Host GS: Enable Crash Reporter Service

Document created by RSA Information Design and Development

on Mar 21, 2017

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

The Crash Reporter is an optional service for Security Analytics services. When activated for any of the core services, the Crash Reporter automatically generates a package of information to be used for diagnosing and solving the problem that resulted in the service failure. The package is automatically sent to RSA for analysis. The results are forwarded to RSA support for any further action.

The information package sent to RSA does not contain captured data. This information package consists of the following information:

Stack trace
Logs
Configuration settings
Software version
CPU information
Installed RPMs
Disk geometry

The Crash Reporter crash analysis can be activated for any Core product.

The crashreporter.cfg File

One of the files available for editing in the Service Config view > Files tab is crashreporter.cfg, the Crash Reporter Client Server configuration file.

This file is used by the script that checks, updates, and builds crash reports on the host. The list of products to monitor can include Decoders, Concentrators, hosts, and Brokers.

This table lists the settings for the crashreporter.cfg file.

Setting	Description
applicationlist=decoder, concentrator, host	Define the list of products to monitor.
sitedir=/var/crashreporter	Location of the site directory for the report.
webdir=/usr/share/crashreporter/Web	Location of the web directory.
devdir=/var/crashreporter/Dev	Location of the development directory.
datadir=/var/crashreporter/data	Location of the directory storing data files.
perldir=/usr/share/crashreporter/perl	Location of the perl files.
bindir=/usr/share/crashreporter/bin	Location of the binary executables.
libdir=/usr/share/crashreporter/lib	Location of the binary libraries.
cfgdir=/etc/crashreporter	Location of the configuration files.
logdir=/var/log/crashreporter	Location of the log files.
scriptdir=/usr/share/crashreporter/scripts	Location of the directory containing scripts.
workdir=/var/crashreporter/work	Location of the process work directory.
sqldir=/var/crashreporter/sql	Location where created sql files are placed.
reportdir=/var/crashreporter/reports	Location where temporary reports are created.
packagedir=/var/crashreporter/packages	Location of the created package files.
gdbconfig=/etc/crashreporter/crashreporter.gdb	Location of the gdb configuration file.
corewaittime=30	Define the number of seconds to wait after finding a core in order to determine if the core is still being written.
cyclewaittime=10	Define the number of minutes to wait between search cycles
deletecores=1	Specify if the core files should be deleted after report. 0 = No 1 = Yes NOTE: Until the core file is deleted, it is reported each time crashreporter is restarted.
deletereportdir=1	Specify if the report directory should be deleted after the report. Useful in order to view core reports on box. 0 = No 1 = Yes NOTE: If not deleted, the directory will be included in each subsequent package.
debug=1	Specify whether debugging messages are turned on or off in the crashreporter logging output. 0 = No 1 = Yes
posturl=https://www.netwitnesslive.com/crash...ter/submit.php	Define the webserver post url.
postpackages=0	Specify if the packages should be posted to the webserver. 0 = No 1 = Yes
deletepackages=1	Specify if packages should be deleted after they are posted to webserver. 0 = No 1 = Yes