Slashdot Mirror

← Back to Stories (view on slashdot.org)

Running a UDP Remote Console with Linux 2.6

Posted by simoniker on from the so-there dept.

Bruce Perens writes "Many system admins have learned how to use syslog to log events of remote systems. But when the kernel crashes, its final messages never get to syslog. If you don't have a remote console manager, you won't see them, unless you run netconsole."

5 of 39 comments (clear)

  1. some conditions.. by molo · · Score: 4, Informative

    This only works/is helpful in certain situations:

    1. network driver is initialized
    2. kernel messages are what you want to capture
    3. the kernel doesn't get itself foobarred so badly that it can't send packets
    4. interrupts are enabled (right? can't talk to the network card otherwise)

    Also, if you change mac addresses or network cards of the first hop between the sender and receiver, this all needs to be reconfigured.

    This can certainly be useful, but recognize its limitations.

    -molo

    --
    Using your sig line to advertise for friends is lame.
    1. Re:some conditions.. by molo · · Score: 4, Informative

      Yes, serial console servers are quite useful for remote administration.

      Another option might be to build your own - take an older spare machine and stick a PCI USB controller in it and add a bunch of USB-to-serial dongle devices (possibly with a USB hub). These show up as /dev/ttyUSB#.

      You can then ssh in and use minicom or whatever. You get added security since many terminal servers don't support ssh, plus you have a fully configurable system to manage stuff. You could write a program to page/email you on certain kernel events for example. It could be pretty flexible if that is what you need.

      Just my two cents.

      BTW, Bruce, thanks for your contributions to the community and to Debian. We all appreciate it.

      -molo

      --
      Using your sig line to advertise for friends is lame.
    2. Re:some conditions.. by Paul+Jakma · · Score: 4, Informative

      1. Correct
      2. Correct, the purpose of netconsole being to capture kernel messages that otherwise would not be sent due to a hung kernel - all other messages, syslog can take of.
      3. Unlikely. If the kernel can panic, it can use netconsole. Used with nmi_watchdog, you can even get a stack trace from a stuck interrupt handler
      4. No, netconsole uses polling-mode and drives the nic driver directly.

      Note that netconsole can also dump the entire contents of RAM.

      --
      I use Friend/Foe + mod-point modifiers as a karma/reputation system.
  2. Re:Tempting... by hattmoward · · Score: 4, Informative

    It looks like the packet format is syslog compatible in the recent 2.6 kernels. I think the work is already done. =)

  3. Re:Tempting... by hattmoward · · Score: 3, Informative

    Neither does the syslogd provided with slackware. The snippet below will allow you to inclusively list log hosts.

    iptables -A INPUT -s $LOGHOST -p udp --destination-port 514 -j ACCEPT
    iptables -A INPUT -p udp --destination-port 514 -j DROP

    You can repeat the first line as many times as needed, replacing $LOGHOST with an IP or a resolvable domain name. Just make sure the DROP rule goes last.