Date: Tue, 29 Oct 2013 03:32:19 -0700 From: Colin Percival <cperciva@freebsd.org> To: freebsd-hackers@freebsd.org Subject: Automated submission of kernel panic reports Message-ID: <526F8EB3.1040205@freebsd.org>
next in thread | raw e-mail | index | archive | help
Hi all,
I've written some code for automatically submitting kernel panic reports,
and I'd like some feedback before I place it into the ports tree.
I am aware of a recent Summer of Code project in this area, but I understand
that it focused mainly on the processing of kernel panics after they have
been collected (identifying matching backtraces, etc.) rather than the initial
collection of panics.
In my work on FreeBSD/EC2 I have been collecting panics for a couple of years,
and despite the small install base (I estimate about 100 EC2 instances running
FreeBSD at any given time) it has proven useful, for example by allowing me to
identify that the ARP bug fixed in r214675 was causing severe stability issues
in the EC2 environment.
My current code is an rc.d script which, running after savecore, checks to see
if the most recent panic (if any) has been reported yet. If not, it gathers
the dump header (/var/crash/info.N) and a backtrace for the panic.
If ${panicmail_autosubmit} is set to YES, this information is encrypted and
submitted via email. The email which is sent looks like this:
http://pastebin.com/AaCuxvDg
If ${panicmail_autosubmit} is set to NO, an email is sent to root containing
the panic data in both decrypted and encrypted forms. The system administrator
can then review the information and decide whether to allow it to be submitted.
Such emails look like this:
http://pastebin.com/w18pXah8
The code is in
http://svnweb.freebsd.org/base/user/cperciva/panicmail/
and it uses my FreeBSD-base-system-only public-key encryption code:
http://svnweb.freebsd.org/base/user/cperciva/pkesh/
My plan is to get this into the ports tree, encourage people to install and
enable it, and then assuming it proves useful see it added into the FreeBSD
base system some day. At least initially I'd have panics coming to me, using
an encryption key which I hold; if/when it enters the FreeBSD base system,
some decision would need to be made (by core?) as to who should have access
to the panics.
Comments?
--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?526F8EB3.1040205>