The Crash Reporter is an optional service for Security Analytics services. When activated for any of the core services, the Crash Reporter automatically generates a package of information to be used for diagnosing and solving the problem that resulted in the service failure. The package is automatically sent to RSA for analysis. The results are forwarded to RSA support for any further action.
The information package sent to RSA does not contain captured data. This information package consists of the following information:
- Stack trace
- Configuration settings
- Software version
- CPU information
- Installed RPMs
- Disk geometry
The Crash Reporter crash analysis can be activated for any Core product.
The crashreporter.cfg File
One of the files available for editing in the Service Config view > Files tab is crashreporter.cfg, the Crash Reporter Client Server configuration file.
This file is used by the script that checks, updates, and builds crash reports on the host. The list of products to monitor can include Decoders, Concentrators, hosts, and Brokers.
This table lists the settings for the crashreporter.cfg file.
Configure the Crash Reporter Service
To configure the Crash Reporter service:
- In the Services view, select a service then click > View > Config.
- Select the Files tab.
- Edit crashreporter.cfg.
- Click Save.
- To display the Service System view, select Config > System.
- To restart the service. click .
The service shuts down and restarts.
Start and Stop the Crash Reporter Service
To start the Crash Reporter Service:
- In the Services view, select the service then click > View > System.
- In the toolbar, click .
The Host Task List is displayed.
- In the Task drop-down list, select Start Service.
- In the Arguments field, type crashreporter, then click Run.
The Crash Reporter service is activated and remains active until you stop it.
To stop the Crash Reporter service, select Stop Service from the Task drop-down list.