On Mon, Apr 29, 2002 at 10:02:06AM -0700, Steve Nichols wrote: > If this is not the correct board to post this to I apologize. I don't know, I'd be surprised .. I'm sure FreeBSD has a -users list. > We have a FreeBSD 4.3 server that keep rebooting. > I am using $FreeBSD: src/etc/syslog.conf,v 1.13.2.2 2001/02/26 09:26:11 > phk Exp $ When you report this crash to the FreeBSD groups, I'm sure the first thing they'll ask is if you've been able to recreate the crash on 4.4 or 4.5, or -CURRENT. The next thing they'll ask is if you've kept up with all patches available for 4.3. > I try and log the crash, but have had no success. > I wrote a few ksh&perl scripts to do a ps ax every 30 seconds to see > what is running and what is killing the server. > I also have written a few scripts that output the server life and health > (similar to healthd) to a webpage. > > There are no processes or daemons that are killing the server. > > Anyone know of an extended logging feature that I can use in conjunction > with syslogd to log everything that is going on? Well, under Linux, one normally hooks up a serial console to log kernel messages to another machine, and then investigate why the crashes using the Oops output. I think FreeBSD has a kernel crashdump facility that can dump RAM to your swap devices for further investigation with the crash utility. Of course, that would probably be useful only if the kernel is at fault for the crash. If one of the running processes has decided to try to reboot or wedge the machine, the crashdump may not be so useful. > The server runs > DNS What version? BIND has had dozens of horrible security problems. Does it run as root or a different uid? > SENDMAIL What version? Sendmail has had dozens of horrible security problems. > QPOPPER What version? In the last year, qpopper has had several security problems. > RADIUS What version? In the last few months, most radius products have had several security problems. > APACHE (both secure and non-secure)(http&https) What version? In the last few months, the ApacheSSL and mod-ssl plugins have had security problems. (Possibly mitigated by OpenSSL, I don't recall.) > SSH What version? In the last two years, OpenSSH and ssh.com ssh have had a dozen or so security problems. > FTPD What version? Updated when? Is it vulnerable to the glob problem? > MRTG One of the helper tools mrtg uses has had a security problem in the last year. Sorry, I recall fewer details on this one. > And a few custom cron jobs. Probably not as suspect as most of the above programs.. Have you updated for the recent rash of zlib problems? I don't know if FreeBSD released fixes for 4.3 or not. http://www.freebsd.org/security/index.html Of course, there are non-security-problems reasons why machines reboot too. If you are running on x86 hardware, you can run memtest86, available from google ;), to see if your RAM is working well. Beware, memtest86 is slow, so don't run it during important hours on important machines unless you are out of ideas. If you can, configure your syslog on all applications to be verbose, and try to get the syslog info stored someplace safe .. serial console, printer, sent over the network to another host .. you might gain more insight into the state of your machine just before it crashes. I hope this helps. -- http://www.wirex.com/
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:42:38 PDT