I can't seem to find any information whatsoever about the crash. =20 > It's just that a few hours later I noticed that the system was down, =20 > and had to power cycle the box. There was nothing on the console =20 > except some much older stuff. >=20 > I'm running 6.2-RELEASE-p3 on VIA C3 Nehemiah (999.52-MHz 686-class CPU) >=20 > Looking in messages or auth.log I see nothing from around the time of =20 > the crash. Is there some place else I should look? I've also =20 > checked logs that are sysloged remotely >=20 > $ grep '@10' /etc/syslog.conf > *.err;kern.warning;auth.notice;mail.crit @10.1.10.131 > security.* @10.1.10.131 > auth.info;authpriv.info @10.1.10.131 > *.emerg @10.1.10.131 >=20 > And there is nothing from near the time of the crash there either. >=20 > So the system appeared to crash before anything could be logged. >=20 > The system has been running fine since I've had it (a few months =20 > ago), and my most recent kernel rebuild was on April 13 (and then =20 > only to add msdosfs which I needed for USB memory devices). >=20 > Where should I look next? Unless you have enabled crashdumps nothing will be logged. If you did, or to learn how, see the chapter on kernel debugging in the developers' handbook. Kris --ADZbWkCsHQ7r3kzd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGJPlmWry0BWjoQKURAunPAJ4pdqG0sJ88LYvAFTSxQn7S8VOXnwCg+bIP pXRkv2EhmTaDib45ihpE4x8= =Ps3j -----END PGP SIGNATURE----- --ADZbWkCsHQ7r3kzd--