Technical Note: CSTN: 00051 - Enabling core dump for the FortiSOAR appliance
Description
Every system needs running processes to fulfill its primary goal. However, at times something can go wrong and a process might crash. Depending on the configuration of the system a core dump is created. The primary reason to enable core dumps is for troubleshooting purposes. The dumped memory of the process can be used for debugging issues.
If you are installing a fresh OVA for FortiSOARâ„¢ v6.0.0, then the core dump for the FortiSOARâ„¢ appliance is enabled by default. However, if you are upgrading from a lower version to FortiSOARâ„¢ v6.0.0, then you are require to perform some steps to enable the core dump.
The following procedure provides you with the steps to enable the core dump, assuming that you will use an additional disk for the core dump:
Attach the additional disk.
Check partition is visible using the following command lsblk
Run the following commands to enable core dump:
To change permissions on the coredump folder:
chmod 777 /var/log/cyops/coredump.
Every system needs running processes to fulfill its primary goal. However, at times something can go wrong and a process might crash. Depending on the configuration of the system a core dump is created. The primary reason to enable core dumps is for troubleshooting purposes. The dumped memory of the process can be used for debugging issues.
If you are installing a fresh OVA for FortiSOARâ„¢ v6.0.0, then the core dump for the FortiSOARâ„¢ appliance is enabled by default. However, if you are upgrading from a lower version to FortiSOARâ„¢ v6.0.0, then you are require to perform some steps to enable the core dump.
The following procedure provides you with the steps to enable the core dump, assuming that you will use an additional disk for the core dump:
Attach the additional disk.
fdisk /dev/sdbThis will create the "coredump" directory at cd /var/log/cyops
mkfs.xfs /dev/sdb1
mkdir /var/log/cyops/coredump
mount /dev/sdb1 /var/log/cyops/coredumpEdit /etc/fstab to add the following entry.
/dev/sdb1 /var/log/cyops/coredump xfs defaults 0 0Reboot the system.
Check partition is visible using the following command lsblk
Run the following commands to enable core dump:
echo "kernel.core_pattern=/var/log/cyops/coredump/core-%E-sig%s-user%u-group%g-pid%p-time%t" >> /etc/sysctl.d/cyops-core-dump.confReboot the system.
echo "kernel.core_uses_pid = 1" >> /etc/sysctl.d/cyops-core-dump.conf
echo "fs.suid_dumpable = 2" >> /etc/sysctl.d/cyops-core-dump.conf
echo "* hard core unlimited" >> /etc/security/limits.d/cyops-core-dump-limits.conf
echo "* soft core unlimited" >> /etc/security/limits.d/cyops-core-dump-limits.conf
echo "DefaultLimitCORE=infinity" >>/etc/systemd/system.conf
echo "DAEMON_COREFILE_LIMIT='unlimited'" >> /etc/sysconfig/init
systemctl daemon-reexec
To change permissions on the coredump folder:
chmod 777 /var/log/cyops/coredump.