On Friday, 8 October 2004 00.43, Lucky Leavell wrote:
OS: SuSE 9.1 (Fully patched)
WE are trying to run two bridging firewalls using 9.1 and Shorewall but the systems keep dying. They apparently just crash with nothing in the syslogs or displayed on the console. We are filtering packets for a T1 running at 1/2 to 3/4 capacity. We have tried both Athlons and Pentiums with up to 1Gb RAM and running nothing else. The only system to stand up is an old 750 MHz Athlon with 512Mb RAM and most logging turned off. (It did go down when we were logging packets during a heavy syn flood attack but has stayed up with logging turned off.)
The only difference between the two installations is the 750Mhz Athlon system has had all graphical stuff stripped out. It was originally installed with minimal KDE graphics but I have removed all that including X11 (as opposed to installing from scratch without the graphical stuff).
1. Could the presence of the graphical subsystems somehow cause a problem like this?
Not just by having them installed, no. But if it was running at the time, yes. The graphics is the single most common source of crashes in linux.
2. Is there someway to make the OS record its final moments before crashing? I am used to Unix which basically dumped a memory image to the dump device which we had an option of saving on reboot. Once saved, we could then inspect the various kernel data structures including an in memory "panic" message log which usually recorded quite a bit of useful information. Is there a similar faciltiy available in Linux?
You might want to look at the lkcd.sourceforge.net project, and the kdb kernel debugger. You might also want to look at setting up a serial console, which can grab "last minute" error message