Host GS: Enable Crash Reporter Service

Document created by RSA Information Design and Development Employee on Mar 21, 2017
Version 1Show Document
  • View in full screen mode

The Crash Reporter is an optional service for Security Analytics services. When activated for any of the core services, the Crash Reporter automatically generates a package of information to be used for diagnosing and solving the problem that resulted in the service failure. The package is automatically sent to RSA for analysis. The results are forwarded to RSA support for any further action.

The information package sent to RSA does not contain captured data. This information package consists of the following information:

  • Stack trace
  • Logs
  • Configuration settings
  • Software version
  • CPU information
  • Installed RPMs
  • Disk geometry

The Crash Reporter crash analysis can be activated for any Core product. 

The crashreporter.cfg File

One of the files available for editing in the Service Config view > Files tab is crashreporter.cfg, the Crash Reporter Client Server configuration file.

This file is used by the script that checks, updates, and builds crash reports on the host. The list of products to monitor can include Decoders, Concentrators, hosts, and Brokers.

This table lists the settings for the crashreporter.cfg file.

applicationlist=decoder, concentrator, hostDefine the list of products to monitor.
sitedir=/var/crashreporterLocation of the site directory for the report.
webdir=/usr/share/crashreporter/WebLocation of the web directory.
devdir=/var/crashreporter/DevLocation of the development directory.
datadir=/var/crashreporter/dataLocation of the directory storing data files.
perldir=/usr/share/crashreporter/perlLocation of the perl files.
bindir=/usr/share/crashreporter/binLocation of the binary executables.
libdir=/usr/share/crashreporter/libLocation of the binary libraries.
cfgdir=/etc/crashreporterLocation of the configuration files.
logdir=/var/log/crashreporterLocation of the log files.
scriptdir=/usr/share/crashreporter/scriptsLocation of the directory containing scripts.
workdir=/var/crashreporter/workLocation of the process work directory.
sqldir=/var/crashreporter/sqlLocation where created sql files are placed.
reportdir=/var/crashreporter/reportsLocation where temporary reports are created.
packagedir=/var/crashreporter/packagesLocation of the created package files.
gdbconfig=/etc/crashreporter/crashreporter.gdbLocation of the gdb configuration file.
corewaittime=30Define the number of seconds to wait after finding a core in order to determine if the core is still being written.
cyclewaittime=10Define the number of minutes to wait between search cycles
deletecores=1Specify if the core files should be deleted after report.

0 = No
1 = Yes

NOTE: Until the core file is deleted, it is reported each time crashreporter is restarted.
deletereportdir=1Specify if the report directory should be deleted after the report. Useful in order to view core reports on box.

0 = No
1 = Yes

NOTE: If not deleted, the directory will be included in each subsequent package.
debug=1Specify whether debugging messages are turned on or off in the crashreporter logging output.

0 = No
1 = Yes
posturl= the webserver post url.
postpackages=0Specify if the packages should be posted to the webserver.

0 = No
1 = Yes
deletepackages=1Specify if packages should be deleted after they are posted to webserver.

0 = No
1 = Yes

Configure the Crash Reporter Service

To configure the Crash Reporter service:

  1. In the Services view, select a service then click Actns.png > View > Config.
  2. Select the Files tab.
  3. Edit crashreporter.cfg.
  4. Click Save.
  5. To display the Service System view, select Config > System.
  6. To restart the service. click Icon-ShutdownService.png.
    The service shuts down and restarts.

Start and Stop the Crash Reporter Service

To start the Crash Reporter Service:

  1. In the Services view, select the service then click Actns.png > View > System.
  2. In the toolbar, click HostTasks.png.
    The Host Task List is displayed.
  3. In the Task drop-down list, select Start Service.
  4. In the Arguments field, type crashreporter, then click Run

The Crash Reporter service is activated and remains active until you stop it.

To stop the Crash Reporter service, select Stop Service from the Task drop-down list.

You are here
Table of Contents > Service Procedures > Edit Core Service Configuration Files > Enable Crash Reporter Service